Re: SSH Tunneling implementation

On Sat, Jul 14, 2012 at 2:13 PM, Guillaume Lelarge
<guillaume(at)lelarge(dot)info> wrote:
> On Fri, 2012-07-13 at 09:32 +0100, Dave Page wrote:
>> On Fri, Jul 13, 2012 at 7:57 AM, Akshay Joshi
>> <akshay(dot)joshi(at)enterprisedb(dot)com> wrote:
>> >
>> >
>> > On Thu, Jul 12, 2012 at 5:44 PM, Magnus Hagander <magnus(at)hagander(dot)net>
>> > wrote:
>> >>
>> >> On Thu, Jul 12, 2012 at 2:06 PM, Akshay Joshi
>> >> <akshay(dot)joshi(at)enterprisedb(dot)com> wrote:
>> >> >
>> >> >
>> >> > On Thu, Jul 12, 2012 at 5:21 PM, Dave Page <dpage(at)pgadmin(dot)org> wrote:
>> >> >>
>> >> >> On Thu, Jul 12, 2012 at 12:04 PM, Akshay Joshi
>> >> >> <akshay(dot)joshi(at)enterprisedb(dot)com> wrote:
>> >> >> > Hi All
>> >> >> >
>> >> >> > I have tried a lot to figure out libssh2 is compiled with which
>> >> >> > crypto
>> >> >> > library, but unable to find it. Can someone guide/help me or do we
>> >> >> > continue
>> >> >> > with the public key option on UI?
>> >> >>
>> >> >> The libssh2 guys couldn't tell you how?
>> >> >
>> >> >
>> >> > I'll post this on mailing list, but I have found one solution to the
>> >> > problem is checking the function "libssh2_md5" using AC_CHECK_LIB as
>> >> > below
>> >> > AC_CHECK_LIB(ssh2, libssh2_md5, [IS_LIBSSH2_OPENSSL_CRYPTO=yes],
>> >> > [IS_LIBSSH2_OPENSSL_CRYPTO=no])
>> >> >
>> >> > I have analyze libssh2 source code and found "libssh2_md5" is
>> >> > implemented
>> >> > only for openssl version not for the gcrypt. I have tested it with both
>> >> > the version of libssh2.so.
>> >> >
>> >> > Thoughts? Comments?
>> >>
>> >> Is there a way to test the actual function that we want to call
>> >> instead? Will it fail right away, or does it actually require there to
>> >> be a server somewhere that we can connect to? (If it requires a server
>> >> we can't use that one in configure, but if it will fail right away,
>> >> that seems like a better way to test it.
>> >
>> >
>> > To check the actual function we requires a valid server. Yesterday I have
>> > posted the problem to the libssh2 mailing list, but still didn't get
>> > response.Meanwhile
>> > I have fixed the review comments given by Dave. Attached is the complete
>> > patch with
>> > AC_CHECK_LIB(ssh2, libssh2_md5 [IS_LIBSSH2_OPENSSL_CRYPTO=yes],
>> > [IS_LIBSSH2_OPENSSL_CRYPTO=no]) and it works with both version of
>> > libssh2.
>> >
>> > Can we include libssh2 source code with pgAdmin3 to solve the problem?
>> > Thoughts??Comments?
>>
>> I discussed that with Ashesh on Skype yesterday - I thought he was
>> going to post to the list. Magnus suggested that option, and I'm
>> beginning to think it's the way forward. The licence is compatible
>> from what I can see, so that shouldn't be a problem. Then, we'd just
>> modify the configure script to add a dependency on OpenSSL instead.
>>
>> If we do that though, we'd need to make it work if OpenSSL isn't
>> available on the build platform. I'd suggest that if configure isn't
>> given a valid OpenSSL installation (or can't find one), then we just
>> disable all the tunnelling options - just surround the appropriate
>> code in #ifdef OPENSSL or something and hide the tab on dlgServer.
>>
>> Anyone have any thoughts or objections to doing it that way?
>>
>
> My only objection would be that we'll add yet another code in the
> repository. I mean, we already have ogl, and gcc complains each time it
> compiles it.

Not for me - and I'd be the first to complain if I saw it doing that.
What do you see?

> So we already havd ogl that we added but don't maintain. If
> we add also libssh2, just to be clear, I don't want to maintain it.
> Someone else will have to do this (just like ogl).

The intention would be to add it as-is, and certainly not to modify it
in any way. Any updates from upstream should be easy to incorporate by
updating the source, and just adding any new files that are required.

--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company