Thread: SSH Tunneling implementation

SSH Tunneling implementation

From
Akshay Joshi
Date:
Hi All

I have implemented SSH tunneling using libssh2 library and added the logic into pgAdmin3. With current implementation SSH tunnel will be created using password as authentication mode. I'll work on the certificate based authentication. I have attached two patch files 1) SSHTunnel.patch 2) vcxproj.patch (Only for Windows).

Below are the steps to build pgadmin
On Windows:- 
  • Compile libssh2 library on Windows
    • "libssh2.dsw" file is available in win32 folder.
    • Specify path of the OpenSSL's include folder in "Properties->C++->General->Additional Include Directories"
    • Specify path of the OpenSSL and Zlib's lib folder in "Properties->Linker->General->Additional Library Directories"
  • Create new environment variable LIBSSH2 and set the path of the libssh2 folder.
  • Compile pgAdmin3.  
On Linux:- 
  • To compile libssh2 run ./configure, make and make install.
  • Compile pgAdmin3.
Please review the patch and let me know the review comments.

--
Akshay Joshi
Senior Software Engineer 
EnterpriseDB Corporation
The Enterprise PostgreSQL Company
Phone: +91 20-3058-9522
Mobile: +91 976-788-8246

Attachment

Re: SSH Tunneling implementation

From
Guillaume Lelarge
Date:
On Thu, 2012-07-05 at 18:37 +0530, Akshay Joshi wrote:
> Hi All
>
> I have implemented SSH tunneling using *libssh2* library and added the
> logic into pgAdmin3. With current implementation SSH tunnel will be created
> using password as authentication mode. I'll work on the certificate based
> authentication. I have attached two patch files 1) SSHTunnel.patch
> 2) vcxproj.patch (Only for Windows).
>

Wow. This is really great. I applied the patch, compiled the code, and
tried a few things. It works. Of course, it needs more testing, and a
real review of the code (and a few fixes on the UI), but hell yeah,
that's great :)

Thanks a lot Akshay. That's something I wanted to have a long time ago.


--
Guillaume
http://blog.guillaume.lelarge.info
http://www.dalibo.com


Re: SSH Tunneling implementation

From
Dave Page
Date:
Hi

On Thu, Jul 5, 2012 at 2:07 PM, Akshay Joshi
<akshay.joshi@enterprisedb.com> wrote:
> Hi All
>
> I have implemented SSH tunneling using libssh2 library and added the logic
> into pgAdmin3. With current implementation SSH tunnel will be created using
> password as authentication mode. I'll work on the certificate based
> authentication. I have attached two patch files 1) SSHTunnel.patch 2)
> vcxproj.patch (Only for Windows).
>
> Below are the steps to build pgadmin
>
> Download libssh2 source code from http://www.libssh2.org/
>
> On Windows:-
>
> Compile libssh2 library on Windows
>
> "libssh2.dsw" file is available in win32 folder.
> Specify path of the OpenSSL's include folder in
> "Properties->C++->General->Additional Include Directories"
> Specify path of the OpenSSL and Zlib's lib folder in
> "Properties->Linker->General->Additional Library Directories"
>
> Create new environment variable LIBSSH2 and set the path of the libssh2
> folder.
> Compile pgAdmin3.
>
> On Linux:-
>
> To compile libssh2 run ./configure, make and make install.
> Compile pgAdmin3.

OK, a few issues when testing on Mac:

- The SSH tab should follow the SSL tab I think.

- The Certificate/Password options should align with the text boxes,
and have a title. Eg.

Authentication            (*) Password     ( ) Certificate

- The left hand edge of the cert/key text boxes is misaligned.

- We seem to be unable to decide whether labels on dialogues should
look like "Foo Bar" or "Foo bar" (in many places). Let's not continue
that trend - please use "Foo bar" style in all cases, except where
"bar" is an acronym or initialed abbreviation, eg. "Foo ID"

- The version of libssh2 supplied with MacPorts at present is 1.2.7,
which is missing the libssh2_session_handshake function. Please add a
configure check to ensure we don't try to use a version of libssh2
that's too old.

- When connecting, I got two error messages (see attached). The first
is not very helpful, though I appreciate that may come from libssh2,
in which case you cannot do much about it. The second shouldn't end in
!!!, but with a simple full stop.

- The logs the second dialogue directed me to, don't actually contain
any more info than the dialogues gave me already, so the second
message doesn't help and is redundant. Perhaps the first should be
changed to something like "SSH error: $ERROR".

Otherwise, I agree with Guillaume; when complete this will be a much
needed feature. Which I suppose is unsurprising given that I asked you
to write it :-D

--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

Attachment

Re: SSH Tunneling implementation

From
Magnus Hagander
Date:
On Fri, Jul 6, 2012 at 4:26 PM, Dave Page <dpage@pgadmin.org> wrote:
> Hi
>
> On Thu, Jul 5, 2012 at 2:07 PM, Akshay Joshi
> <akshay.joshi@enterprisedb.com> wrote:
>> Hi All
>>
>> I have implemented SSH tunneling using libssh2 library and added the logic
>> into pgAdmin3. With current implementation SSH tunnel will be created using
>> password as authentication mode. I'll work on the certificate based
>> authentication. I have attached two patch files 1) SSHTunnel.patch 2)
>> vcxproj.patch (Only for Windows).
>>
>> Below are the steps to build pgadmin
>>
>> Download libssh2 source code from http://www.libssh2.org/
>>
>> On Windows:-
>>
>> Compile libssh2 library on Windows
>>
>> "libssh2.dsw" file is available in win32 folder.
>> Specify path of the OpenSSL's include folder in
>> "Properties->C++->General->Additional Include Directories"
>> Specify path of the OpenSSL and Zlib's lib folder in
>> "Properties->Linker->General->Additional Library Directories"
>>
>> Create new environment variable LIBSSH2 and set the path of the libssh2
>> folder.
>> Compile pgAdmin3.
>>
>> On Linux:-
>>
>> To compile libssh2 run ./configure, make and make install.
>> Compile pgAdmin3.
>
> OK, a few issues when testing on Mac:

I haven't actually tested it, but I have a question based on the
review by dave :-)

> - The Certificate/Password options should align with the text boxes,
> and have a title. Eg.
>
> Authentication            (*) Password     ( ) Certificate

Is that actually certificate authentication? Is it not ssh public key
authentication?


> Otherwise, I agree with Guillaume; when complete this will be a much
> needed feature. Which I suppose is unsurprising given that I asked you
> to write it :-D

Yes, +1 for this being a very useful feature!


--
 Magnus Hagander
 Me: http://www.hagander.net/
 Work: http://www.redpill-linpro.com/

Re: SSH Tunneling implementation

From
Dave Page
Date:
On Fri, Jul 6, 2012 at 3:29 PM, Magnus Hagander <magnus@hagander.net> wrote:
> On Fri, Jul 6, 2012 at 4:26 PM, Dave Page <dpage@pgadmin.org> wrote:
>> Hi
>>
>> On Thu, Jul 5, 2012 at 2:07 PM, Akshay Joshi
>> <akshay.joshi@enterprisedb.com> wrote:
>>> Hi All
>>>
>>> I have implemented SSH tunneling using libssh2 library and added the logic
>>> into pgAdmin3. With current implementation SSH tunnel will be created using
>>> password as authentication mode. I'll work on the certificate based
>>> authentication. I have attached two patch files 1) SSHTunnel.patch 2)
>>> vcxproj.patch (Only for Windows).
>>>
>>> Below are the steps to build pgadmin
>>>
>>> Download libssh2 source code from http://www.libssh2.org/
>>>
>>> On Windows:-
>>>
>>> Compile libssh2 library on Windows
>>>
>>> "libssh2.dsw" file is available in win32 folder.
>>> Specify path of the OpenSSL's include folder in
>>> "Properties->C++->General->Additional Include Directories"
>>> Specify path of the OpenSSL and Zlib's lib folder in
>>> "Properties->Linker->General->Additional Library Directories"
>>>
>>> Create new environment variable LIBSSH2 and set the path of the libssh2
>>> folder.
>>> Compile pgAdmin3.
>>>
>>> On Linux:-
>>>
>>> To compile libssh2 run ./configure, make and make install.
>>> Compile pgAdmin3.
>>
>> OK, a few issues when testing on Mac:
>
> I haven't actually tested it, but I have a question based on the
> review by dave :-)
>
>> - The Certificate/Password options should align with the text boxes,
>> and have a title. Eg.
>>
>> Authentication            (*) Password     ( ) Certificate
>
> Is that actually certificate authentication? Is it not ssh public key
> authentication?

Good point. Yes it is.

--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

Re: SSH Tunneling implementation

From
Dave Page
Date:
On Fri, Jul 6, 2012 at 3:31 PM, Dave Page <dpage@pgadmin.org> wrote:
> On Fri, Jul 6, 2012 at 3:29 PM, Magnus Hagander <magnus@hagander.net> wrote:
>> On Fri, Jul 6, 2012 at 4:26 PM, Dave Page <dpage@pgadmin.org> wrote:
>>> Hi
>>>
>>> On Thu, Jul 5, 2012 at 2:07 PM, Akshay Joshi
>>> <akshay.joshi@enterprisedb.com> wrote:
>>>> Hi All
>>>>
>>>> I have implemented SSH tunneling using libssh2 library and added the logic
>>>> into pgAdmin3. With current implementation SSH tunnel will be created using
>>>> password as authentication mode. I'll work on the certificate based
>>>> authentication. I have attached two patch files 1) SSHTunnel.patch 2)
>>>> vcxproj.patch (Only for Windows).
>>>>
>>>> Below are the steps to build pgadmin
>>>>
>>>> Download libssh2 source code from http://www.libssh2.org/
>>>>
>>>> On Windows:-
>>>>
>>>> Compile libssh2 library on Windows
>>>>
>>>> "libssh2.dsw" file is available in win32 folder.
>>>> Specify path of the OpenSSL's include folder in
>>>> "Properties->C++->General->Additional Include Directories"
>>>> Specify path of the OpenSSL and Zlib's lib folder in
>>>> "Properties->Linker->General->Additional Library Directories"
>>>>
>>>> Create new environment variable LIBSSH2 and set the path of the libssh2
>>>> folder.
>>>> Compile pgAdmin3.
>>>>
>>>> On Linux:-
>>>>
>>>> To compile libssh2 run ./configure, make and make install.
>>>> Compile pgAdmin3.
>>>
>>> OK, a few issues when testing on Mac:
>>
>> I haven't actually tested it, but I have a question based on the
>> review by dave :-)
>>
>>> - The Certificate/Password options should align with the text boxes,
>>> and have a title. Eg.
>>>
>>> Authentication            (*) Password     ( ) Certificate
>>
>> Is that actually certificate authentication? Is it not ssh public key
>> authentication?
>
> Good point. Yes it is.

Gargh, hit Send too soon.

So, following on:

- s/Certificate/Public key

- Does the user really need to specify the public key as well as the
private key? Normally just the private key is use at the client, and
the public key at the server.

--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

Re: SSH Tunneling implementation

From
Magnus Hagander
Date:
On Fri, Jul 6, 2012 at 4:34 PM, Dave Page <dpage@pgadmin.org> wrote:
> On Fri, Jul 6, 2012 at 3:31 PM, Dave Page <dpage@pgadmin.org> wrote:
>> On Fri, Jul 6, 2012 at 3:29 PM, Magnus Hagander <magnus@hagander.net> wrote:
>>> On Fri, Jul 6, 2012 at 4:26 PM, Dave Page <dpage@pgadmin.org> wrote:
>>>> Hi
>>>>
>>>> On Thu, Jul 5, 2012 at 2:07 PM, Akshay Joshi
>>>> <akshay.joshi@enterprisedb.com> wrote:
>>>>> Hi All
>>>>>
>>>>> I have implemented SSH tunneling using libssh2 library and added the logic
>>>>> into pgAdmin3. With current implementation SSH tunnel will be created using
>>>>> password as authentication mode. I'll work on the certificate based
>>>>> authentication. I have attached two patch files 1) SSHTunnel.patch 2)
>>>>> vcxproj.patch (Only for Windows).
>>>>>
>>>>> Below are the steps to build pgadmin
>>>>>
>>>>> Download libssh2 source code from http://www.libssh2.org/
>>>>>
>>>>> On Windows:-
>>>>>
>>>>> Compile libssh2 library on Windows
>>>>>
>>>>> "libssh2.dsw" file is available in win32 folder.
>>>>> Specify path of the OpenSSL's include folder in
>>>>> "Properties->C++->General->Additional Include Directories"
>>>>> Specify path of the OpenSSL and Zlib's lib folder in
>>>>> "Properties->Linker->General->Additional Library Directories"
>>>>>
>>>>> Create new environment variable LIBSSH2 and set the path of the libssh2
>>>>> folder.
>>>>> Compile pgAdmin3.
>>>>>
>>>>> On Linux:-
>>>>>
>>>>> To compile libssh2 run ./configure, make and make install.
>>>>> Compile pgAdmin3.
>>>>
>>>> OK, a few issues when testing on Mac:
>>>
>>> I haven't actually tested it, but I have a question based on the
>>> review by dave :-)
>>>
>>>> - The Certificate/Password options should align with the text boxes,
>>>> and have a title. Eg.
>>>>
>>>> Authentication            (*) Password     ( ) Certificate
>>>
>>> Is that actually certificate authentication? Is it not ssh public key
>>> authentication?
>>
>> Good point. Yes it is.
>
> Gargh, hit Send too soon.
>
> So, following on:
>
> - s/Certificate/Public key
>
> - Does the user really need to specify the public key as well as the
> private key? Normally just the private key is use at the client, and
> the public key at the server.

Shouldn't be needed, no. The client presents the private key, the
server will automatically find the corresponding public key (or
complain that it can't).

--
 Magnus Hagander
 Me: http://www.hagander.net/
 Work: http://www.redpill-linpro.com/

Re: SSH Tunneling implementation

From
Ashesh Vashi
Date:

On Fri, Jul 6, 2012 at 8:11 PM, Magnus Hagander <magnus@hagander.net> wrote:
On Fri, Jul 6, 2012 at 4:34 PM, Dave Page <dpage@pgadmin.org> wrote:
> On Fri, Jul 6, 2012 at 3:31 PM, Dave Page <dpage@pgadmin.org> wrote:
>> On Fri, Jul 6, 2012 at 3:29 PM, Magnus Hagander <magnus@hagander.net> wrote:
>>> On Fri, Jul 6, 2012 at 4:26 PM, Dave Page <dpage@pgadmin.org> wrote:
>>>> Hi
>>>>
>>>> On Thu, Jul 5, 2012 at 2:07 PM, Akshay Joshi
>>>> <akshay.joshi@enterprisedb.com> wrote:
>>>>> Hi All
>>>>>
>>>>> I have implemented SSH tunneling using libssh2 library and added the logic
>>>>> into pgAdmin3. With current implementation SSH tunnel will be created using
>>>>> password as authentication mode. I'll work on the certificate based
>>>>> authentication. I have attached two patch files 1) SSHTunnel.patch 2)
>>>>> vcxproj.patch (Only for Windows).
>>>>>
>>>>> Below are the steps to build pgadmin
>>>>>
>>>>> Download libssh2 source code from http://www.libssh2.org/
>>>>>
>>>>> On Windows:-
>>>>>
>>>>> Compile libssh2 library on Windows
>>>>>
>>>>> "libssh2.dsw" file is available in win32 folder.
>>>>> Specify path of the OpenSSL's include folder in
>>>>> "Properties->C++->General->Additional Include Directories"
>>>>> Specify path of the OpenSSL and Zlib's lib folder in
>>>>> "Properties->Linker->General->Additional Library Directories"
>>>>>
>>>>> Create new environment variable LIBSSH2 and set the path of the libssh2
>>>>> folder.
>>>>> Compile pgAdmin3.
>>>>>
>>>>> On Linux:-
>>>>>
>>>>> To compile libssh2 run ./configure, make and make install.
>>>>> Compile pgAdmin3.
>>>>
>>>> OK, a few issues when testing on Mac:
>>>
>>> I haven't actually tested it, but I have a question based on the
>>> review by dave :-)
>>>
>>>> - The Certificate/Password options should align with the text boxes,
>>>> and have a title. Eg.
>>>>
>>>> Authentication            (*) Password     ( ) Certificate
>>>
>>> Is that actually certificate authentication? Is it not ssh public key
>>> authentication?
>>
>> Good point. Yes it is.
>
> Gargh, hit Send too soon.
>
> So, following on:
>
> - s/Certificate/Public key
>
> - Does the user really need to specify the public key as well as the
> private key? Normally just the private key is use at the client, and
> the public key at the server.

