1 libpwmd supports remote access to a pwmd server via TLS and by using the
2 libssh2 library. The pwmd_connect() function is used to connect to the remote
3 socket just as the local socket by prefixing the socket with ssh:// followed
4 by the hostname. After resolving the hostname and connecting, an ssh session
5 is created and the hostkey is verified against a file containing known hosts.
6 A passphrase protected private SSH key is supported but only when libssh2 has
7 been built using OpenSSL.
9 After verification succeeds, a channel is opened which spawns a shell. This
10 shell should execute a proxy to the pwmd server by connecting to the local
11 socket. I use 'socat', it's really handy.
13 In order to get this to work you need to put the following in your
14 ~/.ssh/authorized_keys file on the machine running the ssh and pwmd server. It
15 should be prepended to the public key portion of the private key that your
16 libpwmd client will use:
18 command="socat UNIX-CONNECT:$HOME/.pwmd/socket -" ... identity.pub ...
20 Now when libpwmd spawns the SSH shell, 'socat' will read the stdout of the SSH
21 shell and redirect it to the pwmd socket. The output of pwmd works the same:
22 redirecting pwmd's socket output to the stdin of the SSH shell and back to the
25 You can use pwmc to try it out:
26 # Generate an SSH key that the client will use. Then copy the contents of
27 # the generated public key to the SSH servers authorized_keys file and
28 # prepend the above mentioned line to it. You will need both the generated
29 # public and private keys when connecting to the server.
32 # If you have an ssh agent running, you can also do the following:
35 # List the contents of the pwmd 'datafile' on the remote SSH server by
36 # connecting as the specified 'user'. If you have an ssh agent running and
37 # did the above command, you can omit the --identity option.
38 echo list | pwmc --url ssh://user@hostname --identity keyfile datafile
41 Ben Kibbey <bjk@luxsci.net>
42 http://pwmd.sourceforge.net/