Re: [Fwknop-discuss] Integration between ssh and fwknop
Brought to you by:
mbr
From: Franck J. <fra...@dt...> - 2008-09-23 19:50:40
|
Hi Francois, Francois Marier wrote: > What do people use to automatically call fwknop before ssh'ing (or scp'ing) > into a box? > > I initially thought I could put something fwknop-related into the > ProxyCommand option in my ~/.ssh/config, but I got nowhere with this. > > Eventually, I wrote the two scripts which I attached to this email. Does > anyone have a better solution? > > Ideally, I'd like to use ssh and scp as if the server wasn't protected by > fwknop. As a matter of fact, there is a patch for openssh to include spa mode: http://trac.cipherdyne.org/trac/fwknop/browser/fwknop/trunk/patches I did not try it. I have been playing with the ssh config, but without any success so far. My ssh configuration file: Host spaserver User thialme ProxyCommand fwknop --quiet -A tcp/22 --gpg-agent \ --gpg-recip "fwknop_server" \ -- gpg-sign "fwknop_client" \ -R -k %h I am able to send an access request to the spaserver that allows me to connect to port 22, but then I am stuck. So, if you are able to find a way to continue my ssh session correctly, you have a solution that would work with ssh without patch. Maybe this is not possible. I think you could add the gpg-agent to your wrapper. A wrapper which looks for specific settings according to the host the user wants to connect to would be nice :p! A configuration file that looks like ssh_config. Regards, -- Franck Joncourt http://debian.org - http://smhteam.info/wiki/ Fingerprint : C10E D1D0 EF70 0A2A CACF 9A3C C490 534E 75C0 89FE |