Connections over private network, Simon's GSSAPI patch

Carson Gaspar carson at taltos.org
Wed Feb 5 04:21:48 EST 2003


Stop shooting yourself in the foot. Run 2 sshd instances, one on the public 
interface, one on the private interface, and make sure they know their 
correct host names.

The only other sane option I can think of is to add an option to ssh and/or 
sshd that lets you select which client and/or server kerberos principal(s) 
to use explicitly, instead of automagically determining them. And that's a 
lot more work. And belongs in the GSSAPI code. Something like:

ssh -oClientPrincipal=carson.admin at taltos.org 
-oServerPrincipal=host/server.private at taltos.org server.private.taltos.org

or (in sshd.conf):
ServerPrincipal=host/server.private at taltos.org

If your're feeling really studly, have the sshd option take a list of 
principals.

-- 
Carson




More information about the openssh-unix-dev mailing list