As a longtime Monotone user (aot a contributor), I'd like to pipe up with a strongly held opinion on this score.
If you're looking to SSL encrypt a network connection, and use system authentication, SSH is an excellent tool to use. The best way to accomplish that (which no one seems to do) would be to write an SSH subsystem, akin to SFTP. You get multiplexing for free, and tight integration with the SSH that's already set up. One of my huge gripes with SVN (amongst others) is that their hacky piggybacking of SSH, which makes integration into a server much harder. A subsystem would be a one-line config to take advantage of my whole SSH security model. The only reason I can see not to do this would be that you'd want mtn author ids to be identical with network users, which I can see in terms of simplicity of user education, and allowing mtn access without creating system users (although scponlyc is a good approach if that's what you want). On the other hand, arguably those are orthagonal security concerns - and a PAM module could be written to check against mtn if you really wanted that. Judson On Sat, Jan 17, 2009 at 6:11 PM, Timothy Brownawell <[email protected]>wrote: > On Sat, 2009-01-17 at 19:44 -0600, Matthew Nicholson wrote: > > Timothy Brownawell wrote: > > > > > > I should also mention that I'm thinking we eventually want to move to > > > SSH2 for encryption/authentication (pending finding a good server-side > > > SSH2 library, there only seem to be client-only libraries available > > > now). This would let us only need to listen in one place for both > > > netsync and stdio (and whatever else we might come up with), and would > > > also mean not needing to keep our own authentication code or write our > > > own encryption code (I know I've seen requests for encrypted netsync). > > > > Why ssh2 and not ssl/tls encryption? Just curious. I imagine ssl > > libraries would be more prevalent. > > Because it didn't occur to me, probably because the main tls use I know > is authenticating the server (mostly I think of https) while we > also/mainly want to authenticate the client (which is what ssh is used > for). We'd need our own multiplexing, but that should be quite a lot > less work than pulling a library out of an ssh server. > > > And instead of relying on SSH for > > authentication, we could add the option of using PAM for authentication > > which is what SSH uses anyway. > > No, probably better to keep using keys for that. I had been thinking ssh > pubkey authentication, but tls seems to allow for client certificates > which should be what we want. > > > -- > Timothy > > Free (experimental) public monotone hosting: http://mtn-host.prjek.net > > > > _______________________________________________ > Monotone-devel mailing list > [email protected] > http://lists.nongnu.org/mailman/listinfo/monotone-devel >
_______________________________________________ Monotone-devel mailing list [email protected] http://lists.nongnu.org/mailman/listinfo/monotone-devel
