Re: SSH Tunneling implementation

On Fri, Jul 6, 2012 at 8:11 PM, Magnus Hagander <magnus(at)hagander(dot)net> wrote:

> On Fri, Jul 6, 2012 at 4:34 PM, Dave Page <dpage(at)pgadmin(dot)org> wrote:
> > On Fri, Jul 6, 2012 at 3:31 PM, Dave Page <dpage(at)pgadmin(dot)org> wrote:
> >> On Fri, Jul 6, 2012 at 3:29 PM, Magnus Hagander <magnus(at)hagander(dot)net>
> wrote:
> >>> On Fri, Jul 6, 2012 at 4:26 PM, Dave Page <dpage(at)pgadmin(dot)org> wrote:
> >>>> Hi
> >>>>
> >>>> On Thu, Jul 5, 2012 at 2:07 PM, Akshay Joshi
> >>>> <akshay(dot)joshi(at)enterprisedb(dot)com> wrote:
> >>>>> Hi All
> >>>>>
> >>>>> I have implemented SSH tunneling using libssh2 library and added the
> logic
> >>>>> into pgAdmin3. With current implementation SSH tunnel will be
> created using
> >>>>> password as authentication mode. I'll work on the certificate based
> >>>>> authentication. I have attached two patch files 1) SSHTunnel.patch 2)
> >>>>> vcxproj.patch (Only for Windows).
> >>>>>
> >>>>> Below are the steps to build pgadmin
> >>>>>
> >>>>> Download libssh2 source code from http://www.libssh2.org/
> >>>>>
> >>>>> On Windows:-
> >>>>>
> >>>>> Compile libssh2 library on Windows
> >>>>>
> >>>>> "libssh2.dsw" file is available in win32 folder.
> >>>>> Specify path of the OpenSSL's include folder in
> >>>>> "Properties->C++->General->Additional Include Directories"
> >>>>> Specify path of the OpenSSL and Zlib's lib folder in
> >>>>> "Properties->Linker->General->Additional Library Directories"
> >>>>>
> >>>>> Create new environment variable LIBSSH2 and set the path of the
> libssh2
> >>>>> folder.
> >>>>> Compile pgAdmin3.
> >>>>>
> >>>>> On Linux:-
> >>>>>
> >>>>> To compile libssh2 run ./configure, make and make install.
> >>>>> Compile pgAdmin3.
> >>>>
> >>>> OK, a few issues when testing on Mac:
> >>>
> >>> I haven't actually tested it, but I have a question based on the
> >>> review by dave :-)
> >>>
> >>>> - The Certificate/Password options should align with the text boxes,
> >>>> and have a title. Eg.
> >>>>
> >>>> Authentication (*) Password ( ) Certificate
> >>>
> >>> Is that actually certificate authentication? Is it not ssh public key
> >>> authentication?
> >>
> >> Good point. Yes it is.
> >
> > Gargh, hit Send too soon.
> >
> > So, following on:
> >
> > - s/Certificate/Public key
> >
> > - Does the user really need to specify the public key as well as the
> > private key? Normally just the private key is use at the client, and
> > the public key at the server.
>
> Shouldn't be needed, no. The client presents the private key, the
> server will automatically find the corresponding public key (or
> complain that it can't).
>
Exactly.
It should be Identity file (private key - not public key)

One thing, missing is the passphrase of the identity file.
I had conversation with Akshay regarding it.

We were agree to change the label for password to Password/Pass Phrase and
the certificate to 'Identity File'.
So - the same textbox can be used to take password. And, pass-phrase in
case of identity file is provided.

And - add a label to show tip about the Password/Pass-phrase at the bottom
of the dialog to explain that use of the text-box.

Do you think - it make sense?

--

Thanks & Regards,

Ashesh Vashi
EnterpriseDB INDIA: Enterprise PostgreSQL Company<http://www.enterprisedb.com/>

*http://www.linkedin.com/in/asheshvashi*

>
> --
> Magnus Hagander
> Me: http://www.hagander.net/
> Work: http://www.redpill-linpro.com/
>
> --
> Sent via pgadmin-hackers mailing list (pgadmin-hackers(at)postgresql(dot)org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgadmin-hackers
>