SSH transport

Zeeshan Ali zeenix at gstreamer.net
Thu Mar 1 00:38:35 PST 2007


Hey guys!
   Thanks for you input. Some answers:

On 3/1/07, Havoc Pennington <hp at redhat.com> wrote:
> Daniel P. Berrange wrote:
> >
> > Why SSH rather than SSL/TLS ? For an SSH based system, I'd rather expect
> > that a regular TCP/Unix DBus channel would just be tunnelled over SSH, in
> > much the same way as X is tunnelled.  For a built-in encrypted transport
> > simply leveraging the SSL/TLS protocol is the more common approach. One
> > can use any of OpenSSL, Mozilla NSS or GNU TLS libraries for this, though
> > the latter two are preferred for ABI stability & licensing terms. Its
> > actually surprisingly easy to hook these into existing apps with very
> > little changes to existing code required.
> >
>
> Good point. I agree for encryption, don't forget authentication,

  Exactly! I first thought of SSL but from my past experience with it,
i recall it doesn't provide any standard or de-facto method of
authentication and IMHO authentication (not encryption) is the main
concern here.

> homedir or NIS/kerberos, then ssh auth might make sense. If using ssh
> auth, does it make sense to also use ssh encryption?

  Shouldn't the question be the other way around: Does it make sense
to authentication someone if you want to communicate over an
unencrypted (and therefore insecure, at least in case of two seperate
machines) channel after the authentication?

-- 
Regards,

Zeeshan Ali
Design Engineer, SW
Open Source Software Operations
Nokia Multimedia


More information about the dbus mailing list