Skip site navigation (1) Skip section navigation (2)

Re: SSH Tunneling implementation

From: Magnus Hagander <magnus(at)hagander(dot)net>
To: Dave Page <dpage(at)pgadmin(dot)org>
Cc: Akshay Joshi <akshay(dot)joshi(at)enterprisedb(dot)com>, pgadmin-hackers <pgadmin-hackers(at)postgresql(dot)org>
Subject: Re: SSH Tunneling implementation
Date: 2012-07-09 09:51:05
Message-ID: CABUevEzweGjRQMK8KKvesoZ_kVEECXRrdkZiSvwEukPXZnkExQ@mail.gmail.com (view raw or flat)
Thread:
Lists: pgadmin-hackers
On Mon, Jul 9, 2012 at 11:48 AM, Dave Page <dpage(at)pgadmin(dot)org> wrote:
> On Mon, Jul 9, 2012 at 10:34 AM, Magnus Hagander <magnus(at)hagander(dot)net> wrote:
>> On Mon, Jul 9, 2012 at 11:15 AM, Dave Page <dpage(at)pgadmin(dot)org> wrote:
>>> On Mon, Jul 9, 2012 at 10:10 AM, Akshay Joshi
>>> <akshay(dot)joshi(at)enterprisedb(dot)com> wrote:
>>>>
>>>>    We are using following API for successful authentication using public key
>>>>
>>>>    libssh2_userauth_publickey_fromfile(LIBSSH2_SESSION *session,   const
>>>> char *username,   const char *publickey,   const char *privatekey,
>>>>    const char *passphrase);
>>>>
>>>>    So in this case we will require both public and private key. We can do
>>>> one thing here is only get the private key from user and assume public key
>>>>    file (.pub) is at the same folder location. Thoughts? Comments?
>>>
>>> No, that won't work - it'll break as soon as I test it for example.
>>>
>>> You  can just set that param to null. The man page says:
>>>
>>> publickey - Path name of the public key file. (e.g.
>>> /etc/ssh/hostkey.pub). If libssh2 is built against OpenSSL, this
>>> option can be set to NULL.
>>
>> What if it's not built against OpenSSL, though? For example, the one
>> on Ubuntu appears to be built against GnuTLS...
>
> We've never supported anything other than OpenSSL.

For the direct linking. But the question here is what *libssh2* is
built against, not what pgadmin is linked against.

If you require the entire system to be built against openssl, then the
feature won't work on Debian. Or Ubuntu. Or RedHat. Or Fedora. Or
SuSE. Or any derived distros. Because they all made the decision to
move away from openssl for any packages that support other things
(though annoyingly enough, debian/ubuntu went towards gnutls and the
redhat style distros went towards libnss - but that's a different
story).

-- 
 Magnus Hagander
 Me: http://www.hagander.net/
 Work: http://www.redpill-linpro.com/

In response to

Responses

pgadmin-hackers by date

Next:From: Dave PageDate: 2012-07-09 10:15:30
Subject: Re: SSH Tunneling implementation
Previous:From: Dave PageDate: 2012-07-09 09:48:31
Subject: Re: SSH Tunneling implementation

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group