Shouldn't be needed, no. The client presents the private key, the
server will automatically find the corresponding public key (or
complain that it can't).
Exactly.
It should be Identity file (private key - not public key)

One thing, missing is the passphrase of the identity file.
I had conversation with Akshay regarding it.

We were agree to change the label for password to Password/Pass Phrase and the certificate to 'Identity File'.
So - the same textbox can be used to take password. And, pass-phrase in case of identity file is provided.

And - add a label to show tip about the Password/Pass-phrase at the bottom of the dialog to explain that use of the text-box.

Do you think - it make sense?

--

Thanks & Regards,

Ashesh Vashi
EnterpriseDB INDIA: 
Enterprise PostgreSQL Company


http://www.linkedin.com/in/asheshvashi


--
 Magnus Hagander
 Me: http://www.hagander.net/
 Work: http://www.redpill-linpro.com/

--
Sent via pgadmin-hackers mailing list (pgadmin-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgadmin-hackers

Re: SSH Tunneling implementation

From
Dave Page
Date:


On Fri, Jul 6, 2012 at 6:17 PM, Ashesh Vashi <ashesh.vashi@enterprisedb.com> wrote:

Shouldn't be needed, no. The client presents the private key, the
server will automatically find the corresponding public key (or
complain that it can't).
Exactly.
It should be Identity file (private key - not public key)

One thing, missing is the passphrase of the identity file.
I had conversation with Akshay regarding it.

We were agree to change the label for password to Password/Pass Phrase and the certificate to 'Identity File'.
So - the same textbox can be used to take password. And, pass-phrase in case of identity file is provided.

And - add a label to show tip about the Password/Pass-phrase at the bottom of the dialog to explain that use of the text-box.


That may not be necessary - but I guess the fields should be re-ordered so the password/passphrase box is at the bottom. It would be more of a logical flow that way.

--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

Re: SSH Tunneling implementation

From
Akshay Joshi
Date:


On Fri, Jul 6, 2012 at 8:04 PM, Dave Page <dpage@pgadmin.org> wrote:
On Fri, Jul 6, 2012 at 3:31 PM, Dave Page <dpage@pgadmin.org> wrote:
> On Fri, Jul 6, 2012 at 3:29 PM, Magnus Hagander <magnus@hagander.net> wrote:
>> On Fri, Jul 6, 2012 at 4:26 PM, Dave Page <dpage@pgadmin.org> wrote:
>>> Hi
>>>
>>> On Thu, Jul 5, 2012 at 2:07 PM, Akshay Joshi
>>> <akshay.joshi@enterprisedb.com> wrote:
>>>> Hi All
>>>>
>>>> I have implemented SSH tunneling using libssh2 library and added the logic
>>>> into pgAdmin3. With current implementation SSH tunnel will be created using
>>>> password as authentication mode. I'll work on the certificate based
>>>> authentication. I have attached two patch files 1) SSHTunnel.patch 2)
>>>> vcxproj.patch (Only for Windows).
>>>>
>>>> Below are the steps to build pgadmin
>>>>
>>>> Download libssh2 source code from http://www.libssh2.org/
>>>>
>>>> On Windows:-
>>>>
>>>> Compile libssh2 library on Windows
>>>>
>>>> "libssh2.dsw" file is available in win32 folder.
>>>> Specify path of the OpenSSL's include folder in
>>>> "Properties->C++->General->Additional Include Directories"
>>>> Specify path of the OpenSSL and Zlib's lib folder in
>>>> "Properties->Linker->General->Additional Library Directories"
>>>>
>>>> Create new environment variable LIBSSH2 and set the path of the libssh2
>>>> folder.
>>>> Compile pgAdmin3.
>>>>
>>>> On Linux:-
>>>>
>>>> To compile libssh2 run ./configure, make and make install.
>>>> Compile pgAdmin3.
>>>
>>> OK, a few issues when testing on Mac:
>>
>> I haven't actually tested it, but I have a question based on the
>> review by dave :-)
>>
>>> - The Certificate/Password options should align with the text boxes,
>>> and have a title. Eg.
>>>
>>> Authentication            (*) Password     ( ) Certificate
>>
>> Is that actually certificate authentication? Is it not ssh public key
>> authentication?
>
> Good point. Yes it is.

Gargh, hit Send too soon.

So, following on:

- s/Certificate/Public key

- Does the user really need to specify the public key as well as the
private key? Normally just the private key is use at the client, and
the public key at the server.

   We are using following API for successful authentication using public key

   libssh2_userauth_publickey_fromfile(LIBSSH2_SESSION *session,   const char *username,   const char *publickey,   const char *privatekey,
   const char *passphrase);
   
   So in this case we will require both public and private key. We can do one thing here is only get the private key from user and assume public key
   file (.pub) is at the same folder location. Thoughts? Comments?   

--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company



--
Akshay Joshi
Senior Software Engineer 
EnterpriseDB Corporation
The Enterprise PostgreSQL Company
Phone: +91 20-3058-9522
Mobile: +91 976-788-8246

Re: SSH Tunneling implementation

From
Dave Page
Date:
On Mon, Jul 9, 2012 at 10:10 AM, Akshay Joshi
<akshay.joshi@enterprisedb.com> wrote:
>
>    We are using following API for successful authentication using public key
>
>    libssh2_userauth_publickey_fromfile(LIBSSH2_SESSION *session,   const
> char *username,   const char *publickey,   const char *privatekey,
>    const char *passphrase);
>
>    So in this case we will require both public and private key. We can do
> one thing here is only get the private key from user and assume public key
>    file (.pub) is at the same folder location. Thoughts? Comments?

No, that won't work - it'll break as soon as I test it for example.

You  can just set that param to null. The man page says:

publickey - Path name of the public key file. (e.g.
/etc/ssh/hostkey.pub). If libssh2 is built against OpenSSL, this
option can be set to NULL.

http://www.libssh2.org/libssh2_userauth_publickey_fromfile_ex.html

(note that libssh2_userauth_publickey_fromfile is just a macro over
libssh2_userauth_publickey_fromfile_ex)
--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

Re: SSH Tunneling implementation

From
Magnus Hagander
Date:
On Mon, Jul 9, 2012 at 11:15 AM, Dave Page <dpage@pgadmin.org> wrote:
> On Mon, Jul 9, 2012 at 10:10 AM, Akshay Joshi
> <akshay.joshi@enterprisedb.com> wrote:
>>
>>    We are using following API for successful authentication using public key
>>
>>    libssh2_userauth_publickey_fromfile(LIBSSH2_SESSION *session,   const
>> char *username,   const char *publickey,   const char *privatekey,
>>    const char *passphrase);
>>
>>    So in this case we will require both public and private key. We can do
>> one thing here is only get the private key from user and assume public key
>>    file (.pub) is at the same folder location. Thoughts? Comments?
>
> No, that won't work - it'll break as soon as I test it for example.
>
> You  can just set that param to null. The man page says:
>
> publickey - Path name of the public key file. (e.g.
> /etc/ssh/hostkey.pub). If libssh2 is built against OpenSSL, this
> option can be set to NULL.

What if it's not built against OpenSSL, though? For example, the one
on Ubuntu appears to be built against GnuTLS...

--
 Magnus Hagander
 Me: http://www.hagander.net/
 Work: http://www.redpill-linpro.com/

Re: SSH Tunneling implementation

From
Dave Page
Date:
On Mon, Jul 9, 2012 at 10:34 AM, Magnus Hagander <magnus@hagander.net> wrote:
> On Mon, Jul 9, 2012 at 11:15 AM, Dave Page <dpage@pgadmin.org> wrote:
>> On Mon, Jul 9, 2012 at 10:10 AM, Akshay Joshi
>> <akshay.joshi@enterprisedb.com> wrote:
>>>
>>>    We are using following API for successful authentication using public key
>>>
>>>    libssh2_userauth_publickey_fromfile(LIBSSH2_SESSION *session,   const
>>> char *username,   const char *publickey,   const char *privatekey,
>>>    const char *passphrase);
>>>
>>>    So in this case we will require both public and private key. We can do
>>> one thing here is only get the private key from user and assume public key
>>>    file (.pub) is at the same folder location. Thoughts? Comments?
>>
>> No, that won't work - it'll break as soon as I test it for example.
>>
>> You  can just set that param to null. The man page says:
>>
>> publickey - Path name of the public key file. (e.g.
>> /etc/ssh/hostkey.pub). If libssh2 is built against OpenSSL, this
>> option can be set to NULL.
>
> What if it's not built against OpenSSL, though? For example, the one
> on Ubuntu appears to be built against GnuTLS...

We've never supported anything other than OpenSSL.


--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

Re: SSH Tunneling implementation

From
Magnus Hagander
Date:
On Mon, Jul 9, 2012 at 11:48 AM, Dave Page <dpage@pgadmin.org> wrote:
> On Mon, Jul 9, 2012 at 10:34 AM, Magnus Hagander <magnus@hagander.net> wrote:
>> On Mon, Jul 9, 2012 at 11:15 AM, Dave Page <dpage@pgadmin.org> wrote:
>>> On Mon, Jul 9, 2012 at 10:10 AM, Akshay Joshi
>>> <akshay.joshi@enterprisedb.com> wrote:
>>>>
>>>>    We are using following API for successful authentication using public key
>>>>
>>>>    libssh2_userauth_publickey_fromfile(LIBSSH2_SESSION *session,   const
>>>> char *username,   const char *publickey,   const char *privatekey,
>>>>    const char *passphrase);
>>>>
>>>>    So in this case we will require both public and private key. We can do
>>>> one thing here is only get the private key from user and assume public key
>>>>    file (.pub) is at the same folder location. Thoughts? Comments?
>>>
>>> No, that won't work - it'll break as soon as I test it for example.
>>>
>>> You  can just set that param to null. The man page says:
>>>
>>> publickey - Path name of the public key file. (e.g.
>>> /etc/ssh/hostkey.pub). If libssh2 is built against OpenSSL, this
>>> option can be set to NULL.
>>
>> What if it's not built against OpenSSL, though? For example, the one
>> on Ubuntu appears to be built against GnuTLS...
>
> We've never supported anything other than OpenSSL.

For the direct linking. But the question here is what *libssh2* is
built against, not what pgadmin is linked against.

If you require the entire system to be built against openssl, then the
feature won't work on Debian. Or Ubuntu. Or RedHat. Or Fedora. Or
SuSE. Or any derived distros. Because they all made the decision to
move away from openssl for any packages that support other things
(though annoyingly enough, debian/ubuntu went towards gnutls and the
redhat style distros went towards libnss - but that's a different
story).

--
 Magnus Hagander
 Me: http://www.hagander.net/
 Work: http://www.redpill-linpro.com/

Re: SSH Tunneling implementation

From
Dave Page
Date:
On Mon, Jul 9, 2012 at 10:51 AM, Magnus Hagander <magnus@hagander.net> wrote:
> On Mon, Jul 9, 2012 at 11:48 AM, Dave Page <dpage@pgadmin.org> wrote:
>>
>> We've never supported anything other than OpenSSL.
>
> For the direct linking. But the question here is what *libssh2* is
> built against, not what pgadmin is linked against.
>
> If you require the entire system to be built against openssl, then the
> feature won't work on Debian. Or Ubuntu. Or RedHat. Or Fedora. Or
> SuSE. Or any derived distros. Because they all made the decision to
> move away from openssl for any packages that support other things
> (though annoyingly enough, debian/ubuntu went towards gnutls and the
> redhat style distros went towards libnss - but that's a different
> story).

Hmm, good point. In that case Akshay will need to figure out how to
deal with this some other way.


--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

Re: SSH Tunneling implementation

From
Magnus Hagander
Date:
On Mon, Jul 9, 2012 at 12:15 PM, Dave Page <dpage@pgadmin.org> wrote:
> On Mon, Jul 9, 2012 at 10:51 AM, Magnus Hagander <magnus@hagander.net> wrote:
>> On Mon, Jul 9, 2012 at 11:48 AM, Dave Page <dpage@pgadmin.org> wrote:
>>>
>>> We've never supported anything other than OpenSSL.
>>
>> For the direct linking. But the question here is what *libssh2* is
>> built against, not what pgadmin is linked against.
>>
>> If you require the entire system to be built against openssl, then the
>> feature won't work on Debian. Or Ubuntu. Or RedHat. Or Fedora. Or
>> SuSE. Or any derived distros. Because they all made the decision to
>> move away from openssl for any packages that support other things
>> (though annoyingly enough, debian/ubuntu went towards gnutls and the
>> redhat style distros went towards libnss - but that's a different
>> story).
>
> Hmm, good point. In that case Akshay will need to figure out how to
> deal with this some other way.

Or at least verify that it's not just a docu snafu - it might mean
"any external SSL library" or something like that.

--
 Magnus Hagander
 Me: http://www.hagander.net/
 Work: http://www.redpill-linpro.com/

Re: SSH Tunneling implementation

From
Akshay Joshi
Date:


On Mon, Jul 9, 2012 at 3:53 PM, Magnus Hagander <magnus@hagander.net> wrote:
On Mon, Jul 9, 2012 at 12:15 PM, Dave Page <dpage@pgadmin.org> wrote:
> On Mon, Jul 9, 2012 at 10:51 AM, Magnus Hagander <magnus@hagander.net> wrote:
>> On Mon, Jul 9, 2012 at 11:48 AM, Dave Page <dpage@pgadmin.org> wrote:
>>>
>>> We've never supported anything other than OpenSSL.
>>
>> For the direct linking. But the question here is what *libssh2* is
>> built against, not what pgadmin is linked against.
>>
>> If you require the entire system to be built against openssl, then the
>> feature won't work on Debian. Or Ubuntu. Or RedHat. Or Fedora. Or
>> SuSE. Or any derived distros. Because they all made the decision to
>> move away from openssl for any packages that support other things
>> (though annoyingly enough, debian/ubuntu went towards gnutls and the
>> redhat style distros went towards libnss - but that's a different
>> story).
>
> Hmm, good point. In that case Akshay will need to figure out how to
> deal with this some other way.

Or at least verify that it's not just a docu snafu - it might mean
"any external SSL library" or something like that.

   Unable to find the way to verify it. I haven't found prebuilt libssh2 library on my CentOS and Ubuntu.  

--
 Magnus Hagander
 Me: http://www.hagander.net/
 Work: http://www.redpill-linpro.com/



--
Akshay Joshi
Senior Software Engineer 
EnterpriseDB Corporation
The Enterprise PostgreSQL Company
Phone: +91 20-3058-9522
Mobile: +91 976-788-8246

Re: SSH Tunneling implementation

From
Magnus Hagander
Date:
On Mon, Jul 9, 2012 at 3:38 PM, Akshay Joshi
<akshay.joshi@enterprisedb.com> wrote:
>
>
> On Mon, Jul 9, 2012 at 3:53 PM, Magnus Hagander <magnus@hagander.net> wrote:
>>
>> On Mon, Jul 9, 2012 at 12:15 PM, Dave Page <dpage@pgadmin.org> wrote:
>> > On Mon, Jul 9, 2012 at 10:51 AM, Magnus Hagander <magnus@hagander.net>
>> > wrote:
>> >> On Mon, Jul 9, 2012 at 11:48 AM, Dave Page <dpage@pgadmin.org> wrote:
>> >>>
>> >>> We've never supported anything other than OpenSSL.
>> >>
>> >> For the direct linking. But the question here is what *libssh2* is
>> >> built against, not what pgadmin is linked against.
>> >>
>> >> If you require the entire system to be built against openssl, then the
>> >> feature won't work on Debian. Or Ubuntu. Or RedHat. Or Fedora. Or
>> >> SuSE. Or any derived distros. Because they all made the decision to
>> >> move away from openssl for any packages that support other things
>> >> (though annoyingly enough, debian/ubuntu went towards gnutls and the
>> >> redhat style distros went towards libnss - but that's a different
>> >> story).
>> >
>> > Hmm, good point. In that case Akshay will need to figure out how to
>> > deal with this some other way.
>>
>> Or at least verify that it's not just a docu snafu - it might mean
>> "any external SSL library" or something like that.
>
>
>    Unable to find the way to verify it. I haven't found prebuilt libssh2
> library on my CentOS and Ubuntu.

Really? On ubuntu (at least on 11.10), it's just "apt-get install
libssh2-1". Don't know about CentOS, but it seems strange if they
didn't have it.

