Re: OpenSSH VPN support



Robert Vogelgesang <vogel users sourceforge net> writes:

>> > 3) Is there any way we can figure out what pub/priv keys to use?  When I
>> > just ssh to a random host, ssh can find the keys I need to use.  Could
>> > we do that here, and provide the ability to use specific keys as an
>> > "Advanced" option?
>> 
>> That is indeed possible by scanning ~/.ssh/ and sending pubkeys one by
>> one until the server accepts one of them.  I will try to implement it.
>
> please don't forget the keys managed by the SSH authentication agent,
> which is actually the gnome-keyring-daemon in Fedora 11/Gnome.  The
> authentication agent might have keys that aren't read from files in
> ~/.ssh/, but during remote SSH sessions from key files stored on the
> remote end of the session.

Now I come to think of it, it might be desirable to centralize SSH
authentication stuff in ssh-agent (= gnome-keyring) if we can assume
ssh-agent active in typical use-cases, rather than reading ~/.ssh/ by
the VPN plugin itself.

I'm proposing a patch to libssh2, a SSH client library NM-openssh
internally uses, to support ssh-agent.

Regards,
--
Daiki Ueno


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]