Re: [Twisted-Python] pb over twisted ssh?
![](https://secure.gravatar.com/avatar/0f15c04b6acde258bd27586371ae94b1.jpg?s=120&d=mm&r=g)
The obvious improvement is to use ssh, and its credentials, instead. (The server already knows the clients' SSH keys.)
I don't have any advice to offer about using SSH, other than saying that yeah, that'd be cool. I'd point out that I think you might be talking about two separate things: one part is to run the PB connection inside an encrypted SSH session. The other part is to use SSH keys as PB login credentials. I consider the first part more useful, because that's how you would achieve transport-layer privacy. You could achieve similar things by sending the PB connection through a tunneled socket, but it would be kind of grotty. What I will mention is that, in newpb, connections are run over SSL by default, and the PB-URLs that identify endpoints are secure references to those endpoints (they include a hash of the SSL key), so you get encryption and authentication for free. cred has not yet been dragged into newpb, but it won't be too much work once someone figures out what exactly they want out of such a combination :). cheers, -Brian
participants (2)
-
Brian Warner
-
Jasper