Smoking hot Pipes and SSH - all in the new commit

The new code I've just committed continues in the direction focusing on improving usability and making testing easier. Our continued target to do that has been to take off all the SSH scripts we had and replace them with in-line code. We've been working on having an integrated libssh based client and server. We've run into issues with multithreading. X clients open multiple channels back over the same session and therefore a mechanism to deal with this needs to be put in place. We've spoken to the libssh team and they foresee more problems if we implement multithreading over a single session and instead have suggested we use asynchronous methods instead and have been nice enough to even share some code. Meanwhile, to speed things along we've decided to go with the current openssh mechanism but streamline it and make it more easier to use. We're now calling the openssh server and client directly in code instead of calling scripts that then run the programs. Have replaced the config files needed by the server and client with command line options that are in code. These command line options will eventually all be set from within our own ebp.conf file making it a single point config file. The last gaping hole in our entire ssh mechanism so far - be it scripts or in-line piped code - has been that we have been connecting back to the server with a fixed user account. Therefore if you don't have that user account on the intended server you aren't getting in. All of the users of our software therefore have to have the same user account. This hasn't been documented by us anywhere before and we're sorry about that. While a separate ebp user may need to be considered, that's a subject we will be addressing as part of our entire Security and Privacy related policies. For now, for testing and building things forward needing to have special accounts,permissions,etc for each user in the mesh or on the local network is just a big PITA imho. My latest commit takes the username who has launched the eBrainPool client, all future openssh server sessions will be child processes and launched by the same user. This is then broadcast via avahi. We have the ssh_login TXT field that does that. Any user wishing to ssh connect back to our host and share software from us uses this username. Simple. Yes it maybe dirty from a security point of view as said. But we don't know enough of that as yet and will be knocking on the doors of security gurus to get some spanking and wisdom. For now this is the simplest way to go forward and make life for the developers / testers easier and that's what we're going on. Have fun :)

Previous Post Next Post