[Swift-devel] Re: Use of ControlMaster ssh channels
Mihael Hategan
hategan at mcs.anl.gov
Thu Oct 28 16:07:14 CDT 2010
On Thu, 2010-10-28 at 14:45 -0600, wilde at mcs.anl.gov wrote:
> Mihael,
>
> Last year, Narayan and the JGI folks were experimenting with ssh
> control master channels to achieve password-free logins to remote
> machines.
>
> You said at the time that the ssh classes that Swift uses would not be
> able to use this mechanism. And indeed, I just tried it and have so
> far not been able to get Swift to avoid the password/passphrase
> prompt, which confirms your assessment.
>
> But, do you know if this is conceptually possible? Maybe with some
> enhanced ssh classes?
The problem here is Java's inability to use Unix domain sockets, which,
as far as I remember, is the mechanism used by the SSH master channels
(as well as the SSH agent).
The essential problem is that of having a connection that survives
outside of a given process (i.e. multiple swift invocations implies in
general multiple jvm invocations) combined with the need for a secure
mechanism to use that connection (plain TCP socket's won't do because
one cannot enforce UNIX permissions on clients).
However, should it be that the JVM is persisted across multiple swift
invocations, the SSH provider already uses a similar mechanism (i.e.
connection is kept and multiple SSH channels are started on that
connection).
>
> What ssh package are you using currently in cog?
j2ssh.
Mihael
More information about the Swift-devel
mailing list