Re: OpenSSH VPN support

From: Daiki Ueno <ueno unixuser org>
To: Robert Vogelgesang <vogel users sourceforge net>
Cc: networkmanager-list gnome org
Subject: Re: OpenSSH VPN support
Date: Tue, 08 Dec 2009 17:39:17 +0900

Robert Vogelgesang <vogel users sourceforge net> writes:

>> > 3) Is there any way we can figure out what pub/priv keys to use?  When I
>> > just ssh to a random host, ssh can find the keys I need to use.  Could
>> > we do that here, and provide the ability to use specific keys as an
>> > "Advanced" option?
>> 
>> That is indeed possible by scanning ~/.ssh/ and sending pubkeys one by
>> one until the server accepts one of them.  I will try to implement it.
>
> please don't forget the keys managed by the SSH authentication agent,
> which is actually the gnome-keyring-daemon in Fedora 11/Gnome.  The
> authentication agent might have keys that aren't read from files in
> ~/.ssh/, but during remote SSH sessions from key files stored on the
> remote end of the session.

Now I come to think of it, it might be desirable to centralize SSH
authentication stuff in ssh-agent (= gnome-keyring) if we can assume
ssh-agent active in typical use-cases, rather than reading ~/.ssh/ by
the VPN plugin itself.

I'm proposing a patch to libssh2, a SSH client library NM-openssh
internally uses, to support ssh-agent.

Regards,
--
Daiki Ueno

References:
- OpenSSH VPN support
  - From: Daiki Ueno
- Re: OpenSSH VPN support
  - From: Dan Williams
- Re: OpenSSH VPN support
  - From: Daiki Ueno
- Re: OpenSSH VPN support
  - From: Robert Vogelgesang

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]