2000-09-26-20:34:26 Martin Pool:
> Alternatively you could run it over an IPSEC tunnel, but that's
> *much* more complex to install than ssh.
More complex to install, and still wouldn't give the same precision
as best I can tell. sshd can be configured to invoke a different
server program, or a server program with different args, depending
on what key is passed; taken together with wrapper scripts that can
get at the originally requested commandline, this makes it possible
to specify precisely what each key in ~/.ssh/authorized_keys is
permitted to do. How would this effect be achieved using ipsec? I
really think this is a job best suited to something at ssh's level
in the protocol stack, SSL is too low-level and IPSEC is lower
still.
-Bennett
PGP signature
