Re: [Fwknop-discuss] Integration between ssh and fwknop

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hi Francois,

Francois Marier wrote:
> What do people use to automatically call fwknop before ssh'ing (or scp'ing)
> into a box?
> 
> I initially thought I could put something fwknop-related into the
> ProxyCommand option in my ~/.ssh/config, but I got nowhere with this.
> 
> Eventually, I wrote the two scripts which I attached to this email. Does
> anyone have a better solution?
> 
> Ideally, I'd like to use ssh and scp as if the server wasn't protected by
> fwknop.

As a matter of fact, there is a patch for openssh to include spa mode:

http://trac.cipherdyne.org/trac/fwknop/browser/fwknop/trunk/patches

I did not try it.

I have been playing with the ssh config, but without any success so far.

My ssh configuration file:

Host spaserver
    User thialme
    ProxyCommand fwknop --quiet -A tcp/22 --gpg-agent \
                        --gpg-recip "fwknop_server" \
                        -- gpg-sign "fwknop_client" \
                        -R -k %h

I am able to send an access request to the spaserver that allows me to
connect to port 22, but then I am stuck.

So, if you are able to find a way to continue my ssh session correctly,
you have a solution that would work with ssh without patch.

Maybe this is not possible.

I think you could add the gpg-agent to your wrapper.

A wrapper which looks for specific settings according to the host the
user wants to connect to would be nice :p! A configuration file that
looks like ssh_config.

Regards,

-- 
Franck Joncourt
http://debian.org - http://smhteam.info/wiki/
Fingerprint : C10E D1D0 EF70 0A2A CACF 9A3C C490 534E 75C0 89FE