--
 Magnus Hagander
 Me: http://www.hagander.net/
 Work: http://www.redpill-linpro.com/

Re: SSH Tunneling implementation

From
Dave Page
Date:
On Mon, Jul 9, 2012 at 2:38 PM, Akshay Joshi
<akshay.joshi@enterprisedb.com> wrote:
>
>
> On Mon, Jul 9, 2012 at 3:53 PM, Magnus Hagander <magnus@hagander.net> wrote:
>>
>> On Mon, Jul 9, 2012 at 12:15 PM, Dave Page <dpage@pgadmin.org> wrote:
>> > On Mon, Jul 9, 2012 at 10:51 AM, Magnus Hagander <magnus@hagander.net>
>> > wrote:
>> >> On Mon, Jul 9, 2012 at 11:48 AM, Dave Page <dpage@pgadmin.org> wrote:
>> >>>
>> >>> We've never supported anything other than OpenSSL.
>> >>
>> >> For the direct linking. But the question here is what *libssh2* is
>> >> built against, not what pgadmin is linked against.
>> >>
>> >> If you require the entire system to be built against openssl, then the
>> >> feature won't work on Debian. Or Ubuntu. Or RedHat. Or Fedora. Or
>> >> SuSE. Or any derived distros. Because they all made the decision to
>> >> move away from openssl for any packages that support other things
>> >> (though annoyingly enough, debian/ubuntu went towards gnutls and the
>> >> redhat style distros went towards libnss - but that's a different
>> >> story).
>> >
>> > Hmm, good point. In that case Akshay will need to figure out how to
>> > deal with this some other way.
>>
>> Or at least verify that it's not just a docu snafu - it might mean
>> "any external SSL library" or something like that.
>
>
>    Unable to find the way to verify it. I haven't found prebuilt libssh2
> library on my CentOS and Ubuntu.

I don't have Ubuntu to hand, but on RHEL 5 I see:

[dpage@dominion ~]$ yum search libssh2
Loaded plugins: fastestmirror
base
                          | 1.1 kB     00:00
base
                                       2725/2725
epel
                          | 3.4 kB     00:00
extras
                          | 2.1 kB     00:00
updates
                          | 1.9 kB     00:00
=================================================== Matched: libssh2
===================================================
libssh2.i386 : A library implementing the SSH2 protocol
libssh2-devel.i386 : Development files for libssh2
libssh2-docs.i386 : Documentation for libssh2

And on RHEL 6:

[dpage@sturgis ~]$ yum search libssh2
Loaded plugins: fastestmirror, priorities, security
Determining fastest mirrors
epel/metalink
                          |  18 kB     00:00
 * base: centos.mirror.transip.nl
 * epel: nl.mirror.eurid.eu
 * extras: mirrors.coreix.net
 * updates: mirrors.coreix.net
base
                          | 3.7 kB     00:00
epel
                          | 4.0 kB     00:00
epel/primary_db
                          | 4.6 MB     00:17
extras
                          | 3.5 kB     00:00
updates
                          | 3.5 kB     00:00
updates/primary_db
                          | 4.1 MB     00:18
================================================= N/S Matched: libssh2
=================================================
libssh2-devel.i686 : Development files for libssh2
libssh2-devel.x86_64 : Development files for libssh2
libssh2-docs.x86_64 : Documentation for libssh2
libssh2.i686 : A library implementing the SSH2 protocol
libssh2.x86_64 : A library implementing the SSH2 protocol
php-pecl-ssh2.x86_64 : Bindings for the libssh2 library

  Name and summary matches only, use "search all" for everything.


--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

Re: SSH Tunneling implementation

From
Dave Page
Date:
On Mon, Jul 9, 2012 at 2:41 PM, Dave Page <dpage@pgadmin.org> wrote:
> On Mon, Jul 9, 2012 at 2:38 PM, Akshay Joshi
> <akshay.joshi@enterprisedb.com> wrote:
>>
>>
>> On Mon, Jul 9, 2012 at 3:53 PM, Magnus Hagander <magnus@hagander.net> wrote:
>>>
>>> On Mon, Jul 9, 2012 at 12:15 PM, Dave Page <dpage@pgadmin.org> wrote:
>>> > On Mon, Jul 9, 2012 at 10:51 AM, Magnus Hagander <magnus@hagander.net>
>>> > wrote:
>>> >> On Mon, Jul 9, 2012 at 11:48 AM, Dave Page <dpage@pgadmin.org> wrote:
>>> >>>
>>> >>> We've never supported anything other than OpenSSL.
>>> >>
>>> >> For the direct linking. But the question here is what *libssh2* is
>>> >> built against, not what pgadmin is linked against.
>>> >>
>>> >> If you require the entire system to be built against openssl, then the
>>> >> feature won't work on Debian. Or Ubuntu. Or RedHat. Or Fedora. Or
>>> >> SuSE. Or any derived distros. Because they all made the decision to
>>> >> move away from openssl for any packages that support other things
>>> >> (though annoyingly enough, debian/ubuntu went towards gnutls and the
>>> >> redhat style distros went towards libnss - but that's a different
>>> >> story).
>>> >
>>> > Hmm, good point. In that case Akshay will need to figure out how to
>>> > deal with this some other way.
>>>
>>> Or at least verify that it's not just a docu snafu - it might mean
>>> "any external SSL library" or something like that.
>>
>>
>>    Unable to find the way to verify it. I haven't found prebuilt libssh2
>> library on my CentOS and Ubuntu.
>
> I don't have Ubuntu to hand, but on RHEL 5 I see:
>
> [dpage@dominion ~]$ yum search libssh2
> Loaded plugins: fastestmirror
> base
>                           | 1.1 kB     00:00
> base
>                                        2725/2725
> epel
>                           | 3.4 kB     00:00
> extras
>                           | 2.1 kB     00:00
> updates
>                           | 1.9 kB     00:00
> =================================================== Matched: libssh2
> ===================================================
> libssh2.i386 : A library implementing the SSH2 protocol
> libssh2-devel.i386 : Development files for libssh2
> libssh2-docs.i386 : Documentation for libssh2
>
> And on RHEL 6:
>
> [dpage@sturgis ~]$ yum search libssh2
> Loaded plugins: fastestmirror, priorities, security
> Determining fastest mirrors
> epel/metalink
>                           |  18 kB     00:00
>  * base: centos.mirror.transip.nl
>  * epel: nl.mirror.eurid.eu
>  * extras: mirrors.coreix.net
>  * updates: mirrors.coreix.net
> base
>                           | 3.7 kB     00:00
> epel
>                           | 4.0 kB     00:00
> epel/primary_db
>                           | 4.6 MB     00:17
> extras
>                           | 3.5 kB     00:00
> updates
>                           | 3.5 kB     00:00
> updates/primary_db
>                           | 4.1 MB     00:18
> ================================================= N/S Matched: libssh2
> =================================================
> libssh2-devel.i686 : Development files for libssh2
> libssh2-devel.x86_64 : Development files for libssh2
> libssh2-docs.x86_64 : Documentation for libssh2
> libssh2.i686 : A library implementing the SSH2 protocol
> libssh2.x86_64 : A library implementing the SSH2 protocol
> php-pecl-ssh2.x86_64 : Bindings for the libssh2 library
>
>   Name and summary matches only, use "search all" for everything.

Sorry, they were both CentOS, not RHEL.

--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

Re: SSH Tunneling implementation

From
Akshay Joshi
Date:
Hi 

I have tested libssh2 authentication by setting publickey parameter to NULL with prebuilt binaries which is compiled with other SSL library. Logic didn't work. We will have to provide publickey file as parameter if libssh2 compiled with other SSL library.
 
I have tried it on my Ubuntu 10.04.4 LTS machine. But the problem is when I have installed the prebuilt binaries, it installs 1.2.2 old version and the code is not compiled. Then I have copied the prebuilt binaries and required headers from Ubuntu 12 and found we will have to set the public key file.

Thoughts? Comments?

On Mon, Jul 9, 2012 at 7:12 PM, Dave Page <dpage@pgadmin.org> wrote:
On Mon, Jul 9, 2012 at 2:41 PM, Dave Page <dpage@pgadmin.org> wrote:
> On Mon, Jul 9, 2012 at 2:38 PM, Akshay Joshi
> <akshay.joshi@enterprisedb.com> wrote:
>>
>>
>> On Mon, Jul 9, 2012 at 3:53 PM, Magnus Hagander <magnus@hagander.net> wrote:
>>>
>>> On Mon, Jul 9, 2012 at 12:15 PM, Dave Page <dpage@pgadmin.org> wrote:
>>> > On Mon, Jul 9, 2012 at 10:51 AM, Magnus Hagander <magnus@hagander.net>
>>> > wrote:
>>> >> On Mon, Jul 9, 2012 at 11:48 AM, Dave Page <dpage@pgadmin.org> wrote:
>>> >>>
>>> >>> We've never supported anything other than OpenSSL.
>>> >>
>>> >> For the direct linking. But the question here is what *libssh2* is
>>> >> built against, not what pgadmin is linked against.
>>> >>
>>> >> If you require the entire system to be built against openssl, then the
>>> >> feature won't work on Debian. Or Ubuntu. Or RedHat. Or Fedora. Or
>>> >> SuSE. Or any derived distros. Because they all made the decision to
>>> >> move away from openssl for any packages that support other things
>>> >> (though annoyingly enough, debian/ubuntu went towards gnutls and the
>>> >> redhat style distros went towards libnss - but that's a different
>>> >> story).
>>> >
>>> > Hmm, good point. In that case Akshay will need to figure out how to
>>> > deal with this some other way.
>>>
>>> Or at least verify that it's not just a docu snafu - it might mean
>>> "any external SSL library" or something like that.
>>
>>
>>    Unable to find the way to verify it. I haven't found prebuilt libssh2
>> library on my CentOS and Ubuntu.
>
> I don't have Ubuntu to hand, but on RHEL 5 I see:
>
> [dpage@dominion ~]$ yum search libssh2
> Loaded plugins: fastestmirror
> base
>                           | 1.1 kB     00:00
> base
>                                        2725/2725
> epel
>                           | 3.4 kB     00:00
> extras
>                           | 2.1 kB     00:00
> updates
>                           | 1.9 kB     00:00
> =================================================== Matched: libssh2
> ===================================================
> libssh2.i386 : A library implementing the SSH2 protocol
> libssh2-devel.i386 : Development files for libssh2
> libssh2-docs.i386 : Documentation for libssh2
>
> And on RHEL 6:
>
> [dpage@sturgis ~]$ yum search libssh2
> Loaded plugins: fastestmirror, priorities, security
> Determining fastest mirrors
> epel/metalink
>                           |  18 kB     00:00
>  * base: centos.mirror.transip.nl
>  * epel: nl.mirror.eurid.eu
>  * extras: mirrors.coreix.net
>  * updates: mirrors.coreix.net
> base
>                           | 3.7 kB     00:00
> epel
>                           | 4.0 kB     00:00
> epel/primary_db
>                           | 4.6 MB     00:17
> extras
>                           | 3.5 kB     00:00
> updates
>                           | 3.5 kB     00:00
> updates/primary_db
>                           | 4.1 MB     00:18
> ================================================= N/S Matched: libssh2
> =================================================
> libssh2-devel.i686 : Development files for libssh2
> libssh2-devel.x86_64 : Development files for libssh2
> libssh2-docs.x86_64 : Documentation for libssh2
> libssh2.i686 : A library implementing the SSH2 protocol
> libssh2.x86_64 : A library implementing the SSH2 protocol
> php-pecl-ssh2.x86_64 : Bindings for the libssh2 library
>
>   Name and summary matches only, use "search all" for everything.

Sorry, they were both CentOS, not RHEL.

--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company



--
Akshay Joshi
Senior Software Engineer 
EnterpriseDB Corporation
The Enterprise PostgreSQL Company
Phone: +91 20-3058-9522
Mobile: +91 976-788-8246

Re: SSH Tunneling implementation

From
Magnus Hagander
Date:
Can we identify which version of libssh is required, and have a
configure check for it? AFAICT they are all on 1.2 until the *next*
release - so is it really something that breaks on just a minor
version? If so, we really need a configure check for it.

I think it's ok to say that we can't build with that feature on 10.04
(assuming we can find a configure test for it). less sure about
something that's less than a year old such as 11.10.

//Magnus

On Tue, Jul 10, 2012 at 12:19 PM, Akshay Joshi
<akshay.joshi@enterprisedb.com> wrote:
> Hi
>
> I have tested libssh2 authentication by setting publickey parameter to NULL
> with prebuilt binaries which is compiled with other SSL library. Logic
> didn't work. We will have to provide publickey file as parameter if libssh2
> compiled with other SSL library.
>
> I have tried it on my Ubuntu 10.04.4 LTS machine. But the problem is when I
> have installed the prebuilt binaries, it installs 1.2.2 old version and the
> code is not compiled. Then I have copied the prebuilt binaries and required
> headers from Ubuntu 12 and found we will have to set the public key file.
>
> Thoughts? Comments?
>
> On Mon, Jul 9, 2012 at 7:12 PM, Dave Page <dpage@pgadmin.org> wrote:
>>
>> On Mon, Jul 9, 2012 at 2:41 PM, Dave Page <dpage@pgadmin.org> wrote:
>> > On Mon, Jul 9, 2012 at 2:38 PM, Akshay Joshi
>> > <akshay.joshi@enterprisedb.com> wrote:
>> >>
>> >>
>> >> On Mon, Jul 9, 2012 at 3:53 PM, Magnus Hagander <magnus@hagander.net>
>> >> wrote:
>> >>>
>> >>> On Mon, Jul 9, 2012 at 12:15 PM, Dave Page <dpage@pgadmin.org> wrote:
>> >>> > On Mon, Jul 9, 2012 at 10:51 AM, Magnus Hagander
>> >>> > <magnus@hagander.net>
>> >>> > wrote:
>> >>> >> On Mon, Jul 9, 2012 at 11:48 AM, Dave Page <dpage@pgadmin.org>
>> >>> >> wrote:
>> >>> >>>
>> >>> >>> We've never supported anything other than OpenSSL.
>> >>> >>
>> >>> >> For the direct linking. But the question here is what *libssh2* is
>> >>> >> built against, not what pgadmin is linked against.
>> >>> >>
>> >>> >> If you require the entire system to be built against openssl, then
>> >>> >> the
>> >>> >> feature won't work on Debian. Or Ubuntu. Or RedHat. Or Fedora. Or
>> >>> >> SuSE. Or any derived distros. Because they all made the decision to
>> >>> >> move away from openssl for any packages that support other things
>> >>> >> (though annoyingly enough, debian/ubuntu went towards gnutls and
>> >>> >> the
>> >>> >> redhat style distros went towards libnss - but that's a different
>> >>> >> story).
>> >>> >
>> >>> > Hmm, good point. In that case Akshay will need to figure out how to
>> >>> > deal with this some other way.
>> >>>
>> >>> Or at least verify that it's not just a docu snafu - it might mean
>> >>> "any external SSL library" or something like that.
>> >>
>> >>
>> >>    Unable to find the way to verify it. I haven't found prebuilt
>> >> libssh2
>> >> library on my CentOS and Ubuntu.
>> >
>> > I don't have Ubuntu to hand, but on RHEL 5 I see:
>> >
>> > [dpage@dominion ~]$ yum search libssh2
>> > Loaded plugins: fastestmirror
>> > base
>> >                           | 1.1 kB     00:00
>> > base
>> >                                        2725/2725
>> > epel
>> >                           | 3.4 kB     00:00
>> > extras
>> >                           | 2.1 kB     00:00
>> > updates
>> >                           | 1.9 kB     00:00
>> > =================================================== Matched: libssh2
>> > ===================================================
>> > libssh2.i386 : A library implementing the SSH2 protocol
>> > libssh2-devel.i386 : Development files for libssh2
>> > libssh2-docs.i386 : Documentation for libssh2
>> >
>> > And on RHEL 6:
>> >
>> > [dpage@sturgis ~]$ yum search libssh2
>> > Loaded plugins: fastestmirror, priorities, security
>> > Determining fastest mirrors
>> > epel/metalink
>> >                           |  18 kB     00:00
>> >  * base: centos.mirror.transip.nl
>> >  * epel: nl.mirror.eurid.eu
>> >  * extras: mirrors.coreix.net
>> >  * updates: mirrors.coreix.net
>> > base
>> >                           | 3.7 kB     00:00
>> > epel
>> >                           | 4.0 kB     00:00
>> > epel/primary_db
>> >                           | 4.6 MB     00:17
>> > extras
>> >                           | 3.5 kB     00:00
>> > updates
>> >                           | 3.5 kB     00:00
>> > updates/primary_db
>> >                           | 4.1 MB     00:18
>> > ================================================= N/S Matched: libssh2
>> > =================================================
>> > libssh2-devel.i686 : Development files for libssh2
>> > libssh2-devel.x86_64 : Development files for libssh2
>> > libssh2-docs.x86_64 : Documentation for libssh2
>> > libssh2.i686 : A library implementing the SSH2 protocol
>> > libssh2.x86_64 : A library implementing the SSH2 protocol
>> > php-pecl-ssh2.x86_64 : Bindings for the libssh2 library
>> >
>> >   Name and summary matches only, use "search all" for everything.
>>
>> Sorry, they were both CentOS, not RHEL.
>>
>> --
>> Dave Page
>> Blog: http://pgsnake.blogspot.com
>> Twitter: @pgsnake
>>
>> EnterpriseDB UK: http://www.enterprisedb.com
>> The Enterprise PostgreSQL Company
>
>
>
>
> --
> Akshay Joshi
> Senior Software Engineer
> EnterpriseDB Corporation
> The Enterprise PostgreSQL Company
> Phone: +91 20-3058-9522
> Mobile: +91 976-788-8246
>

Re: SSH Tunneling implementation

From
Dave Page
Date:
On Tue, Jul 10, 2012 at 11:39 AM, Magnus Hagander <magnus@hagander.net> wrote:
> Can we identify which version of libssh is required, and have a
> configure check for it? AFAICT they are all on 1.2 until the *next*
> release - so is it really something that breaks on just a minor
> version? If so, we really need a configure check for it.
>
> I think it's ok to say that we can't build with that feature on 10.04
> (assuming we can find a configure test for it). less sure about
> something that's less than a year old such as 11.10.

