Re: [gnome-love] Gnome SSH agent applet



On Apr 12, 2004, at 5:02 PM, Geiregat Jonas wrote:

George Karabin wrote:

On Apr 6, 2004, at 7:35 AM, Sean Middleditch wrote:

On Tue, 2004-04-06 at 10:25, Ross Golder wrote:

I don't know if I've mentioned this before, but if I have, here it is
again for the newbies...

What we need, for those of you who work with SSH on a regular basis, is
a panel applet that does pretty much the same as the command-line
'ssh-agent' program, but as a GUI applet.

Actually, you could probably do all of this with just wrapping
ssh-agent. Rewriting that code would be foolish; you don't want to have *two* places for security breakage to happen. ssh-agent can already use
a GTK+ frontend for asking for passphrases, so pretty much all the
applet would need to do is call ssh-agent with various options and parse
a little output here and there.


Perhaps this applet should (at the user's option) use gnome-keyring to make the password persistent?
- George

Yes that would be a good idea, but why do you need all the parsing ?
Couldn't you just let the applet drop down a selection list that starts up an xterm with ssh running in it ?

I'm not sure I understand your question, so forgive me if I've missed its point. The idea of the proposed applet is to wrap ssh-agent, which stores private keys for future ssh connections started from the current X session. The man page for 'ssh' talks about public-key authentication, and the man page for 'ssh-agent' tells you how to set up ssh to only need to authenticate the passphrase associated with a private key once per session.
I.e., enter your passphrase once for a given public key, and then you 
don't need to enter it again until you log out. Launching xterms the 
way you suggest doesn't tie into the ssh-agent, so you keep on neeeding 
to enter passphrases, and you only support that one way of starting 
xterminals - not all the many ways that ssh can be used ('scp', 'sftp', 
or 'ssh' launched from arbitrary processes).
gnome-keyring would provide a way to make the key persistent across 
sessions.
Regarding output parsing, I'd guess Sean means that the applet needs to 
parse the output of the 'gnome-ssh-askpass' and 'ssh-agent' commands to 
collect the passphrase and to give the user any necessary feedback - 
i.e., success, failure, error description, etc. It might get a little 
tricky if the output of the above programs changes over time. It may be 
worth setting up the code to parse the output of 'ssh -V' to determine 
which set of parsing rules to use. It still leaves the possibly of 
silent failures with version mismatches open, but without an ssh client 
library that gnome can add as a dependency, I'm not sure if there's a 
better option.
Regards,

- George



Regards,

--
Ross

_______________________________________________
gnome-love mailing list
gnome-love gnome org
http://mail.gnome.org/mailman/listinfo/gnome-love
--
Sean Middleditch <elanthis awesomeplay com>
AwesomePlay Productions, Inc.

_______________________________________________
gnome-love mailing list
gnome-love gnome org
http://mail.gnome.org/mailman/listinfo/gnome-love

_______________________________________________
gnome-love mailing list
gnome-love gnome org
http://mail.gnome.org/mailman/listinfo/gnome-love



--
Geiregat Jonas

_______________________________________________
gnome-love mailing list
gnome-love gnome org
http://mail.gnome.org/mailman/listinfo/gnome-love




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]