Re: SSH Tunneling implementation

On Mon, Jul 9, 2012 at 11:48 AM, Dave Page <dpage(at)pgadmin(dot)org> wrote:
> On Mon, Jul 9, 2012 at 10:34 AM, Magnus Hagander <magnus(at)hagander(dot)net> wrote:
>> On Mon, Jul 9, 2012 at 11:15 AM, Dave Page <dpage(at)pgadmin(dot)org> wrote:
>>> On Mon, Jul 9, 2012 at 10:10 AM, Akshay Joshi
>>> <akshay(dot)joshi(at)enterprisedb(dot)com> wrote:
>>>>
>>>> We are using following API for successful authentication using public key
>>>>
>>>> libssh2_userauth_publickey_fromfile(LIBSSH2_SESSION *session, const
>>>> char *username, const char *publickey, const char *privatekey,
>>>> const char *passphrase);
>>>>
>>>> So in this case we will require both public and private key. We can do
>>>> one thing here is only get the private key from user and assume public key
>>>> file (.pub) is at the same folder location. Thoughts? Comments?
>>>
>>> No, that won't work - it'll break as soon as I test it for example.
>>>
>>> You can just set that param to null. The man page says:
>>>
>>> publickey - Path name of the public key file. (e.g.
>>> /etc/ssh/hostkey.pub). If libssh2 is built against OpenSSL, this
>>> option can be set to NULL.
>>
>> What if it's not built against OpenSSL, though? For example, the one
>> on Ubuntu appears to be built against GnuTLS...
>
> We've never supported anything other than OpenSSL.

For the direct linking. But the question here is what *libssh2* is
built against, not what pgadmin is linked against.

If you require the entire system to be built against openssl, then the
feature won't work on Debian. Or Ubuntu. Or RedHat. Or Fedora. Or
SuSE. Or any derived distros. Because they all made the decision to
move away from openssl for any packages that support other things
(though annoyingly enough, debian/ubuntu went towards gnutls and the
redhat style distros went towards libnss - but that's a different
story).

--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/