[lug] VPN or SSH for cvs?
D. Stimits
stimits at idcomm.com
Wed Nov 21 14:32:19 MST 2001
Jonathan Briggs wrote:
>
> D. Stimits wrote:
>
> >So maybe I should be asking something different...can ssh be used over a
> >port to turn it into a network route that is of general use, and not a
> >dedicated-one-application port? To have ssh emulate a network interface.
> >Then I'd try to find (maybe this won't work) a way to make ssh use the
> >named route and no other route.
> >
> This would be a job for IPsec, which is designed to create encrypted
> network routes.
> Check out FreeS/WAN:
> http://www.freeswan.org
Oooh, yes, this is it!
>
> But even if you were running SSH over an IPsec link or found a way to
> make an SSH tunnel for SSH, it would still ask you for a password. So
> I'm not sure what you would gain from this. To me, using public/private
> keys and ssh-agent sounds like the right way to go. This really is the
> same effect as if you were leaving an SSH tunnel open. If you leave
> your keyboard open, anyone could come by and use your open tunnel, so
> using ssh-agent is the same amount of risk.
If I'm already using an encrypted route, I would be willing to use a
non-ssh means that allows login. The login wouldn't work if someone got
in, unless they could bring up the route. Or at least that is what I
would work on trying to achieve, a route-based login restriction, where
the route itself does the hard encryption work. I may not be able to get
around this, but it gives me something that might be a starting point.
D. Stimits, stimits at idcomm.com
>
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
More information about the LUG
mailing list