Connections over private network, Simon's GSSAPI patch
Carson Gaspar
carson at taltos.org
Wed Feb 5 04:21:48 EST 2003
Stop shooting yourself in the foot. Run 2 sshd instances, one on the public
interface, one on the private interface, and make sure they know their
correct host names.
The only other sane option I can think of is to add an option to ssh and/or
sshd that lets you select which client and/or server kerberos principal(s)
to use explicitly, instead of automagically determining them. And that's a
lot more work. And belongs in the GSSAPI code. Something like:
ssh -oClientPrincipal=carson.admin at taltos.org
-oServerPrincipal=host/server.private at taltos.org server.private.taltos.org
or (in sshd.conf):
ServerPrincipal=host/server.private at taltos.org
If your're feeling really studly, have the sshd option take a list of
principals.
--
Carson
More information about the openssh-unix-dev
mailing list