1.5.3


Old Stuff

 www.your-freedom.net
 www.secure-tunnel.com

Ticket #135 (closed enhancement: fixed)

Opened 2 years ago

Last modified 2 years ago

Dynamic Host Option

Reported by: blackarts@gmx.net Assigned to: andrei
Priority: high Milestone: AlmostVPN 0.9.12
Component: PreferencePanel Version: 0.9
Severity: normal Keywords: DHCP fingerprint
Cc:

Description

version: 0.9.11 / 10.4.4

feature request: addition of preferences option

problem: you want to connect to a host, which is on dynamic IP everytime (here every day) you connect to it.

situation: at setup time, after using the test button you get ask, if that fingerprint is ok and should be saved. if answered positive, all works as long as you're connect or as long as the IP hasn't changed.

pitfall: the next day you press the start button, but the connection doesn't work. why? the IP has changed, the fingerprint isn't the same. you wouldn't think of having to look for new fingerprints.

workaround: press every time the test button to see if the IP has changed, if so accepting the new fingerprint. now press the start button to get it going.

solution: might be a checkbox, which accepts changing IPs associated with dynamic host adresses. am i right, to guess that this could be accomplished with "-o CheckHostIP no"?

why?: basic users, which should just be able to connect to remote servers/drives and work with those, have no understanding of the technical side of computing. they just want to have it work. and easy. so setting this option as preferences (maybe after being prefaced with a warning of the consequences [man-in-the-middle attack]) would solve it sufficently.

thx. for considering this.

greetings, s.Oliver

Change History

02/10/06 10:20:09 changed by andrei

  • keywords changed from AlmostVPN to DHCP fingerprint.
  • status changed from new to assigned.

s.Oliver, good catch. I have not thought about it. Actually, fingerprint does not change with change of IP address, but SSH client using IP address as a key to known fingerprints, so when IP does change it can not find the fingerprint anymore.

In any case, you are right "-o CheckHostIP no" should do the trick. I see if I can squeeze it into 0.9.12

02/10/06 10:27:43 changed by andrei

I think I came up with even better solution. Few versions back AlmostVPN started to force use of IP addresses for SSH servers. This is why we have this problem with fingerprints. I can not reverse it back, but I can introduce "virtual" host name ( something like <original host name>.almostvpn ) and use it in SSH command line. This way, fingerprints will be keyed on this "virtual" host name (which will not change from time to time). So we can keep "-o CheckHostIP yes" and not worry about man-in-the-middle!

02/10/06 17:07:32 changed by blackarts@gmx.net

sounds good to me andrei. tell me, when you need someone to check out that feature. thanks btw. for that "super fast" reaction. :-)

oliver

02/13/06 14:38:08 changed by andrei

  • status changed from assigned to closed.
  • resolution set to fixed.

AlmostVPN switched back to using host names in SSH command line, so this problem will go away now.