Yeah, that seems reasonable. I'd also suggest pinging the libssh2
mailing lists to see if there's another API that you've missed, or if
they can explain why it's necessary to provide the public key and
private one.

So... something to think about in parallel with that; if we cannot
deal with this cleanly using libssh2, should we go back to the
original plan that Akshay and I discussed privately, which was to have
pgAdmin spawn ssh (or putty on Windows) processes to provide the
tunnels?

--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

Re: SSH Tunneling implementation

From
Magnus Hagander
Date:
On Tue, Jul 10, 2012 at 12:52 PM, Dave Page <dpage@pgadmin.org> wrote:
> On Tue, Jul 10, 2012 at 11:39 AM, Magnus Hagander <magnus@hagander.net> wrote:
>> Can we identify which version of libssh is required, and have a
>> configure check for it? AFAICT they are all on 1.2 until the *next*
>> release - so is it really something that breaks on just a minor
>> version? If so, we really need a configure check for it.
>>
>> I think it's ok to say that we can't build with that feature on 10.04
>> (assuming we can find a configure test for it). less sure about
>> something that's less than a year old such as 11.10.
>
> Yeah, that seems reasonable. I'd also suggest pinging the libssh2
> mailing lists to see if there's another API that you've missed, or if
> they can explain why it's necessary to provide the public key and
> private one.
>
> So... something to think about in parallel with that; if we cannot
> deal with this cleanly using libssh2, should we go back to the
> original plan that Akshay and I discussed privately, which was to have
> pgAdmin spawn ssh (or putty on Windows) processes to provide the
> tunnels?

Ugh. That seems pretty painful. Particularly on windows where you're
going to end up with an actual window (whether hidden or not). I'd
definitely suggest putting more effort into getting it working with
libssh2 first. Absolute worst-case, maybe embed a verison of libssh
inside pgadmin and use static linking until we hit more modern
platforms? I don't believe it's that big...

(But yes, first try the list for it. And if you don't get responses
there (at all), let me know and I'll bug some of the people - while I
haven't used it myself, I do know at least one of those developers
pretty well)

--
 Magnus Hagander
 Me: http://www.hagander.net/
 Work: http://www.redpill-linpro.com/

Re: SSH Tunneling implementation

From
Dave Page
Date:
On Tue, Jul 10, 2012 at 11:57 AM, Magnus Hagander <magnus@hagander.net> wrote:
> On Tue, Jul 10, 2012 at 12:52 PM, Dave Page <dpage@pgadmin.org> wrote:
>> On Tue, Jul 10, 2012 at 11:39 AM, Magnus Hagander <magnus@hagander.net> wrote:
>>> Can we identify which version of libssh is required, and have a
>>> configure check for it? AFAICT they are all on 1.2 until the *next*
>>> release - so is it really something that breaks on just a minor
>>> version? If so, we really need a configure check for it.
>>>
>>> I think it's ok to say that we can't build with that feature on 10.04
>>> (assuming we can find a configure test for it). less sure about
>>> something that's less than a year old such as 11.10.
>>
>> Yeah, that seems reasonable. I'd also suggest pinging the libssh2
>> mailing lists to see if there's another API that you've missed, or if
>> they can explain why it's necessary to provide the public key and
>> private one.
>>
>> So... something to think about in parallel with that; if we cannot
>> deal with this cleanly using libssh2, should we go back to the
>> original plan that Akshay and I discussed privately, which was to have
>> pgAdmin spawn ssh (or putty on Windows) processes to provide the
>> tunnels?
>
> Ugh. That seems pretty painful. Particularly on windows where you're
> going to end up with an actual window (whether hidden or not).

It's ugly, but not necessarily painful. We have existing code for
finding executables and running them. And putty does have a tunnel app
which is (I believe), windowless.

> I'd
> definitely suggest putting more effort into getting it working with
> libssh2 first. Absolute worst-case, maybe embed a verison of libssh
> inside pgadmin and use static linking until we hit more modern
> platforms? I don't believe it's that big...

Right - and the licence is agreeable. At least that way we could more
easily tell what encryption library we're using, and show/hide the
public key option as appropriate.

> (But yes, first try the list for it. And if you don't get responses
> there (at all), let me know and I'll bug some of the people - while I
> haven't used it myself, I do know at least one of those developers
> pretty well)

Oh, you do? Handy...

--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

Re: SSH Tunneling implementation

From
Akshay Joshi
Date:
Hi 

I have added the configure check for libssh2 version greater than 1.2.7. I'll also post the issue on mailing list.

On Tue, Jul 10, 2012 at 4:33 PM, Dave Page <dpage@pgadmin.org> wrote:
On Tue, Jul 10, 2012 at 11:57 AM, Magnus Hagander <magnus@hagander.net> wrote:
> On Tue, Jul 10, 2012 at 12:52 PM, Dave Page <dpage@pgadmin.org> wrote:
>> On Tue, Jul 10, 2012 at 11:39 AM, Magnus Hagander <magnus@hagander.net> wrote:
>>> Can we identify which version of libssh is required, and have a
>>> configure check for it? AFAICT they are all on 1.2 until the *next*
>>> release - so is it really something that breaks on just a minor
>>> version? If so, we really need a configure check for it.
>>>
>>> I think it's ok to say that we can't build with that feature on 10.04
>>> (assuming we can find a configure test for it). less sure about
>>> something that's less than a year old such as 11.10.
>>
>> Yeah, that seems reasonable. I'd also suggest pinging the libssh2
>> mailing lists to see if there's another API that you've missed, or if
>> they can explain why it's necessary to provide the public key and
>> private one.
>>
>> So... something to think about in parallel with that; if we cannot
>> deal with this cleanly using libssh2, should we go back to the
>> original plan that Akshay and I discussed privately, which was to have
>> pgAdmin spawn ssh (or putty on Windows) processes to provide the
>> tunnels?
>
> Ugh. That seems pretty painful. Particularly on windows where you're
> going to end up with an actual window (whether hidden or not).

It's ugly, but not necessarily painful. We have existing code for
finding executables and running them. And putty does have a tunnel app
which is (I believe), windowless.

> I'd
> definitely suggest putting more effort into getting it working with
> libssh2 first. Absolute worst-case, maybe embed a verison of libssh
> inside pgadmin and use static linking until we hit more modern
> platforms? I don't believe it's that big...

Right - and the licence is agreeable. At least that way we could more
easily tell what encryption library we're using, and show/hide the
public key option as appropriate.

> (But yes, first try the list for it. And if you don't get responses
> there (at all), let me know and I'll bug some of the people - while I
> haven't used it myself, I do know at least one of those developers
> pretty well)

Oh, you do? Handy...

--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company



--
Akshay Joshi
Senior Software Engineer 
EnterpriseDB Corporation
The Enterprise PostgreSQL Company
Phone: +91 20-3058-9522
Mobile: +91 976-788-8246

Re: SSH Tunneling implementation

From
Ashesh Vashi
Date:
On Tue, Jul 10, 2012 at 4:33 PM, Dave Page <dpage@pgadmin.org> wrote:
On Tue, Jul 10, 2012 at 11:57 AM, Magnus Hagander <magnus@hagander.net> wrote:
> On Tue, Jul 10, 2012 at 12:52 PM, Dave Page <dpage@pgadmin.org> wrote:
>> On Tue, Jul 10, 2012 at 11:39 AM, Magnus Hagander <magnus@hagander.net> wrote:
>>> Can we identify which version of libssh is required, and have a
>>> configure check for it? AFAICT they are all on 1.2 until the *next*
>>> release - so is it really something that breaks on just a minor
>>> version? If so, we really need a configure check for it.
>>>
>>> I think it's ok to say that we can't build with that feature on 10.04
>>> (assuming we can find a configure test for it). less sure about
>>> something that's less than a year old such as 11.10.
>>
>> Yeah, that seems reasonable. I'd also suggest pinging the libssh2
>> mailing lists to see if there's another API that you've missed, or if
>> they can explain why it's necessary to provide the public key and
>> private one.
>>
>> So... something to think about in parallel with that; if we cannot
>> deal with this cleanly using libssh2, should we go back to the
>> original plan that Akshay and I discussed privately, which was to have
>> pgAdmin spawn ssh (or putty on Windows) processes to provide the
>> tunnels?
>
> Ugh. That seems pretty painful. Particularly on windows where you're
> going to end up with an actual window (whether hidden or not).

It's ugly, but not necessarily painful. We have existing code for
finding executables and running them. And putty does have a tunnel app
which is (I believe), windowless.
Why are we talking about using the external application here?
The only problem with the current implementation - is that it does use new APIs for tunneling.
We can change the implementation based on the current supplied libssh2 on most linux flavours.
i.e. libssh2 - 1.2.7 or later

I have asked Akshay to check - if we can modify the current implementation to use the older version of libssh2. (feasibility)

-- 

Thanks & Regards,

Ashesh Vashi
EnterpriseDB INDIA: 
Enterprise PostgreSQL Company


http://www.linkedin.com/in/asheshvashi


> I'd
> definitely suggest putting more effort into getting it working with
> libssh2 first. Absolute worst-case, maybe embed a verison of libssh
> inside pgadmin and use static linking until we hit more modern
> platforms? I don't believe it's that big...

Right - and the licence is agreeable. At least that way we could more
easily tell what encryption library we're using, and show/hide the
public key option as appropriate.

> (But yes, first try the list for it. And if you don't get responses
> there (at all), let me know and I'll bug some of the people - while I
> haven't used it myself, I do know at least one of those developers
> pretty well)

Oh, you do? Handy...

--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

--
Sent via pgadmin-hackers mailing list (pgadmin-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgadmin-hackers

Re: SSH Tunneling implementation

From
Dave Page
Date:


On Tue, Jul 10, 2012 at 12:35 PM, Ashesh Vashi <ashesh.vashi@enterprisedb.com> wrote:

Why are we talking about using the external application here?

Because I suggested giving it some thought in case it turns out we have no other option.
 
The only problem with the current implementation - is that it does use new APIs for tunneling.
We can change the implementation based on the current supplied libssh2 on most linux flavours.
i.e. libssh2 - 1.2.7 or later

I have asked Akshay to check - if we can modify the current implementation to use the older version of libssh2. (feasibility)

I've already asked him to investigate whether there is another API that may be used that he may have missed. Only supporting old versions of libssh2 is unacceptable though - we need to support current versions, and ideally older ones as well for compatibility with Ubuntu/Debian/RHEL etc.

--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

Re: SSH Tunneling implementation

From
Akshay Joshi
Date:


On Tue, Jul 10, 2012 at 5:16 PM, Dave Page <dpage@pgadmin.org> wrote:


On Tue, Jul 10, 2012 at 12:35 PM, Ashesh Vashi <ashesh.vashi@enterprisedb.com> wrote:

Why are we talking about using the external application here?

Because I suggested giving it some thought in case it turns out we have no other option.
 
The only problem with the current implementation - is that it does use new APIs for tunneling.
We can change the implementation based on the current supplied libssh2 on most linux flavours.
i.e. libssh2 - 1.2.7 or later

I have asked Akshay to check - if we can modify the current implementation to use the older version of libssh2. (feasibility)

I've already asked him to investigate whether there is another API that may be used that he may have missed. Only supporting old versions of libssh2 is unacceptable though - we need to support current versions, and ideally older ones as well for compatibility with Ubuntu/Debian/RHEL etc.

   I have investigated, there are two functions libssh2_session_handshake and libssh2_exit() which is not available in the older versions. 
   libssh2_session_handshake() is replacement function to libssh2_session_startup()(deprecated) which was added in the version 1.2.8 and
   libssh2_exist() was added in the version 1.2.5. So to provide backward compatibility we can perform the function check instead of configure
   check and will add appropriate macros to build it properly. 
   
   Thought??Comments?  

--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company




--
Akshay Joshi
Senior Software Engineer 
EnterpriseDB Corporation
The Enterprise PostgreSQL Company
Phone: +91 20-3058-9522
Mobile: +91 976-788-8246

Re: SSH Tunneling implementation

From
Magnus Hagander
Date:
On Tue, Jul 10, 2012 at 2:19 PM, Akshay Joshi
<akshay.joshi@enterprisedb.com> wrote:
>
>
> On Tue, Jul 10, 2012 at 5:16 PM, Dave Page <dpage@pgadmin.org> wrote:
>>
>>
>>
>> On Tue, Jul 10, 2012 at 12:35 PM, Ashesh Vashi
>> <ashesh.vashi@enterprisedb.com> wrote:
>>>>
>>>>
>>> Why are we talking about using the external application here?
>>
>>
>> Because I suggested giving it some thought in case it turns out we have no
>> other option.
>>
>>>
>>> The only problem with the current implementation - is that it does use
>>> new APIs for tunneling.
>>> We can change the implementation based on the current supplied libssh2 on
>>> most linux flavours.
>>> i.e. libssh2 - 1.2.7 or later
>>>
>>> I have asked Akshay to check - if we can modify the current
>>> implementation to use the older version of libssh2. (feasibility)
>>
>>
>> I've already asked him to investigate whether there is another API that
>> may be used that he may have missed. Only supporting old versions of libssh2
>> is unacceptable though - we need to support current versions, and ideally
>> older ones as well for compatibility with Ubuntu/Debian/RHEL etc.
>
>
>    I have investigated, there are two functions libssh2_session_handshake
> and libssh2_exit() which is not available in the older versions.
>    libssh2_session_handshake() is replacement function to
> libssh2_session_startup()(deprecated) which was added in the version 1.2.8
> and
>    libssh2_exist() was added in the version 1.2.5. So to provide backward
> compatibility we can perform the function check instead of configure
>    check and will add appropriate macros to build it properly.
>
>    Thought??Comments?

Uh, I'm not sure what you mean with "function check instead of
configure check". You mean trying to load the function at runtime,
with dlopen() and friends? I guess we could, but I don't think pgadmin
has any functionality for that today, so it's going to bring in a fair
amount of platform specific code, isn't it? But if it's not too
complicated, it seems like a good choice.

--
 Magnus Hagander
 Me: http://www.hagander.net/
 Work: http://www.redpill-linpro.com/

Re: SSH Tunneling implementation

From
Ashesh Vashi
Date:
On Tue, Jul 10, 2012 at 5:56 PM, Magnus Hagander <magnus@hagander.net> wrote:
On Tue, Jul 10, 2012 at 2:19 PM, Akshay Joshi
<akshay.joshi@enterprisedb.com> wrote:
>
>
> On Tue, Jul 10, 2012 at 5:16 PM, Dave Page <dpage@pgadmin.org> wrote:
>>
>>
>>
>> On Tue, Jul 10, 2012 at 12:35 PM, Ashesh Vashi
>> <ashesh.vashi@enterprisedb.com> wrote:
>>>>
>>>>
>>> Why are we talking about using the external application here?
>>
>>
>> Because I suggested giving it some thought in case it turns out we have no
>> other option.
>>
>>>
>>> The only problem with the current implementation - is that it does use
>>> new APIs for tunneling.
>>> We can change the implementation based on the current supplied libssh2 on
>>> most linux flavours.
>>> i.e. libssh2 - 1.2.7 or later
>>>
>>> I have asked Akshay to check - if we can modify the current
>>> implementation to use the older version of libssh2. (feasibility)
>>
>>
>> I've already asked him to investigate whether there is another API that
>> may be used that he may have missed. Only supporting old versions of libssh2
>> is unacceptable though - we need to support current versions, and ideally
>> older ones as well for compatibility with Ubuntu/Debian/RHEL etc.
>
>
>    I have investigated, there are two functions libssh2_session_handshake
> and libssh2_exit() which is not available in the older versions.
>    libssh2_session_handshake() is replacement function to
> libssh2_session_startup()(deprecated) which was added in the version 1.2.8
> and
>    libssh2_exist() was added in the version 1.2.5. So to provide backward
> compatibility we can perform the function check instead of configure
>    check and will add appropriate macros to build it properly.
>
>    Thought??Comments?

Uh, I'm not sure what you mean with "function check instead of
configure check". You mean trying to load the function at runtime,
with dlopen() and friends? I guess we could, but I don't think pgadmin
has any functionality for that today, so it's going to bring in a fair
amount of platform specific code, isn't it? But if it's not too
complicated, it seems like a good choice.
He means to say - check function check at configuration.
i.e.
A lot of system does not have snprintf supported so a lot of packages check existence of it at configuration and define  HAVE_SNPRINTF  macros.

--

Thanks & Regards,

Ashesh Vashi
EnterpriseDB INDIA: 
Enterprise PostgreSQL Company

 

http://www.linkedin.com/in/asheshvashi



--
 Magnus Hagander
 Me: http://www.hagander.net/
 Work: http://www.redpill-linpro.com/

Re: SSH Tunneling implementation

From
Magnus Hagander
Date:
On Tue, Jul 10, 2012 at 2:30 PM, Ashesh Vashi <ashesh.vashi@enterprisedb.com> wrote:
On Tue, Jul 10, 2012 at 5:56 PM, Magnus Hagander <magnus@hagander.net> wrote:
On Tue, Jul 10, 2012 at 2:19 PM, Akshay Joshi
<akshay.joshi@enterprisedb.com> wrote:
>
>
> On Tue, Jul 10, 2012 at 5:16 PM, Dave Page <dpage@pgadmin.org> wrote:
>>
>>
>>
>> On Tue, Jul 10, 2012 at 12:35 PM, Ashesh Vashi
>> <ashesh.vashi@enterprisedb.com> wrote:
>>>>
>>>>
>>> Why are we talking about using the external application here?
>>
>>
>> Because I suggested giving it some thought in case it turns out we have no
>> other option.
>>
>>>
>>> The only problem with the current implementation - is that it does use
>>> new APIs for tunneling.
>>> We can change the implementation based on the current supplied libssh2 on
>>> most linux flavours.
>>> i.e. libssh2 - 1.2.7 or later
>>>
>>> I have asked Akshay to check - if we can modify the current
>>> implementation to use the older version of libssh2. (feasibility)
>>
>>
>> I've already asked him to investigate whether there is another API that
>> may be used that he may have missed. Only supporting old versions of libssh2
>> is unacceptable though - we need to support current versions, and ideally
>> older ones as well for compatibility with Ubuntu/Debian/RHEL etc.
>
>
>    I have investigated, there are two functions libssh2_session_handshake
> and libssh2_exit() which is not available in the older versions.
>    libssh2_session_handshake() is replacement function to
> libssh2_session_startup()(deprecated) which was added in the version 1.2.8
> and
>    libssh2_exist() was added in the version 1.2.5. So to provide backward
> compatibility we can perform the function check instead of configure
>    check and will add appropriate macros to build it properly.
>
>    Thought??Comments?

Uh, I'm not sure what you mean with "function check instead of
configure check". You mean trying to load the function at runtime,
with dlopen() and friends? I guess we could, but I don't think pgadmin
has any functionality for that today, so it's going to bring in a fair
amount of platform specific code, isn't it? But if it's not too
complicated, it seems like a good choice.
He means to say - check function check at configuration.
i.e.
A lot of system does not have snprintf supported so a lot of packages check existence of it at configuration and define  HAVE_SNPRINTF  macros.


Oh, that's what I would've called a configure check :) In that case, +1 for that since it's clearly the simplest way of getting it done.


--
 Magnus Hagander
 Me: http://www.hagander.net/
 Work: http://www.redpill-linpro.com/

Re: SSH Tunneling implementation

From
Akshay Joshi
Date:


On Tue, Jul 10, 2012 at 4:22 PM, Dave Page <dpage@pgadmin.org> wrote:
On Tue, Jul 10, 2012 at 11:39 AM, Magnus Hagander <magnus@hagander.net> wrote:
> Can we identify which version of libssh is required, and have a
> configure check for it? AFAICT they are all on 1.2 until the *next*
> release - so is it really something that breaks on just a minor
> version? If so, we really need a configure check for it.
>
> I think it's ok to say that we can't build with that feature on 10.04
> (assuming we can find a configure test for it). less sure about
> something that's less than a year old such as 11.10.

Yeah, that seems reasonable. I'd also suggest pinging the libssh2
mailing lists to see if there's another API that you've missed, or if
they can explain why it's necessary to provide the public key and
private one.

  I have posted the problem on libssh2 mailing list and below is the response that I received from Daniel Stenberg 
   
  "Any other SSL library" would be another crypto library to be strict, as we  don't use SSL... That only other crypto library 
   we support in libssh2 is gcrypt. It just happens that nobody has written the necessary code in libssh2 to allow this
   operation with that backend. Feel free to step forward and help us remove this annoying difference in functionality
   depending on backend crypto lib! 

So... something to think about in parallel with that; if we cannot
deal with this cleanly using libssh2, should we go back to the
original plan that Akshay and I discussed privately, which was to have
pgAdmin spawn ssh (or putty on Windows) processes to provide the
tunnels?

--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company



--
Akshay Joshi
Senior Software Engineer 
EnterpriseDB Corporation
The Enterprise PostgreSQL Company
Phone: +91 20-3058-9522
Mobile: +91 976-788-8246

Re: SSH Tunneling implementation

From
Dave Page
Date:


On Tue, Jul 10, 2012 at 1:31 PM, Magnus Hagander <magnus@hagander.net> wrote:
On Tue, Jul 10, 2012 at 2:30 PM, Ashesh Vashi <ashesh.vashi@enterprisedb.com> wrote:
On Tue, Jul 10, 2012 at 5:56 PM, Magnus Hagander <magnus@hagander.net> wrote:
On Tue, Jul 10, 2012 at 2:19 PM, Akshay Joshi
<akshay.joshi@enterprisedb.com> wrote:
>
>
> On Tue, Jul 10, 2012 at 5:16 PM, Dave Page <dpage@pgadmin.org> wrote:
>>
>>
>>
>> On Tue, Jul 10, 2012 at 12:35 PM, Ashesh Vashi
>> <ashesh.vashi@enterprisedb.com> wrote:
>>>>
>>>>
>>> Why are we talking about using the external application here?
>>
>>
>> Because I suggested giving it some thought in case it turns out we have no
>> other option.
>>
>>>
>>> The only problem with the current implementation - is that it does use
>>> new APIs for tunneling.
>>> We can change the implementation based on the current supplied libssh2 on
>>> most linux flavours.
>>> i.e. libssh2 - 1.2.7 or later
>>>
>>> I have asked Akshay to check - if we can modify the current
>>> implementation to use the older version of libssh2. (feasibility)
>>
>>
>> I've already asked him to investigate whether there is another API that
>> may be used that he may have missed. Only supporting old versions of libssh2
>> is unacceptable though - we need to support current versions, and ideally
>> older ones as well for compatibility with Ubuntu/Debian/RHEL etc.
>
>
>    I have investigated, there are two functions libssh2_session_handshake
> and libssh2_exit() which is not available in the older versions.
>    libssh2_session_handshake() is replacement function to
> libssh2_session_startup()(deprecated) which was added in the version 1.2.8
> and
>    libssh2_exist() was added in the version 1.2.5. So to provide backward
> compatibility we can perform the function check instead of configure
>    check and will add appropriate macros to build it properly.
>
>    Thought??Comments?

Uh, I'm not sure what you mean with "function check instead of
configure check". You mean trying to load the function at runtime,
with dlopen() and friends? I guess we could, but I don't think pgadmin
has any functionality for that today, so it's going to bring in a fair
amount of platform specific code, isn't it? But if it's not too
complicated, it seems like a good choice.
He means to say - check function check at configuration.
i.e.
A lot of system does not have snprintf supported so a lot of packages check existence of it at configuration and define  HAVE_SNPRINTF  macros.


Oh, that's what I would've called a configure check :) In that case, +1 for that since it's clearly the simplest way of getting it done.


Yeah. Well, that should solve the version compatibility issue, but we still want to find out if there's a different API to use to avoid the need for a public key. Probably best to try to answer that first, in case it means approaching things differently.

BTW; according to the libssh2 website I just read, it supports OpenSSL and gcrypt, so I guess there won't be builds out there using libnss or gnutls.


--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

Re: SSH Tunneling implementation

From
Magnus Hagander
Date:
On Tue, Jul 10, 2012 at 2:34 PM, Dave Page <dpage@pgadmin.org> wrote:


On Tue, Jul 10, 2012 at 1:31 PM, Magnus Hagander <magnus@hagander.net> wrote:
On Tue, Jul 10, 2012 at 2:30 PM, Ashesh Vashi <ashesh.vashi@enterprisedb.com> wrote:
On Tue, Jul 10, 2012 at 5:56 PM, Magnus Hagander <magnus@hagander.net> wrote:
On Tue, Jul 10, 2012 at 2:19 PM, Akshay Joshi
<akshay.joshi@enterprisedb.com> wrote:
>
>
> On Tue, Jul 10, 2012 at 5:16 PM, Dave Page <dpage@pgadmin.org> wrote:
>>
>>
>>
>> On Tue, Jul 10, 2012 at 12:35 PM, Ashesh Vashi
>> <ashesh.vashi@enterprisedb.com> wrote:
>>>>
>>>>
>>> Why are we talking about using the external application here?
>>
>>
>> Because I suggested giving it some thought in case it turns out we have no
>> other option.
>>
>>>
>>> The only problem with the current implementation - is that it does use
>>> new APIs for tunneling.
>>> We can change the implementation based on the current supplied libssh2 on
>>> most linux flavours.
>>> i.e. libssh2 - 1.2.7 or later
>>>
>>> I have asked Akshay to check - if we can modify the current
>>> implementation to use the older version of libssh2. (feasibility)
>>
>>
>> I've already asked him to investigate whether there is another API that
>> may be used that he may have missed. Only supporting old versions of libssh2
>> is unacceptable though - we need to support current versions, and ideally
>> older ones as well for compatibility with Ubuntu/Debian/RHEL etc.
>
>
>    I have investigated, there are two functions libssh2_session_handshake
> and libssh2_exit() which is not available in the older versions.
>    libssh2_session_handshake() is replacement function to
> libssh2_session_startup()(deprecated) which was added in the version 1.2.8
> and
>    libssh2_exist() was added in the version 1.2.5. So to provide backward
> compatibility we can perform the function check instead of configure
>    check and will add appropriate macros to build it properly.
>
>    Thought??Comments?

Uh, I'm not sure what you mean with "function check instead of
configure check". You mean trying to load the function at runtime,
with dlopen() and friends? I guess we could, but I don't think pgadmin
has any functionality for that today, so it's going to bring in a fair
amount of platform specific code, isn't it? But if it's not too
complicated, it seems like a good choice.
He means to say - check function check at configuration.
i.e.
A lot of system does not have snprintf supported so a lot of packages check existence of it at configuration and define  HAVE_SNPRINTF  macros.


Oh, that's what I would've called a configure check :) In that case, +1 for that since it's clearly the simplest way of getting it done.


Yeah. Well, that should solve the version compatibility issue, but we still want to find out if there's a different API to use to avoid the need for a public key. Probably best to try to answer that first, in case it means approaching things differently.

BTW; according to the libssh2 website I just read, it supports OpenSSL and gcrypt, so I guess there won't be builds out there using libnss or gnutls.

You'd think so, but there is. My libssh2 package depends on libgcrypt11, which is from GnuTLS.

But I guess they must be using just the "openssl compatibility layer" in gnutls. Which isn't very good for SSL, but probably enough for the pure crypto functions which is what they use.

Re: SSH Tunneling implementation

From
Dave Page
Date:
On Tue, Jul 10, 2012 at 1:32 PM, Akshay Joshi
<akshay.joshi@enterprisedb.com> wrote:
>
>
> On Tue, Jul 10, 2012 at 4:22 PM, Dave Page <dpage@pgadmin.org> wrote:
>>
>> On Tue, Jul 10, 2012 at 11:39 AM, Magnus Hagander <magnus@hagander.net>
>> wrote:
>> > Can we identify which version of libssh is required, and have a
>> > configure check for it? AFAICT they are all on 1.2 until the *next*
>> > release - so is it really something that breaks on just a minor
>> > version? If so, we really need a configure check for it.
>> >
>> > I think it's ok to say that we can't build with that feature on 10.04
>> > (assuming we can find a configure test for it). less sure about
>> > something that's less than a year old such as 11.10.
>>
>> Yeah, that seems reasonable. I'd also suggest pinging the libssh2
>> mailing lists to see if there's another API that you've missed, or if
>> they can explain why it's necessary to provide the public key and
>> private one.
>
>
>   I have posted the problem on libssh2 mailing list and below is the
> response that I received from Daniel Stenberg
>
>   "Any other SSL library" would be another crypto library to be strict, as
> we  don't use SSL... That only other crypto library
>    we support in libssh2 is gcrypt. It just happens that nobody has written
> the necessary code in libssh2 to allow this
>    operation with that backend. Feel free to step forward and help us remove
> this annoying difference in functionality
>    depending on backend crypto lib!

OK, so can you please try to find out what Ubuntu/Debian and Redhat do please?

--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

Re: SSH Tunneling implementation

From
Akshay Joshi
Date:
Hi All

I have tried a lot to figure out libssh2 is compiled with which crypto library, but unable to find it. Can someone guide/help me or do we continue with the public key option on UI? 

I'll continue to find some solution.  

On Tue, Jul 10, 2012 at 6:06 PM, Dave Page <dpage@pgadmin.org> wrote:
On Tue, Jul 10, 2012 at 1:32 PM, Akshay Joshi
<akshay.joshi@enterprisedb.com> wrote:
>
>
> On Tue, Jul 10, 2012 at 4:22 PM, Dave Page <dpage@pgadmin.org> wrote:
>>
>> On Tue, Jul 10, 2012 at 11:39 AM, Magnus Hagander <magnus@hagander.net>
>> wrote:
>> > Can we identify which version of libssh is required, and have a
>> > configure check for it? AFAICT they are all on 1.2 until the *next*
>> > release - so is it really something that breaks on just a minor
>> > version? If so, we really need a configure check for it.
>> >
>> > I think it's ok to say that we can't build with that feature on 10.04
>> > (assuming we can find a configure test for it). less sure about
>> > something that's less than a year old such as 11.10.
>>
>> Yeah, that seems reasonable. I'd also suggest pinging the libssh2
>> mailing lists to see if there's another API that you've missed, or if
>> they can explain why it's necessary to provide the public key and
>> private one.
>
>
>   I have posted the problem on libssh2 mailing list and below is the
> response that I received from Daniel Stenberg
>
>   "Any other SSL library" would be another crypto library to be strict, as
> we  don't use SSL... That only other crypto library
>    we support in libssh2 is gcrypt. It just happens that nobody has written
> the necessary code in libssh2 to allow this
>    operation with that backend. Feel free to step forward and help us remove
> this annoying difference in functionality
>    depending on backend crypto lib!

OK, so can you please try to find out what Ubuntu/Debian and Redhat do please?

--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company



--
Akshay Joshi
Senior Software Engineer 
EnterpriseDB Corporation
The Enterprise PostgreSQL Company
Phone: +91 20-3058-9522
Mobile: +91 976-788-8246

Re: SSH Tunneling implementation

From
Dave Page
Date:
On Thu, Jul 12, 2012 at 12:04 PM, Akshay Joshi
<akshay.joshi@enterprisedb.com> wrote:
> Hi All
>
> I have tried a lot to figure out libssh2 is compiled with which crypto
> library, but unable to find it. Can someone guide/help me or do we continue
> with the public key option on UI?

The libssh2 guys couldn't tell you how?

