Re: SSH Tunneling implementation

On Fri, Jul 6, 2012 at 8:04 PM, Dave Page <dpage(at)pgadmin(dot)org> wrote:

> On Fri, Jul 6, 2012 at 3:31 PM, Dave Page <dpage(at)pgadmin(dot)org> wrote:
> > On Fri, Jul 6, 2012 at 3:29 PM, Magnus Hagander <magnus(at)hagander(dot)net>
> wrote:
> >> On Fri, Jul 6, 2012 at 4:26 PM, Dave Page <dpage(at)pgadmin(dot)org> wrote:
> >>> Hi
> >>>
> >>> On Thu, Jul 5, 2012 at 2:07 PM, Akshay Joshi
> >>> <akshay(dot)joshi(at)enterprisedb(dot)com> wrote:
> >>>> Hi All
> >>>>
> >>>> I have implemented SSH tunneling using libssh2 library and added the
> logic
> >>>> into pgAdmin3. With current implementation SSH tunnel will be created
> using
> >>>> password as authentication mode. I'll work on the certificate based
> >>>> authentication. I have attached two patch files 1) SSHTunnel.patch 2)
> >>>> vcxproj.patch (Only for Windows).
> >>>>
> >>>> Below are the steps to build pgadmin
> >>>>
> >>>> Download libssh2 source code from http://www.libssh2.org/
> >>>>
> >>>> On Windows:-
> >>>>
> >>>> Compile libssh2 library on Windows
> >>>>
> >>>> "libssh2.dsw" file is available in win32 folder.
> >>>> Specify path of the OpenSSL's include folder in
> >>>> "Properties->C++->General->Additional Include Directories"
> >>>> Specify path of the OpenSSL and Zlib's lib folder in
> >>>> "Properties->Linker->General->Additional Library Directories"
> >>>>
> >>>> Create new environment variable LIBSSH2 and set the path of the
> libssh2
> >>>> folder.
> >>>> Compile pgAdmin3.
> >>>>
> >>>> On Linux:-
> >>>>
> >>>> To compile libssh2 run ./configure, make and make install.
> >>>> Compile pgAdmin3.
> >>>
> >>> OK, a few issues when testing on Mac:
> >>
> >> I haven't actually tested it, but I have a question based on the
> >> review by dave :-)
> >>
> >>> - The Certificate/Password options should align with the text boxes,
> >>> and have a title. Eg.
> >>>
> >>> Authentication (*) Password ( ) Certificate
> >>
> >> Is that actually certificate authentication? Is it not ssh public key
> >> authentication?
> >
> > Good point. Yes it is.
>
> Gargh, hit Send too soon.
>
> So, following on:
>
> - s/Certificate/Public key
>
> - Does the user really need to specify the public key as well as the
> private key? Normally just the private key is use at the client, and
> the public key at the server.
>

We are using following API for successful authentication using public key

libssh2_userauth_publickey_fromfile(LIBSSH2_SESSION *session, const
char *username, const char *publickey, const char *privatekey,
const char *passphrase);

So in this case we will require both public and private key. We can do
one thing here is only get the private key from user and assume public key
file (.pub) is at the same folder location. Thoughts? Comments?

>
> --
> Dave Page
> Blog: http://pgsnake.blogspot.com
> Twitter: @pgsnake
>
> EnterpriseDB UK: http://www.enterprisedb.com
> The Enterprise PostgreSQL Company
>

--
*Akshay Joshi
Senior Software Engineer
EnterpriseDB Corporation
The Enterprise PostgreSQL Company
Phone: +91 20-3058-9522
Mobile: +91 976-788-8246*