Re: [zeromq-dev] OpenSSH replacement with zeromq

[Benjamin Henrion]

On Tue, Dec 20, 2016 at 12:27 PM, Luca Boccassi  wrote:
> On Tue, 2016-12-20 at 12:21 +0100, Benjamin Henrion wrote:
>> On Tue, Dec 20, 2016 at 12:08 PM, Kevin Sapper  
>> wrote:
>> > I like it!
>> >
>> > Though I would not drop the zyre dependency as sending commands to a group
>> > of servers and discovery are neat features for a ssh system IMO.
>>
>> Sure, it is a nice feature, but only useful when they are in the same
>> LAN/VPN/broadcast domain. So the use case for it is smaller then a
>> mere SSH replacement.
>
> With zbeacon yes, but with zgossip I think there's no limitation right?

Never played with zgossip, Arnaud should more aware then I do?

-- 
Benjamin Henrion 
FFII Brussels - +32-484-566109 - +32-2-3500762
"In July 2005, after several failed attempts to legalise software
patents in Europe, the patent establishment changed its strategy.
Instead of explicitly seeking to sanction the patentability of
software, they are now seeking to create a central European patent
court, which would establish and enforce patentability rules in their
favor, without any possibility of correction by competing courts or
democratically elected legislators."
___
zeromq-dev mailing list
zeromq-dev@lists.zeromq.org
https://lists.zeromq.org/mailman/listinfo/zeromq-dev

Re: [zeromq-dev] OpenSSH replacement with zeromq

[Luca Boccassi]

On Tue, 2016-12-20 at 12:21 +0100, Benjamin Henrion wrote:
> On Tue, Dec 20, 2016 at 12:08 PM, Kevin Sapper  
> wrote:
> > I like it!
> >
> > Though I would not drop the zyre dependency as sending commands to a group
> > of servers and discovery are neat features for a ssh system IMO.
> 
> Sure, it is a nice feature, but only useful when they are in the same
> LAN/VPN/broadcast domain. So the use case for it is smaller then a
> mere SSH replacement.

With zbeacon yes, but with zgossip I think there's no limitation right?

Kind regards,
Luca Boccassi


signature.asc
Description: This is a digitally signed message part
___
zeromq-dev mailing list
zeromq-dev@lists.zeromq.org
https://lists.zeromq.org/mailman/listinfo/zeromq-dev

Re: [zeromq-dev] OpenSSH replacement with zeromq

[Benjamin Henrion]

On Tue, Dec 20, 2016 at 12:08 PM, Kevin Sapper  wrote:
> I like it!
>
> Though I would not drop the zyre dependency as sending commands to a group
> of servers and discovery are neat features for a ssh system IMO.

Sure, it is a nice feature, but only useful when they are in the same
LAN/VPN/broadcast domain. So the use case for it is smaller then a
mere SSH replacement.

-- 
Benjamin Henrion 
FFII Brussels - +32-484-566109 - +32-2-3500762
"In July 2005, after several failed attempts to legalise software
patents in Europe, the patent establishment changed its strategy.
Instead of explicitly seeking to sanction the patentability of
software, they are now seeking to create a central European patent
court, which would establish and enforce patentability rules in their
favor, without any possibility of correction by competing courts or
democratically elected legislators."
___
zeromq-dev mailing list
zeromq-dev@lists.zeromq.org
https://lists.zeromq.org/mailman/listinfo/zeromq-dev

Re: [zeromq-dev] OpenSSH replacement with zeromq

[alex.]

Indeed, talking to groups of servers + discovery would be the features
I'd want in an OpenSSH replacement.

For crypto, do go for the (native) CurveZMQ route, as in the end it
boils down to placing the public key of your machine on the servers. The
CurveZMQ (and the CurveCP project from which it is basically forked off)
are very neat crypto protocols and, when used correctly, gives pretty
good security.

Also check up on Salt[1], as it can already basically be used as a
distributed OpenSSH replacement.

