Ir al contenido principal

Ralsina.Me — El sitio web de Roberto Alsina

Pissed off at SSH

Ok, not re­al­ly, since SSH has made my life much sim­pler than it would be oth­er­wise, but re­al­ly, it has some us­abil­i­ty is­sues.

And I mean re­al us­abil­i­ty is­sues, not the usu­al crap.

  • It can't be in­­te­­grat­ed in­­­to kde­wal­let

While there is a mech­a­nism to have a GUI ask­ing the pass­word, this helper app (askpass) does­n't get any ses­sion in­fo, so it's mean­ing­less, un­les you are try­ing to di­rect­ly start a X app over ssh.

Which you prob­a­bly aren't.

  • Fin­ger­print man­age­­ment suck­­s.

Sup­pose you have a fire­wal­l. You keep port 22 as a way to log in­to it, and for­ward port 23 to a mail serv­er in the DMZ. Well, it will com­plain and print huge, scary warn­ings each time you lo­gin in­to one or the oth­er, de­pend­ing on which one you used first.

Or, it can sim­ply refuse to con­nec­t.

And that's just the easy two.

What can be done?

  • Take the drop­bear client (not openssh, drop­bear code seems sim­­pler), and put a put­­ty-­­like UI in­­­to it. Use the kon­­sole kpart for dis­­­play.

  • Take the GTK ver­­sion of Put­­ty and hack it in­­­to KDE shape, put kde­wal­let in it. I don't quite like the idea of hav­ing a sea­­parate, dif­fer­­ent ter­mi­­nal app for re­­mote ses­­sion­s.

I would prob­a­bly go the drop­bear route if:

  1. I had a work­ing PyKDE (maybe some­­day)

  2. The idea of delv­ing in­­­to some­one else's C code did­n't make me nau­seous. (prob­a­bly af­ter I sur­gi­­cal­­ly re­­move my sense of taste).

Roberto Alsina / 2006-04-03 19:42:

Haven't heard of it, and google isn't turning out much. Anyway, that would fix just a small part of it.

It still doesn't provide session bookmarks, or fingerprint management, or key management.

Marcus / 2006-04-03 19:42:

Isn't there a patch out there forcing SSH Agent to use KDE Wallet. I think I've seen something like that, because I looked for something similar. Just google it, or am I completely missing your point?

David Anderson / 2006-04-03 19:43:

Have a search for various bugs in with different ideas about how to do this. Nobody seems to be working on it though.

Ian Monroe / 2006-04-03 19:44:

Well, keychain is basically kwallet for SSH. Really I'd rather see integration of keychain into kwallet (or keychain like functionality); I don't want to have to use some specific GUI SSH app just to use my SSH keys without password.

Certainly plenty of room for usablity improvement. I'm always surprised when I see the O'Reilly SSH book at the local bookstore, since I've always kind of put SSH as just another of those CLI apps you use all the time, right there with cd. Of course, I'm wrong and there's plenty of material for the book. :)

Roberto Alsina / 2006-04-03 19:45:

Doesn't keychain work only for RSA/DSA keys?

Rob McQueen / 2006-04-03 19:47:

The putty code's already got it's backend seperated out - there is a putty-based command line client for example. You wouldn't need to port the Gtk terminal to KDE, just wrap the putty backend into whatever form was most convenient for you, and then hook it up with whatever terminal widget you wanted.

ajax / 2006-04-03 19:48:

regarding point 2, it's easy to work around this:

Host firewall


Port 22

HostKeyAlias firewall

Host mailserver


Port 23

HostKeyAlias mailserver

it would certainly be nice if this were handled automatically in the known_hosts file though.

Contents © 2000-2023 Roberto Alsina