[Twisted-Python] pb over twisted ssh?
warner at lothar.com
Tue Sep 27 20:37:30 EDT 2005
> The obvious improvement is to use ssh, and its credentials, instead.
> (The server already knows the clients' SSH keys.)
I don't have any advice to offer about using SSH, other than saying that
yeah, that'd be cool. I'd point out that I think you might be talking about
two separate things: one part is to run the PB connection inside an encrypted
SSH session. The other part is to use SSH keys as PB login credentials. I
consider the first part more useful, because that's how you would achieve
transport-layer privacy. You could achieve similar things by sending the PB
connection through a tunneled socket, but it would be kind of grotty.
What I will mention is that, in newpb, connections are run over SSL by
default, and the PB-URLs that identify endpoints are secure references to
those endpoints (they include a hash of the SSL key), so you get encryption
and authentication for free. cred has not yet been dragged into newpb, but it
won't be too much work once someone figures out what exactly they want out of
such a combination :).
More information about the Twisted-Python