[1]: https://docs.saltstack.com/en/latest/

On 20.12.2016 12:08, Kevin Sapper wrote:
> I like it! 
> 
> Though I would not drop the zyre dependency as sending commands to a
> group of servers and discovery are neat features for a ssh system IMO.
> 
> //Kevin
> 
> On Di, Dez 20, 2016 at 11:27 , Luca Boccassi 
> wrote:
>> On Tue, 2016-12-20 at 10:31 +0100, Benjamin Henrion wrote:
>>
>> Hi, Last year I worked with Pieter on the glard, a zyre daemon to
>> send commands to multiple devices on the LAN. We made a demo kit
>> with multiple openwrt routers with some bike lamps to show the
>> concept: https://github.com/CodeJockey/glar150 Now my idea was to
>> fork the tool and make it a simple OpenSSH replacement. I don't
>> know how it easy it is to add encryption keys. We could also think
>> about removing the GPIO LEDs and Zyre support in Glard and treat
>> it as a simple remote command executor. What do you think? 
>>
>> Sounds like an interesting hackaton project! :-) For encryption,
>> adding support for curve would probably be the safest and simplest
>> thing I guess? For zgossip based setups at least, as zbeacon is pure
>> UDP Kind regards, Luca Boccassi
>> ___ zeromq-dev mailing
>> list zeromq-dev@lists.zeromq.org 
>> https://lists.zeromq.org/mailman/listinfo/zeromq-dev
> 
> 
> ___
> zeromq-dev mailing list
> zeromq-dev@lists.zeromq.org
> https://lists.zeromq.org/mailman/listinfo/zeromq-dev
> 
___
zeromq-dev mailing list
zeromq-dev@lists.zeromq.org
https://lists.zeromq.org/mailman/listinfo/zeromq-dev

Re: [zeromq-dev] OpenSSH replacement with zeromq

[Luca Boccassi]

On Tue, 2016-12-20 at 10:31 +0100, Benjamin Henrion wrote:
> Hi,
> 
> Last year I worked with Pieter on the glard, a zyre daemon to send
> commands to multiple devices on the LAN. We made a demo kit with
> multiple openwrt routers with some bike lamps to show the concept:
> 
> https://github.com/CodeJockey/glar150
> 
> Now my idea was to fork the tool and make it a simple OpenSSH
> replacement. I don't know how it easy it is to add encryption keys.
> 
> We could also think about removing the GPIO LEDs and Zyre support in
> Glard and treat it as a simple remote command executor.
> 
> What do you think?

Sounds like an interesting hackaton project! :-)

For encryption, adding support for curve would probably be the safest
and simplest thing I guess? For zgossip based setups at least, as
zbeacon is pure UDP

Kind regards,
Luca Boccassi


signature.asc
Description: This is a digitally signed message part
___
zeromq-dev mailing list
zeromq-dev@lists.zeromq.org
https://lists.zeromq.org/mailman/listinfo/zeromq-dev

[zeromq-dev] OpenSSH replacement with zeromq

[Benjamin Henrion]

Hi,

Last year I worked with Pieter on the glard, a zyre daemon to send
commands to multiple devices on the LAN. We made a demo kit with
multiple openwrt routers with some bike lamps to show the concept:

https://github.com/CodeJockey/glar150

Now my idea was to fork the tool and make it a simple OpenSSH
replacement. I don't know how it easy it is to add encryption keys.

We could also think about removing the GPIO LEDs and Zyre support in
Glard and treat it as a simple remote command executor.

What do you think?

Best,

--
Benjamin Henrion 
FFII Brussels - +32-484-566109 - +32-2-3500762
"In July 2005, after several failed attempts to legalise software
patents in Europe, the patent establishment changed its strategy.
Instead of explicitly seeking to sanction the patentability of
software, they are now seeking to create a central European patent
court, which would establish and enforce patentability rules in their
favor, without any possibility of correction by competing courts or
democratically elected legislators."
___
zeromq-dev mailing list
zeromq-dev@lists.zeromq.org
https://lists.zeromq.org/mailman/listinfo/zeromq-dev