You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I just noticed that OpenSSH_jll defines the following:
which has me thinking - could we not add a passwordless connection from within this package? I realized I also had to use ssh-copy-id [email protected], which is not defined by OpenSSH_jll. But perhaps the defined ssh_agent could do this? Alternatively, it is also possible to run arbitrary commands via run, so this should be doable either way.
The text was updated successfully, but these errors were encountered:
We might be able to automate some setup and I welcome PRs to make this easier. Or just to document the process.
However, we can't entirely automate getting the user's public key to the remote machine in a secure way. To do this, the user needs a way to get the public key data onto that machine securely. Some examples of reasonable ways to do this:
Physically walking to that machine with a USB stick and copying the key
Copy the key data using SSH username and password login for the remote machine
Sending your public key to the admin of the remote machine via an email
Using a remote desktop protocol with username and password
etc etc
I'll never make RemoteREPL insecure by default, but any other type of PR which helps the user to set things up is great.
In certain situations it might be possible to automate some more things by using HTTPS as a transport instead of SSH and relying on the public key infrastructure which comes with that to identify the server to the client. This would also secure the link against MITM attacks, similar to what we get from SSH. However, it still wouldn't solve the problem of identifying clients to the server as trusted clients who are allowed to start a session. Requiring users to set up their SSH login solves both problems of secure transport and identifying trusted clients. See #25 for more about TLS
I just noticed that OpenSSH_jll defines the following:
which has me thinking - could we not add a passwordless connection from within this package? I realized I also had to use
ssh-copy-id [email protected]
, which is not defined by OpenSSH_jll. But perhaps the definedssh_agent
could do this? Alternatively, it is also possible to run arbitrary commands viarun
, so this should be doable either way.The text was updated successfully, but these errors were encountered: