User interface, security, and "simplicity"
Jeff Simmons
jsimmons at goblin.punk.net
Sat May 3 17:34:37 EDT 2008
On Saturday 03 May 2008 14:00, Perry E. Metzger wrote:
> Right now, to use SSH to remotely connect to a machine using public
> keys, all I have to do is type "ssh-keygen" and copy the locally
> generated public key to a remote machine's authorized keys file.
> When there is an IPSEC system that is equally easy to use I'll switch
> to it.
OpenBSD has recently added the ipsecctl command, which greatly simplifies
setting up IPSEC VPNs, especially between OpenBSD machines. A config file can
be as simple as (from the man page):
ike esp from 192.168.3.1 to 192.168.3.2
ike esp from 10.1.1.0/24 to 10.1.2.0/24 peer 192.168.3.2
And the file structure for storing certs, public/private keys, and shared
secrets (which ipsecctl searches automatically) is equally simple.
--
Jeff Simmons jsimmons at goblin.punk.net
Simmons Consulting - Network Engineering, Administration, Security
"You guys, I don't hear any noise. Are you sure you're doing it right?"
-- My Life With The Thrill Kill Kult
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list