[Zope-dev] OpenSSH configuration between ZEO clients & storage server

Adrian Hungate adrian@haqa.co.uk
Sat, 30 Mar 2002 22:12:19 -0000


> Yes. The best solution would be for the ZEO protocol to support auth and
> crypto natively...

+10 (At least)

> The next best solution (while you wait) is to use CIPE ;-)

Could be, if you can:
a) Get your customers to run a platform it's been ported to
b) Run something so low level that is esentially replacing functionality
that is already in their kernels.

Anyone here want to try to explain to *ahem* technically non-expert *ahem*
clients why PPTP is bad (Inspite of _all_ major and minor OS's now bundling
support for it).

> As far as I understand it, even regular TCP port forwarding is TCP over
TCP
> and suffers from the unreliable carrier assumption causing excess (eg
> retransmit) traffic over a reliable channel.

By port-forwarding you mean... ?
a) A firewall PC that receives an external connection and reroutes it to a
machine on the inside? No, this is not TCP/TCP.
b) An apache that takes a connection and forwards it to Zope? No, this is
not TCP/TCP.

What "port forwarding" are we talking about here?

> Consider:
> host <--TCP--> local interface <--TCP tunnel--> local interface <--TCP-->
host
> host <--TCP-->                  virtual loopback
> interface              <--TCP--> host
>
> In this common port forwarding scenario, the SSH or SSL tunnel creates a
> virtual single loopback interface that
> the two hosts use to talk to each other, using TCP. The transport that
> joins these two physical interfaces to create one virtual loopback
> interface is also TCP. Therefore it's TCP over TCP

If you insist on using User Land utils for Kernel Land functions, this will
be the result IMHO.

Just my 0.02c, YMMV

Adrian...