> I'll continue to find some solution.
>
>
> On Tue, Jul 10, 2012 at 6:06 PM, Dave Page <dpage@pgadmin.org> wrote:
>>
>> On Tue, Jul 10, 2012 at 1:32 PM, Akshay Joshi
>> <akshay.joshi@enterprisedb.com> wrote:
>> >
>> >
>> > On Tue, Jul 10, 2012 at 4:22 PM, Dave Page <dpage@pgadmin.org> wrote:
>> >>
>> >> On Tue, Jul 10, 2012 at 11:39 AM, Magnus Hagander <magnus@hagander.net>
>> >> wrote:
>> >> > Can we identify which version of libssh is required, and have a
>> >> > configure check for it? AFAICT they are all on 1.2 until the *next*
>> >> > release - so is it really something that breaks on just a minor
>> >> > version? If so, we really need a configure check for it.
>> >> >
>> >> > I think it's ok to say that we can't build with that feature on 10.04
>> >> > (assuming we can find a configure test for it). less sure about
>> >> > something that's less than a year old such as 11.10.
>> >>
>> >> Yeah, that seems reasonable. I'd also suggest pinging the libssh2
>> >> mailing lists to see if there's another API that you've missed, or if
>> >> they can explain why it's necessary to provide the public key and
>> >> private one.
>> >
>> >
>> >   I have posted the problem on libssh2 mailing list and below is the
>> > response that I received from Daniel Stenberg
>> >
>> >   "Any other SSL library" would be another crypto library to be strict,
>> > as
>> > we  don't use SSL... That only other crypto library
>> >    we support in libssh2 is gcrypt. It just happens that nobody has
>> > written
>> > the necessary code in libssh2 to allow this
>> >    operation with that backend. Feel free to step forward and help us
>> > remove
>> > this annoying difference in functionality
>> >    depending on backend crypto lib!
>>
>> OK, so can you please try to find out what Ubuntu/Debian and Redhat do
>> please?
>>
>> --
>> Dave Page
>> Blog: http://pgsnake.blogspot.com
>> Twitter: @pgsnake
>>
>> EnterpriseDB UK: http://www.enterprisedb.com
>> The Enterprise PostgreSQL Company
>
>
>
>
> --
> Akshay Joshi
> Senior Software Engineer
> EnterpriseDB Corporation
> The Enterprise PostgreSQL Company
> Phone: +91 20-3058-9522
> Mobile: +91 976-788-8246
>



--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

Re: SSH Tunneling implementation

From
Akshay Joshi
Date:


On Thu, Jul 12, 2012 at 5:21 PM, Dave Page <dpage@pgadmin.org> wrote:
On Thu, Jul 12, 2012 at 12:04 PM, Akshay Joshi
<akshay.joshi@enterprisedb.com> wrote:
> Hi All
>
> I have tried a lot to figure out libssh2 is compiled with which crypto
> library, but unable to find it. Can someone guide/help me or do we continue
> with the public key option on UI?

The libssh2 guys couldn't tell you how?
   
    I'll post this on mailing list, but I have found one solution to the problem is checking the function "libssh2_md5" using AC_CHECK_LIB as below 
   AC_CHECK_LIB(ssh2, libssh2_md5, [IS_LIBSSH2_OPENSSL_CRYPTO=yes], [IS_LIBSSH2_OPENSSL_CRYPTO=no]) 

   I have analyze libssh2 source code and found "libssh2_md5" is implemented only for openssl version not for the gcrypt. I have tested it with both
   the version of libssh2.so.

   Thoughts? Comments?

> I'll continue to find some solution.
>
>
> On Tue, Jul 10, 2012 at 6:06 PM, Dave Page <dpage@pgadmin.org> wrote:
>>
>> On Tue, Jul 10, 2012 at 1:32 PM, Akshay Joshi
>> <akshay.joshi@enterprisedb.com> wrote:
>> >
>> >
>> > On Tue, Jul 10, 2012 at 4:22 PM, Dave Page <dpage@pgadmin.org> wrote:
>> >>
>> >> On Tue, Jul 10, 2012 at 11:39 AM, Magnus Hagander <magnus@hagander.net>
>> >> wrote:
>> >> > Can we identify which version of libssh is required, and have a
>> >> > configure check for it? AFAICT they are all on 1.2 until the *next*
>> >> > release - so is it really something that breaks on just a minor
>> >> > version? If so, we really need a configure check for it.
>> >> >
>> >> > I think it's ok to say that we can't build with that feature on 10.04
>> >> > (assuming we can find a configure test for it). less sure about
>> >> > something that's less than a year old such as 11.10.
>> >>
>> >> Yeah, that seems reasonable. I'd also suggest pinging the libssh2
>> >> mailing lists to see if there's another API that you've missed, or if
>> >> they can explain why it's necessary to provide the public key and
>> >> private one.
>> >
>> >
>> >   I have posted the problem on libssh2 mailing list and below is the
>> > response that I received from Daniel Stenberg
>> >
>> >   "Any other SSL library" would be another crypto library to be strict,
>> > as
>> > we  don't use SSL... That only other crypto library
>> >    we support in libssh2 is gcrypt. It just happens that nobody has
>> > written
>> > the necessary code in libssh2 to allow this
>> >    operation with that backend. Feel free to step forward and help us
>> > remove
>> > this annoying difference in functionality
>> >    depending on backend crypto lib!
>>
>> OK, so can you please try to find out what Ubuntu/Debian and Redhat do
>> please?
>>
>> --
>> Dave Page
>> Blog: http://pgsnake.blogspot.com
>> Twitter: @pgsnake
>>
>> EnterpriseDB UK: http://www.enterprisedb.com
>> The Enterprise PostgreSQL Company
>
>
>
>
> --
> Akshay Joshi
> Senior Software Engineer
> EnterpriseDB Corporation
> The Enterprise PostgreSQL Company
> Phone: +91 20-3058-9522
> Mobile: +91 976-788-8246
>



--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company



--
Akshay Joshi
Senior Software Engineer 
EnterpriseDB Corporation
The Enterprise PostgreSQL Company
Phone: +91 20-3058-9522
Mobile: +91 976-788-8246

Re: SSH Tunneling implementation

From
Magnus Hagander
Date:
On Thu, Jul 12, 2012 at 2:06 PM, Akshay Joshi
<akshay.joshi@enterprisedb.com> wrote:
>
>
> On Thu, Jul 12, 2012 at 5:21 PM, Dave Page <dpage@pgadmin.org> wrote:
>>
>> On Thu, Jul 12, 2012 at 12:04 PM, Akshay Joshi
>> <akshay.joshi@enterprisedb.com> wrote:
>> > Hi All
>> >
>> > I have tried a lot to figure out libssh2 is compiled with which crypto
>> > library, but unable to find it. Can someone guide/help me or do we
>> > continue
>> > with the public key option on UI?
>>
>> The libssh2 guys couldn't tell you how?
>
>
>     I'll post this on mailing list, but I have found one solution to the
> problem is checking the function "libssh2_md5" using AC_CHECK_LIB as below
>    AC_CHECK_LIB(ssh2, libssh2_md5, [IS_LIBSSH2_OPENSSL_CRYPTO=yes],
> [IS_LIBSSH2_OPENSSL_CRYPTO=no])
>
>    I have analyze libssh2 source code and found "libssh2_md5" is implemented
> only for openssl version not for the gcrypt. I have tested it with both
>    the version of libssh2.so.
>
>    Thoughts? Comments?

Is there a way to test the actual function that we want to call
instead? Will it fail right away, or does it actually require there to
be a server somewhere that we can connect to? (If it requires a server
we can't use that one in configure, but if it will fail right away,
that seems like a better way to test it.

--
 Magnus Hagander
 Me: http://www.hagander.net/
 Work: http://www.redpill-linpro.com/

Re: SSH Tunneling implementation

From
Akshay Joshi
Date:


On Thu, Jul 12, 2012 at 5:44 PM, Magnus Hagander <magnus@hagander.net> wrote:
On Thu, Jul 12, 2012 at 2:06 PM, Akshay Joshi
<akshay.joshi@enterprisedb.com> wrote:
>
>
> On Thu, Jul 12, 2012 at 5:21 PM, Dave Page <dpage@pgadmin.org> wrote:
>>
>> On Thu, Jul 12, 2012 at 12:04 PM, Akshay Joshi
>> <akshay.joshi@enterprisedb.com> wrote:
>> > Hi All
>> >
>> > I have tried a lot to figure out libssh2 is compiled with which crypto
>> > library, but unable to find it. Can someone guide/help me or do we
>> > continue
>> > with the public key option on UI?
>>
>> The libssh2 guys couldn't tell you how?
>
>
>     I'll post this on mailing list, but I have found one solution to the
> problem is checking the function "libssh2_md5" using AC_CHECK_LIB as below
>    AC_CHECK_LIB(ssh2, libssh2_md5, [IS_LIBSSH2_OPENSSL_CRYPTO=yes],
> [IS_LIBSSH2_OPENSSL_CRYPTO=no])
>
>    I have analyze libssh2 source code and found "libssh2_md5" is implemented
> only for openssl version not for the gcrypt. I have tested it with both
>    the version of libssh2.so.
>
>    Thoughts? Comments?

Is there a way to test the actual function that we want to call
instead? Will it fail right away, or does it actually require there to
be a server somewhere that we can connect to? (If it requires a server
we can't use that one in configure, but if it will fail right away,
that seems like a better way to test it.

   To check the actual function we requires a valid server. Yesterday I have posted the problem to the libssh2 mailing list, but still didn't get response.Meanwhile
   I have fixed the review comments given by Dave. Attached is the complete patch with
   AC_CHECK_LIB(ssh2, libssh2_md5 [IS_LIBSSH2_OPENSSL_CRYPTO=yes], [IS_LIBSSH2_OPENSSL_CRYPTO=no]) and it works with both version of
   libssh2.

   Can we include libssh2 source code with pgAdmin3 to solve the problem? Thoughts??Comments?

--
 Magnus Hagander
 Me: http://www.hagander.net/
 Work: http://www.redpill-linpro.com/



--
Akshay Joshi
Senior Software Engineer 
EnterpriseDB Corporation
The Enterprise PostgreSQL Company
Phone: +91 20-3058-9522
Mobile: +91 976-788-8246

Attachment

Re: SSH Tunneling implementation

From
Dave Page
Date:
On Fri, Jul 13, 2012 at 7:57 AM, Akshay Joshi
<akshay.joshi@enterprisedb.com> wrote:
>
>
> On Thu, Jul 12, 2012 at 5:44 PM, Magnus Hagander <magnus@hagander.net>
> wrote:
>>
>> On Thu, Jul 12, 2012 at 2:06 PM, Akshay Joshi
>> <akshay.joshi@enterprisedb.com> wrote:
>> >
>> >
>> > On Thu, Jul 12, 2012 at 5:21 PM, Dave Page <dpage@pgadmin.org> wrote:
>> >>
>> >> On Thu, Jul 12, 2012 at 12:04 PM, Akshay Joshi
>> >> <akshay.joshi@enterprisedb.com> wrote:
>> >> > Hi All
>> >> >
>> >> > I have tried a lot to figure out libssh2 is compiled with which
>> >> > crypto
>> >> > library, but unable to find it. Can someone guide/help me or do we
>> >> > continue
>> >> > with the public key option on UI?
>> >>
>> >> The libssh2 guys couldn't tell you how?
>> >
>> >
>> >     I'll post this on mailing list, but I have found one solution to the
>> > problem is checking the function "libssh2_md5" using AC_CHECK_LIB as
>> > below
>> >    AC_CHECK_LIB(ssh2, libssh2_md5, [IS_LIBSSH2_OPENSSL_CRYPTO=yes],
>> > [IS_LIBSSH2_OPENSSL_CRYPTO=no])
>> >
>> >    I have analyze libssh2 source code and found "libssh2_md5" is
>> > implemented
>> > only for openssl version not for the gcrypt. I have tested it with both
>> >    the version of libssh2.so.
>> >
>> >    Thoughts? Comments?
>>
>> Is there a way to test the actual function that we want to call
>> instead? Will it fail right away, or does it actually require there to
>> be a server somewhere that we can connect to? (If it requires a server
>> we can't use that one in configure, but if it will fail right away,
>> that seems like a better way to test it.
>
>
>    To check the actual function we requires a valid server. Yesterday I have
> posted the problem to the libssh2 mailing list, but still didn't get
> response.Meanwhile
>    I have fixed the review comments given by Dave. Attached is the complete
> patch with
>    AC_CHECK_LIB(ssh2, libssh2_md5 [IS_LIBSSH2_OPENSSL_CRYPTO=yes],
> [IS_LIBSSH2_OPENSSL_CRYPTO=no]) and it works with both version of
>    libssh2.
>
>    Can we include libssh2 source code with pgAdmin3 to solve the problem?
> Thoughts??Comments?

I discussed that with Ashesh on Skype yesterday - I thought he was
going to post to the list. Magnus suggested that option, and I'm
beginning to think it's the way forward. The licence is compatible
from what I can see, so that shouldn't be a problem. Then, we'd just
modify the configure script to add a dependency on OpenSSL instead.

If we do that though, we'd need to make it work if OpenSSL isn't
available on the build platform. I'd suggest that if configure isn't
given a valid OpenSSL installation (or can't find one), then we just
disable all the tunnelling options - just surround the appropriate
code in #ifdef OPENSSL or something and hide the tab on dlgServer.

Anyone have any thoughts or objections to doing it that way?

--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

Re: SSH Tunneling implementation

From
Magnus Hagander
Date:
On Fri, Jul 13, 2012 at 10:32 AM, Dave Page <dpage@pgadmin.org> wrote:
> On Fri, Jul 13, 2012 at 7:57 AM, Akshay Joshi
> <akshay.joshi@enterprisedb.com> wrote:
>>
>>
>> On Thu, Jul 12, 2012 at 5:44 PM, Magnus Hagander <magnus@hagander.net>
>> wrote:
>>>
>>> On Thu, Jul 12, 2012 at 2:06 PM, Akshay Joshi
>>> <akshay.joshi@enterprisedb.com> wrote:
>>> >
>>> >
>>> > On Thu, Jul 12, 2012 at 5:21 PM, Dave Page <dpage@pgadmin.org> wrote:
>>> >>
>>> >> On Thu, Jul 12, 2012 at 12:04 PM, Akshay Joshi
>>> >> <akshay.joshi@enterprisedb.com> wrote:
>>> >> > Hi All
>>> >> >
>>> >> > I have tried a lot to figure out libssh2 is compiled with which
>>> >> > crypto
>>> >> > library, but unable to find it. Can someone guide/help me or do we
>>> >> > continue
>>> >> > with the public key option on UI?
>>> >>
>>> >> The libssh2 guys couldn't tell you how?
>>> >
>>> >
>>> >     I'll post this on mailing list, but I have found one solution to the
>>> > problem is checking the function "libssh2_md5" using AC_CHECK_LIB as
>>> > below
>>> >    AC_CHECK_LIB(ssh2, libssh2_md5, [IS_LIBSSH2_OPENSSL_CRYPTO=yes],
>>> > [IS_LIBSSH2_OPENSSL_CRYPTO=no])
>>> >
>>> >    I have analyze libssh2 source code and found "libssh2_md5" is
>>> > implemented
>>> > only for openssl version not for the gcrypt. I have tested it with both
>>> >    the version of libssh2.so.
>>> >
>>> >    Thoughts? Comments?
>>>
>>> Is there a way to test the actual function that we want to call
>>> instead? Will it fail right away, or does it actually require there to
>>> be a server somewhere that we can connect to? (If it requires a server
>>> we can't use that one in configure, but if it will fail right away,
>>> that seems like a better way to test it.
>>
>>
>>    To check the actual function we requires a valid server. Yesterday I have
>> posted the problem to the libssh2 mailing list, but still didn't get
>> response.Meanwhile
>>    I have fixed the review comments given by Dave. Attached is the complete
>> patch with
>>    AC_CHECK_LIB(ssh2, libssh2_md5 [IS_LIBSSH2_OPENSSL_CRYPTO=yes],
>> [IS_LIBSSH2_OPENSSL_CRYPTO=no]) and it works with both version of
>>    libssh2.
>>
>>    Can we include libssh2 source code with pgAdmin3 to solve the problem?
>> Thoughts??Comments?
>
> I discussed that with Ashesh on Skype yesterday - I thought he was
> going to post to the list. Magnus suggested that option, and I'm
> beginning to think it's the way forward. The licence is compatible
> from what I can see, so that shouldn't be a problem. Then, we'd just
> modify the configure script to add a dependency on OpenSSL instead.

Agreed. It seems libssh2 is just a little bit "too new" (IIRC it's
been around for longer, but caught some "revival" not too long ago) -
meaning that enterprise platforms like ubuntu LTS and RHEL are stuck
on versions that are too old.

So I think including it would be a good idea - at least for a couple
of yeas until reality might change underneath us and make that
unnecessary.

One thing we should definitely have is a policy (and maybe scripts?)
to make sure we keep it *updated*. It will require things like a
security release of pgadmin whenever there is one of libssh2, and we
need a good way to keep up with the proper minor version..


> If we do that though, we'd need to make it work if OpenSSL isn't
> available on the build platform. I'd suggest that if configure isn't
> given a valid OpenSSL installation (or can't find one), then we just
> disable all the tunnelling options - just surround the appropriate
> code in #ifdef OPENSSL or something and hide the tab on dlgServer.

Hmm. But couldn't we still support tunneling with passwords, just not
publickey? If so, I'd much rather see just that option grayed out
(maybe have a text that says why, if there's room) than to remove the
complete functionality. I know lots of people who use ssh with
passwords only (e.g. LDAP integrations etc), that could benefit from
this even if it doesn't come with key support.

