Re: OpenSSH VPN support
- From: Daiki Ueno <ueno unixuser org>
- To: Robert Vogelgesang <vogel users sourceforge net>
- Cc: networkmanager-list gnome org
- Subject: Re: OpenSSH VPN support
- Date: Tue, 08 Dec 2009 17:39:17 +0900
Robert Vogelgesang <vogel users sourceforge net> writes:
>> > 3) Is there any way we can figure out what pub/priv keys to use? When I
>> > just ssh to a random host, ssh can find the keys I need to use. Could
>> > we do that here, and provide the ability to use specific keys as an
>> > "Advanced" option?
>>
>> That is indeed possible by scanning ~/.ssh/ and sending pubkeys one by
>> one until the server accepts one of them. I will try to implement it.
>
> please don't forget the keys managed by the SSH authentication agent,
> which is actually the gnome-keyring-daemon in Fedora 11/Gnome. The
> authentication agent might have keys that aren't read from files in
> ~/.ssh/, but during remote SSH sessions from key files stored on the
> remote end of the session.
Now I come to think of it, it might be desirable to centralize SSH
authentication stuff in ssh-agent (= gnome-keyring) if we can assume
ssh-agent active in typical use-cases, rather than reading ~/.ssh/ by
the VPN plugin itself.
I'm proposing a patch to libssh2, a SSH client library NM-openssh
internally uses, to support ssh-agent.
Regards,
--
Daiki Ueno
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]