[lug] VPN or SSH for cvs?
D. Stimits
stimits at idcomm.com
Wed Nov 21 14:10:18 MST 2001
Rob Nagler wrote:
>
> > password each time (I do NOT want to use a pserver or other means that
> > allows login simply by key, it has to ask for a pass each time),
>
> With ipchains, I think this is secure.
>
> > wanted to know if someone here can think of a way to set it up more as a
> > VPN. Basically I'd establish an ssh tunnel that remains connected till I
> > close it, and my ssh/cvs would use that connection if it exists. Has
> > anyone here done something like this?
>
> What about public key ssh auth? You don't need to enter your password
> every time. To be useful, it does require running ssh-agent. Depends
> on how secure you think your system is.
>
> Rob
>
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
I guess what I'm looking for is a way to avoid using ssh-agent, I don't
want to add the key to the agent and have it available without asking.
What I do want is something more like using an ssh session to work as a
default route between the two boxes, while it is up (I use modem, I'd
dial up, run an ssh tunnel, do lots of cvs or other things, then kill
the tunnel...when I run the tunnel it would ask for pass). As nice as
ssh-agent is, I don't feel that it is a good idea to give blanket access
to any machine with the key, keys can be copied, I want to know that
each session requires human intervention.
So maybe I should be asking something different...can ssh be used over a
port to turn it into a network route that is of general use, and not a
dedicated-one-application port? To have ssh emulate a network interface.
Then I'd try to find (maybe this won't work) a way to make ssh use the
named route and no other route.
D. Stimits, stimits at idcomm.com
More information about the LUG
mailing list