--
 Magnus Hagander
 Me: http://www.hagander.net/
 Work: http://www.redpill-linpro.com/

Re: SSH Tunneling implementation

From
Ashesh Vashi
Date:
On Fri, Jul 13, 2012 at 2:45 PM, Magnus Hagander <magnus@hagander.net> wrote:
On Fri, Jul 13, 2012 at 10:32 AM, Dave Page <dpage@pgadmin.org> wrote:
> On Fri, Jul 13, 2012 at 7:57 AM, Akshay Joshi
> <akshay.joshi@enterprisedb.com> wrote:
>>
>>
>> On Thu, Jul 12, 2012 at 5:44 PM, Magnus Hagander <magnus@hagander.net>
>> wrote:
>>>
>>> On Thu, Jul 12, 2012 at 2:06 PM, Akshay Joshi
>>> <akshay.joshi@enterprisedb.com> wrote:
>>> >
>>> >
>>> > On Thu, Jul 12, 2012 at 5:21 PM, Dave Page <dpage@pgadmin.org> wrote:
>>> >>
>>> >> On Thu, Jul 12, 2012 at 12:04 PM, Akshay Joshi
>>> >> <akshay.joshi@enterprisedb.com> wrote:
>>> >> > Hi All
>>> >> >
>>> >> > I have tried a lot to figure out libssh2 is compiled with which
>>> >> > crypto
>>> >> > library, but unable to find it. Can someone guide/help me or do we
>>> >> > continue
>>> >> > with the public key option on UI?
>>> >>
>>> >> The libssh2 guys couldn't tell you how?
>>> >
>>> >
>>> >     I'll post this on mailing list, but I have found one solution to the
>>> > problem is checking the function "libssh2_md5" using AC_CHECK_LIB as
>>> > below
>>> >    AC_CHECK_LIB(ssh2, libssh2_md5, [IS_LIBSSH2_OPENSSL_CRYPTO=yes],
>>> > [IS_LIBSSH2_OPENSSL_CRYPTO=no])
>>> >
>>> >    I have analyze libssh2 source code and found "libssh2_md5" is
>>> > implemented
>>> > only for openssl version not for the gcrypt. I have tested it with both
>>> >    the version of libssh2.so.
>>> >
>>> >    Thoughts? Comments?
>>>
>>> Is there a way to test the actual function that we want to call
>>> instead? Will it fail right away, or does it actually require there to
>>> be a server somewhere that we can connect to? (If it requires a server
>>> we can't use that one in configure, but if it will fail right away,
>>> that seems like a better way to test it.
>>
>>
>>    To check the actual function we requires a valid server. Yesterday I have
>> posted the problem to the libssh2 mailing list, but still didn't get
>> response.Meanwhile
>>    I have fixed the review comments given by Dave. Attached is the complete
>> patch with
>>    AC_CHECK_LIB(ssh2, libssh2_md5 [IS_LIBSSH2_OPENSSL_CRYPTO=yes],
>> [IS_LIBSSH2_OPENSSL_CRYPTO=no]) and it works with both version of
>>    libssh2.
>>
>>    Can we include libssh2 source code with pgAdmin3 to solve the problem?
>> Thoughts??Comments?
>
> I discussed that with Ashesh on Skype yesterday - I thought he was
> going to post to the list. Magnus suggested that option, and I'm
> beginning to think it's the way forward. The licence is compatible
> from what I can see, so that shouldn't be a problem. Then, we'd just
> modify the configure script to add a dependency on OpenSSL instead.

Agreed. It seems libssh2 is just a little bit "too new" (IIRC it's
been around for longer, but caught some "revival" not too long ago) -
meaning that enterprise platforms like ubuntu LTS and RHEL are stuck
on versions that are too old.

So I think including it would be a good idea - at least for a couple
of yeas until reality might change underneath us and make that
unnecessary.

One thing we should definitely have is a policy (and maybe scripts?)
to make sure we keep it *updated*. It will require things like a
security release of pgadmin whenever there is one of libssh2, and we
need a good way to keep up with the proper minor version..


> If we do that though, we'd need to make it work if OpenSSL isn't
> available on the build platform. I'd suggest that if configure isn't
> given a valid OpenSSL installation (or can't find one), then we just
> disable all the tunnelling options - just surround the appropriate
> code in #ifdef OPENSSL or something and hide the tab on dlgServer.

Hmm. But couldn't we still support tunneling with passwords, just not
publickey? If so, I'd much rather see just that option grayed out
(maybe have a text that says why, if there's room) than to remove the
complete functionality. I know lots of people who use ssh with
passwords only (e.g. LDAP integrations etc), that could benefit from
this even if it doesn't come with key support.
I would prefer to have that feature which supplies of private and public keys both or with password. 
But - as libssh2 requires either openssl or libgcrypt.
If none found on the system, we can disable this feature. 

--

Thanks & Regards,

Ashesh Vashi
EnterpriseDB INDIA: 
Enterprise PostgreSQL Company


http://www.linkedin.com/in/asheshvashi


--
 Magnus Hagander
 Me: http://www.hagander.net/
 Work: http://www.redpill-linpro.com/

--
Sent via pgadmin-hackers mailing list (pgadmin-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgadmin-hackers

Re: SSH Tunneling implementation

From
Dave Page
Date:


On Fri, Jul 13, 2012 at 10:24 AM, Ashesh Vashi <ashesh.vashi@enterprisedb.com> wrote:
On Fri, Jul 13, 2012 at 2:45 PM, Magnus Hagander <magnus@hagander.net> wrote:
On Fri, Jul 13, 2012 at 10:32 AM, Dave Page <dpage@pgadmin.org> wrote:
> On Fri, Jul 13, 2012 at 7:57 AM, Akshay Joshi
> <akshay.joshi@enterprisedb.com> wrote:
>>
>>
>> On Thu, Jul 12, 2012 at 5:44 PM, Magnus Hagander <magnus@hagander.net>
>> wrote:
>>>
>>> On Thu, Jul 12, 2012 at 2:06 PM, Akshay Joshi
>>> <akshay.joshi@enterprisedb.com> wrote:
>>> >
>>> >
>>> > On Thu, Jul 12, 2012 at 5:21 PM, Dave Page <dpage@pgadmin.org> wrote:
>>> >>
>>> >> On Thu, Jul 12, 2012 at 12:04 PM, Akshay Joshi
>>> >> <akshay.joshi@enterprisedb.com> wrote:
>>> >> > Hi All
>>> >> >
>>> >> > I have tried a lot to figure out libssh2 is compiled with which
>>> >> > crypto
>>> >> > library, but unable to find it. Can someone guide/help me or do we
>>> >> > continue
>>> >> > with the public key option on UI?
>>> >>
>>> >> The libssh2 guys couldn't tell you how?
>>> >
>>> >
>>> >     I'll post this on mailing list, but I have found one solution to the
>>> > problem is checking the function "libssh2_md5" using AC_CHECK_LIB as
>>> > below
>>> >    AC_CHECK_LIB(ssh2, libssh2_md5, [IS_LIBSSH2_OPENSSL_CRYPTO=yes],
>>> > [IS_LIBSSH2_OPENSSL_CRYPTO=no])
>>> >
>>> >    I have analyze libssh2 source code and found "libssh2_md5" is
>>> > implemented
>>> > only for openssl version not for the gcrypt. I have tested it with both
>>> >    the version of libssh2.so.
>>> >
>>> >    Thoughts? Comments?
>>>
>>> Is there a way to test the actual function that we want to call
>>> instead? Will it fail right away, or does it actually require there to
>>> be a server somewhere that we can connect to? (If it requires a server
>>> we can't use that one in configure, but if it will fail right away,
>>> that seems like a better way to test it.
>>
>>
>>    To check the actual function we requires a valid server. Yesterday I have
>> posted the problem to the libssh2 mailing list, but still didn't get
>> response.Meanwhile
>>    I have fixed the review comments given by Dave. Attached is the complete
>> patch with
>>    AC_CHECK_LIB(ssh2, libssh2_md5 [IS_LIBSSH2_OPENSSL_CRYPTO=yes],
>> [IS_LIBSSH2_OPENSSL_CRYPTO=no]) and it works with both version of
>>    libssh2.
>>
>>    Can we include libssh2 source code with pgAdmin3 to solve the problem?
>> Thoughts??Comments?
>
> I discussed that with Ashesh on Skype yesterday - I thought he was
> going to post to the list. Magnus suggested that option, and I'm
> beginning to think it's the way forward. The licence is compatible
> from what I can see, so that shouldn't be a problem. Then, we'd just
> modify the configure script to add a dependency on OpenSSL instead.

Agreed. It seems libssh2 is just a little bit "too new" (IIRC it's
been around for longer, but caught some "revival" not too long ago) -
meaning that enterprise platforms like ubuntu LTS and RHEL are stuck
on versions that are too old.

So I think including it would be a good idea - at least for a couple
of yeas until reality might change underneath us and make that
unnecessary.

One thing we should definitely have is a policy (and maybe scripts?)
to make sure we keep it *updated*. It will require things like a
security release of pgadmin whenever there is one of libssh2, and we
need a good way to keep up with the proper minor version..


> If we do that though, we'd need to make it work if OpenSSL isn't
> available on the build platform. I'd suggest that if configure isn't
> given a valid OpenSSL installation (or can't find one), then we just
> disable all the tunnelling options - just surround the appropriate
> code in #ifdef OPENSSL or something and hide the tab on dlgServer.

Hmm. But couldn't we still support tunneling with passwords, just not
publickey? If so, I'd much rather see just that option grayed out
(maybe have a text that says why, if there's room) than to remove the
complete functionality. I know lots of people who use ssh with
passwords only (e.g. LDAP integrations etc), that could benefit from
this even if it doesn't come with key support.
I would prefer to have that feature which supplies of private and public keys both or with password. 
But - as libssh2 requires either openssl or libgcrypt.
If none found on the system, we can disable this feature. 

 Good point - we could have configure look for OpenSSL, if that's not found, look for gcrypt (and require the user to provide a public key to use a tunnel), or finally if neither are found, disable the tunnelling feature altogether. 


--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

Re: SSH Tunneling implementation

From
Guillaume Lelarge
Date:
On Fri, 2012-07-13 at 09:32 +0100, Dave Page wrote:
> On Fri, Jul 13, 2012 at 7:57 AM, Akshay Joshi
> <akshay.joshi@enterprisedb.com> wrote:
> >
> >
> > On Thu, Jul 12, 2012 at 5:44 PM, Magnus Hagander <magnus@hagander.net>
> > wrote:
> >>
> >> On Thu, Jul 12, 2012 at 2:06 PM, Akshay Joshi
> >> <akshay.joshi@enterprisedb.com> wrote:
> >> >
> >> >
> >> > On Thu, Jul 12, 2012 at 5:21 PM, Dave Page <dpage@pgadmin.org> wrote:
> >> >>
> >> >> On Thu, Jul 12, 2012 at 12:04 PM, Akshay Joshi
> >> >> <akshay.joshi@enterprisedb.com> wrote:
> >> >> > Hi All
> >> >> >
> >> >> > I have tried a lot to figure out libssh2 is compiled with which
> >> >> > crypto
> >> >> > library, but unable to find it. Can someone guide/help me or do we
> >> >> > continue
> >> >> > with the public key option on UI?
> >> >>
> >> >> The libssh2 guys couldn't tell you how?
> >> >
> >> >
> >> >     I'll post this on mailing list, but I have found one solution to the
> >> > problem is checking the function "libssh2_md5" using AC_CHECK_LIB as
> >> > below
> >> >    AC_CHECK_LIB(ssh2, libssh2_md5, [IS_LIBSSH2_OPENSSL_CRYPTO=yes],
> >> > [IS_LIBSSH2_OPENSSL_CRYPTO=no])
> >> >
> >> >    I have analyze libssh2 source code and found "libssh2_md5" is
> >> > implemented
> >> > only for openssl version not for the gcrypt. I have tested it with both
> >> >    the version of libssh2.so.
> >> >
> >> >    Thoughts? Comments?
> >>
> >> Is there a way to test the actual function that we want to call
> >> instead? Will it fail right away, or does it actually require there to
> >> be a server somewhere that we can connect to? (If it requires a server
> >> we can't use that one in configure, but if it will fail right away,
> >> that seems like a better way to test it.
> >
> >
> >    To check the actual function we requires a valid server. Yesterday I have
> > posted the problem to the libssh2 mailing list, but still didn't get
> > response.Meanwhile
> >    I have fixed the review comments given by Dave. Attached is the complete
> > patch with
> >    AC_CHECK_LIB(ssh2, libssh2_md5 [IS_LIBSSH2_OPENSSL_CRYPTO=yes],
> > [IS_LIBSSH2_OPENSSL_CRYPTO=no]) and it works with both version of
> >    libssh2.
> >
> >    Can we include libssh2 source code with pgAdmin3 to solve the problem?
> > Thoughts??Comments?
>
> I discussed that with Ashesh on Skype yesterday - I thought he was
> going to post to the list. Magnus suggested that option, and I'm
> beginning to think it's the way forward. The licence is compatible
> from what I can see, so that shouldn't be a problem. Then, we'd just
> modify the configure script to add a dependency on OpenSSL instead.
>
> If we do that though, we'd need to make it work if OpenSSL isn't
> available on the build platform. I'd suggest that if configure isn't
> given a valid OpenSSL installation (or can't find one), then we just
> disable all the tunnelling options - just surround the appropriate
> code in #ifdef OPENSSL or something and hide the tab on dlgServer.
>
> Anyone have any thoughts or objections to doing it that way?
>

My only objection would be that we'll add yet another code in the
repository. I mean, we already have ogl, and gcc complains each time it
compiles it. So we already havd ogl that we added but don't maintain. If
we add also libssh2, just to be clear, I don't want to maintain it.
Someone else will have to do this (just like ogl).


--
Guillaume
http://blog.guillaume.lelarge.info
http://www.dalibo.com


Re: SSH Tunneling implementation

From
Dave Page
Date:
On Sat, Jul 14, 2012 at 2:13 PM, Guillaume Lelarge
<guillaume@lelarge.info> wrote:
> On Fri, 2012-07-13 at 09:32 +0100, Dave Page wrote:
>> On Fri, Jul 13, 2012 at 7:57 AM, Akshay Joshi
>> <akshay.joshi@enterprisedb.com> wrote:
>> >
>> >
>> > On Thu, Jul 12, 2012 at 5:44 PM, Magnus Hagander <magnus@hagander.net>
>> > wrote:
>> >>
>> >> On Thu, Jul 12, 2012 at 2:06 PM, Akshay Joshi
>> >> <akshay.joshi@enterprisedb.com> wrote:
>> >> >
>> >> >
>> >> > On Thu, Jul 12, 2012 at 5:21 PM, Dave Page <dpage@pgadmin.org> wrote:
>> >> >>
>> >> >> On Thu, Jul 12, 2012 at 12:04 PM, Akshay Joshi
>> >> >> <akshay.joshi@enterprisedb.com> wrote:
>> >> >> > Hi All
>> >> >> >
>> >> >> > I have tried a lot to figure out libssh2 is compiled with which
>> >> >> > crypto
>> >> >> > library, but unable to find it. Can someone guide/help me or do we
>> >> >> > continue
>> >> >> > with the public key option on UI?
>> >> >>
>> >> >> The libssh2 guys couldn't tell you how?
>> >> >
>> >> >
>> >> >     I'll post this on mailing list, but I have found one solution to the
>> >> > problem is checking the function "libssh2_md5" using AC_CHECK_LIB as
>> >> > below
>> >> >    AC_CHECK_LIB(ssh2, libssh2_md5, [IS_LIBSSH2_OPENSSL_CRYPTO=yes],
>> >> > [IS_LIBSSH2_OPENSSL_CRYPTO=no])
>> >> >
>> >> >    I have analyze libssh2 source code and found "libssh2_md5" is
>> >> > implemented
>> >> > only for openssl version not for the gcrypt. I have tested it with both
>> >> >    the version of libssh2.so.
>> >> >
>> >> >    Thoughts? Comments?
>> >>
>> >> Is there a way to test the actual function that we want to call
>> >> instead? Will it fail right away, or does it actually require there to
>> >> be a server somewhere that we can connect to? (If it requires a server
>> >> we can't use that one in configure, but if it will fail right away,
>> >> that seems like a better way to test it.
>> >
>> >
>> >    To check the actual function we requires a valid server. Yesterday I have
>> > posted the problem to the libssh2 mailing list, but still didn't get
>> > response.Meanwhile
>> >    I have fixed the review comments given by Dave. Attached is the complete
>> > patch with
>> >    AC_CHECK_LIB(ssh2, libssh2_md5 [IS_LIBSSH2_OPENSSL_CRYPTO=yes],
>> > [IS_LIBSSH2_OPENSSL_CRYPTO=no]) and it works with both version of
>> >    libssh2.
>> >
>> >    Can we include libssh2 source code with pgAdmin3 to solve the problem?
>> > Thoughts??Comments?
>>
>> I discussed that with Ashesh on Skype yesterday - I thought he was
>> going to post to the list. Magnus suggested that option, and I'm
>> beginning to think it's the way forward. The licence is compatible
>> from what I can see, so that shouldn't be a problem. Then, we'd just
>> modify the configure script to add a dependency on OpenSSL instead.
>>
>> If we do that though, we'd need to make it work if OpenSSL isn't
>> available on the build platform. I'd suggest that if configure isn't
>> given a valid OpenSSL installation (or can't find one), then we just
>> disable all the tunnelling options - just surround the appropriate
>> code in #ifdef OPENSSL or something and hide the tab on dlgServer.
>>
>> Anyone have any thoughts or objections to doing it that way?
>>
>
> My only objection would be that we'll add yet another code in the
> repository. I mean, we already have ogl, and gcc complains each time it
> compiles it.

