[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-netdev
Subject:    Re: Simple Packet Signing
From:       Werner Almesberger <wa () almesberger ! net>
Date:       2001-08-22 4:25:43
[Download RAW message or body]

bert hubert wrote:
> For more rationale, see the URL. I would very much appreciate your input. Is
> this a wise idea? Are there better ways to achieve this, are people already
> working on this (besides IPSEC)? etc et.

You can set up SSH such that it only looks at a key, not at the IP address
(well, it looks at it briefly, but look away if it doesn't like what it
sees).

You can either just copy the public host key of your dynamic systems to
$HOME/.ssh/authorized_keys on your server (if you trust every user on
those dynamic systems), or - better - generate new keys for all trusted
users on those dynamic hosts with ssh-keygen and use it with ssh -i.

If you want, you can then also run PPP over SSH to build your own little
VPN.

- Werner

-- 
  _________________________________________________________________________
 / Werner Almesberger, Lausanne, CH                    wa@almesberger.net /
/_http://icawww.epfl.ch/almesberger/_____________________________________/

[prev in list] [next in list] [prev in thread] [next in thread]