Not for me - and I'd be the first to complain if I saw it doing that.
What do you see?

> So we already havd ogl that we added but don't maintain. If
> we add also libssh2, just to be clear, I don't want to maintain it.
> Someone else will have to do this (just like ogl).

The intention would be to add it as-is, and certainly not to modify it
in any way. Any updates from upstream should be easy to incorporate by
updating the source, and just adding any new files that are required.

--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

Re: SSH Tunneling implementation

From
Guillaume Lelarge
Date:
On Sun, 2012-07-15 at 12:02 +0100, Dave Page wrote:
> On Sat, Jul 14, 2012 at 2:13 PM, Guillaume Lelarge
> <guillaume@lelarge.info> wrote:
> > On Fri, 2012-07-13 at 09:32 +0100, Dave Page wrote:
> >> On Fri, Jul 13, 2012 at 7:57 AM, Akshay Joshi
> >> <akshay.joshi@enterprisedb.com> wrote:
> >> >
> >> >
> >> > On Thu, Jul 12, 2012 at 5:44 PM, Magnus Hagander <magnus@hagander.net>
> >> > wrote:
> >> >>
> >> >> On Thu, Jul 12, 2012 at 2:06 PM, Akshay Joshi
> >> >> <akshay.joshi@enterprisedb.com> wrote:
> >> >> >
> >> >> >
> >> >> > On Thu, Jul 12, 2012 at 5:21 PM, Dave Page <dpage@pgadmin.org> wrote:
> >> >> >>
> >> >> >> On Thu, Jul 12, 2012 at 12:04 PM, Akshay Joshi
> >> >> >> <akshay.joshi@enterprisedb.com> wrote:
> >> >> >> > Hi All
> >> >> >> >
> >> >> >> > I have tried a lot to figure out libssh2 is compiled with which
> >> >> >> > crypto
> >> >> >> > library, but unable to find it. Can someone guide/help me or do we
> >> >> >> > continue
> >> >> >> > with the public key option on UI?
> >> >> >>
> >> >> >> The libssh2 guys couldn't tell you how?
> >> >> >
> >> >> >
> >> >> >     I'll post this on mailing list, but I have found one solution to the
> >> >> > problem is checking the function "libssh2_md5" using AC_CHECK_LIB as
> >> >> > below
> >> >> >    AC_CHECK_LIB(ssh2, libssh2_md5, [IS_LIBSSH2_OPENSSL_CRYPTO=yes],
> >> >> > [IS_LIBSSH2_OPENSSL_CRYPTO=no])
> >> >> >
> >> >> >    I have analyze libssh2 source code and found "libssh2_md5" is
> >> >> > implemented
> >> >> > only for openssl version not for the gcrypt. I have tested it with both
> >> >> >    the version of libssh2.so.
> >> >> >
> >> >> >    Thoughts? Comments?
> >> >>
> >> >> Is there a way to test the actual function that we want to call
> >> >> instead? Will it fail right away, or does it actually require there to
> >> >> be a server somewhere that we can connect to? (If it requires a server
> >> >> we can't use that one in configure, but if it will fail right away,
> >> >> that seems like a better way to test it.
> >> >
> >> >
> >> >    To check the actual function we requires a valid server. Yesterday I have
> >> > posted the problem to the libssh2 mailing list, but still didn't get
> >> > response.Meanwhile
> >> >    I have fixed the review comments given by Dave. Attached is the complete
> >> > patch with
> >> >    AC_CHECK_LIB(ssh2, libssh2_md5 [IS_LIBSSH2_OPENSSL_CRYPTO=yes],
> >> > [IS_LIBSSH2_OPENSSL_CRYPTO=no]) and it works with both version of
> >> >    libssh2.
> >> >
> >> >    Can we include libssh2 source code with pgAdmin3 to solve the problem?
> >> > Thoughts??Comments?
> >>
> >> I discussed that with Ashesh on Skype yesterday - I thought he was
> >> going to post to the list. Magnus suggested that option, and I'm
> >> beginning to think it's the way forward. The licence is compatible
> >> from what I can see, so that shouldn't be a problem. Then, we'd just
> >> modify the configure script to add a dependency on OpenSSL instead.
> >>
> >> If we do that though, we'd need to make it work if OpenSSL isn't
> >> available on the build platform. I'd suggest that if configure isn't
> >> given a valid OpenSSL installation (or can't find one), then we just
> >> disable all the tunnelling options - just surround the appropriate
> >> code in #ifdef OPENSSL or something and hide the tab on dlgServer.
> >>
> >> Anyone have any thoughts or objections to doing it that way?
> >>
> >
> > My only objection would be that we'll add yet another code in the
> > repository. I mean, we already have ogl, and gcc complains each time it
> > compiles it.
>
> Not for me - and I'd be the first to complain if I saw it doing that.
> What do you see?
>

These:

./ogl/drawn.cpp: In member function ‘virtual void wxOpSetGDI::Do(wxDC&,
double, double)’:
./ogl/drawn.cpp:423:53: warning: cast to pointer from integer of
different size [-Wint-to-pointer-cast]
./ogl/drawn.cpp:444:53: warning: cast to pointer from integer of
different size [-Wint-to-pointer-cast]
./ogl/drawn.cpp:454:55: warning: cast to pointer from integer of
different size [-Wint-to-pointer-cast]
./ogl/drawn.cpp: In member function ‘virtual void
wxPseudoMetaFile::SetPen(wxPen*, bool)’:
./ogl/drawn.cpp:2443:46: warning: cast to pointer from integer of
different size [-Wint-to-pointer-cast]
./ogl/drawn.cpp: In member function ‘virtual void
wxPseudoMetaFile::SetBrush(wxBrush*, bool)’:
./ogl/drawn.cpp:2458:43: warning: cast to pointer from integer of
different size [-Wint-to-pointer-cast]

> > So we already havd ogl that we added but don't maintain. If
> > we add also libssh2, just to be clear, I don't want to maintain it.
> > Someone else will have to do this (just like ogl).
>
> The intention would be to add it as-is, and certainly not to modify it
> in any way. Any updates from upstream should be easy to incorporate by
> updating the source, and just adding any new files that are required.
>

OK, fine with me.


--
Guillaume
http://blog.guillaume.lelarge.info
http://www.dalibo.com


Re: SSH Tunneling implementation

From
Dave Page
Date:
On Mon, Jul 16, 2012 at 10:21 PM, Guillaume Lelarge
<guillaume@lelarge.info> wrote:
> On Sun, 2012-07-15 at 12:02 +0100, Dave Page wrote:
>>
>> Not for me - and I'd be the first to complain if I saw it doing that.
>> What do you see?
>>
>
> These:
>
> ./ogl/drawn.cpp: In member function ‘virtual void wxOpSetGDI::Do(wxDC&,
> double, double)’:
> ./ogl/drawn.cpp:423:53: warning: cast to pointer from integer of
> different size [-Wint-to-pointer-cast]
> ./ogl/drawn.cpp:444:53: warning: cast to pointer from integer of
> different size [-Wint-to-pointer-cast]
> ./ogl/drawn.cpp:454:55: warning: cast to pointer from integer of
> different size [-Wint-to-pointer-cast]
> ./ogl/drawn.cpp: In member function ‘virtual void
> wxPseudoMetaFile::SetPen(wxPen*, bool)’:
> ./ogl/drawn.cpp:2443:46: warning: cast to pointer from integer of
> different size [-Wint-to-pointer-cast]
> ./ogl/drawn.cpp: In member function ‘virtual void
> wxPseudoMetaFile::SetBrush(wxBrush*, bool)’:
> ./ogl/drawn.cpp:2458:43: warning: cast to pointer from integer of
> different size [-Wint-to-pointer-cast]

What platform/GCC version?


--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

Re: SSH Tunneling implementation

From
Guillaume Lelarge
Date:
On Tue, 2012-07-17 at 08:10 +0100, Dave Page wrote:
> On Mon, Jul 16, 2012 at 10:21 PM, Guillaume Lelarge
> <guillaume@lelarge.info> wrote:
> > On Sun, 2012-07-15 at 12:02 +0100, Dave Page wrote:
> >>
> >> Not for me - and I'd be the first to complain if I saw it doing that.
> >> What do you see?
> >>
> >
> > These:
> >
> > ./ogl/drawn.cpp: In member function ‘virtual void wxOpSetGDI::Do(wxDC&,
> > double, double)’:
> > ./ogl/drawn.cpp:423:53: warning: cast to pointer from integer of
> > different size [-Wint-to-pointer-cast]
> > ./ogl/drawn.cpp:444:53: warning: cast to pointer from integer of
> > different size [-Wint-to-pointer-cast]
> > ./ogl/drawn.cpp:454:55: warning: cast to pointer from integer of
> > different size [-Wint-to-pointer-cast]
> > ./ogl/drawn.cpp: In member function ‘virtual void
> > wxPseudoMetaFile::SetPen(wxPen*, bool)’:
> > ./ogl/drawn.cpp:2443:46: warning: cast to pointer from integer of
> > different size [-Wint-to-pointer-cast]
> > ./ogl/drawn.cpp: In member function ‘virtual void
> > wxPseudoMetaFile::SetBrush(wxBrush*, bool)’:
> > ./ogl/drawn.cpp:2458:43: warning: cast to pointer from integer of
> > different size [-Wint-to-pointer-cast]
>
> What platform/GCC version?
>

Fedora 17, gcc 4.7 (gcc (GCC) 4.7.0 20120507 (Red Hat 4.7.0-5)). With
full updates on every possible RPM.


--
Guillaume
http://blog.guillaume.lelarge.info
http://www.dalibo.com


Re: SSH Tunneling implementation

From
Dave Page
Date:
On Tue, Jul 17, 2012 at 8:17 AM, Guillaume Lelarge
<guillaume@lelarge.info> wrote:
> On Tue, 2012-07-17 at 08:10 +0100, Dave Page wrote:
>> On Mon, Jul 16, 2012 at 10:21 PM, Guillaume Lelarge
>> <guillaume@lelarge.info> wrote:
>> > On Sun, 2012-07-15 at 12:02 +0100, Dave Page wrote:
>> >>
>> >> Not for me - and I'd be the first to complain if I saw it doing that.
>> >> What do you see?
>> >>
>> >
>> > These:
>> >
>> > ./ogl/drawn.cpp: In member function ‘virtual void wxOpSetGDI::Do(wxDC&,
>> > double, double)’:
>> > ./ogl/drawn.cpp:423:53: warning: cast to pointer from integer of
>> > different size [-Wint-to-pointer-cast]
>> > ./ogl/drawn.cpp:444:53: warning: cast to pointer from integer of
>> > different size [-Wint-to-pointer-cast]
>> > ./ogl/drawn.cpp:454:55: warning: cast to pointer from integer of
>> > different size [-Wint-to-pointer-cast]
>> > ./ogl/drawn.cpp: In member function ‘virtual void
>> > wxPseudoMetaFile::SetPen(wxPen*, bool)’:
>> > ./ogl/drawn.cpp:2443:46: warning: cast to pointer from integer of
>> > different size [-Wint-to-pointer-cast]
>> > ./ogl/drawn.cpp: In member function ‘virtual void
>> > wxPseudoMetaFile::SetBrush(wxBrush*, bool)’:
>> > ./ogl/drawn.cpp:2458:43: warning: cast to pointer from integer of
>> > different size [-Wint-to-pointer-cast]
>>
>> What platform/GCC version?
>>
>
> Fedora 17, gcc 4.7 (gcc (GCC) 4.7.0 20120507 (Red Hat 4.7.0-5)). With
> full updates on every possible RPM.

32 or 64 bit? Intel I assume?


--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

Re: SSH Tunneling implementation

From
Guillaume Lelarge
Date:
On Tue, 2012-07-17 at 08:30 +0100, Dave Page wrote:
> On Tue, Jul 17, 2012 at 8:17 AM, Guillaume Lelarge
> <guillaume@lelarge.info> wrote:
> > On Tue, 2012-07-17 at 08:10 +0100, Dave Page wrote:
> >> On Mon, Jul 16, 2012 at 10:21 PM, Guillaume Lelarge
> >> <guillaume@lelarge.info> wrote:
> >> > On Sun, 2012-07-15 at 12:02 +0100, Dave Page wrote:
> >> >>
> >> >> Not for me - and I'd be the first to complain if I saw it doing that.
> >> >> What do you see?
> >> >>
> >> >
> >> > These:
> >> >
> >> > ./ogl/drawn.cpp: In member function ‘virtual void wxOpSetGDI::Do(wxDC&,
> >> > double, double)’:
> >> > ./ogl/drawn.cpp:423:53: warning: cast to pointer from integer of
> >> > different size [-Wint-to-pointer-cast]
> >> > ./ogl/drawn.cpp:444:53: warning: cast to pointer from integer of
> >> > different size [-Wint-to-pointer-cast]
> >> > ./ogl/drawn.cpp:454:55: warning: cast to pointer from integer of
> >> > different size [-Wint-to-pointer-cast]
> >> > ./ogl/drawn.cpp: In member function ‘virtual void
> >> > wxPseudoMetaFile::SetPen(wxPen*, bool)’:
> >> > ./ogl/drawn.cpp:2443:46: warning: cast to pointer from integer of
> >> > different size [-Wint-to-pointer-cast]
> >> > ./ogl/drawn.cpp: In member function ‘virtual void
> >> > wxPseudoMetaFile::SetBrush(wxBrush*, bool)’:
> >> > ./ogl/drawn.cpp:2458:43: warning: cast to pointer from integer of
> >> > different size [-Wint-to-pointer-cast]
> >>
> >> What platform/GCC version?
> >>
> >
> > Fedora 17, gcc 4.7 (gcc (GCC) 4.7.0 20120507 (Red Hat 4.7.0-5)). With
> > full updates on every possible RPM.
>
> 32 or 64 bit? Intel I assume?
>

Intel 64 bit.


--
Guillaume
http://blog.guillaume.lelarge.info
http://www.dalibo.com


Re: SSH Tunneling implementation

From
Dave Page
Date:
On Tue, Jul 17, 2012 at 8:56 AM, Guillaume Lelarge
<guillaume@lelarge.info> wrote:
> On Tue, 2012-07-17 at 08:30 +0100, Dave Page wrote:
>> On Tue, Jul 17, 2012 at 8:17 AM, Guillaume Lelarge
>> <guillaume@lelarge.info> wrote:
>> > On Tue, 2012-07-17 at 08:10 +0100, Dave Page wrote:
>> >> On Mon, Jul 16, 2012 at 10:21 PM, Guillaume Lelarge
>> >> <guillaume@lelarge.info> wrote:
>> >> > On Sun, 2012-07-15 at 12:02 +0100, Dave Page wrote:
>> >> >>
>> >> >> Not for me - and I'd be the first to complain if I saw it doing that.
>> >> >> What do you see?
>> >> >>
>> >> >
>> >> > These:
>> >> >
>> >> > ./ogl/drawn.cpp: In member function ‘virtual void wxOpSetGDI::Do(wxDC&,
>> >> > double, double)’:
>> >> > ./ogl/drawn.cpp:423:53: warning: cast to pointer from integer of
>> >> > different size [-Wint-to-pointer-cast]
>> >> > ./ogl/drawn.cpp:444:53: warning: cast to pointer from integer of
>> >> > different size [-Wint-to-pointer-cast]
>> >> > ./ogl/drawn.cpp:454:55: warning: cast to pointer from integer of
>> >> > different size [-Wint-to-pointer-cast]
>> >> > ./ogl/drawn.cpp: In member function ‘virtual void
>> >> > wxPseudoMetaFile::SetPen(wxPen*, bool)’:
>> >> > ./ogl/drawn.cpp:2443:46: warning: cast to pointer from integer of
>> >> > different size [-Wint-to-pointer-cast]
>> >> > ./ogl/drawn.cpp: In member function ‘virtual void
>> >> > wxPseudoMetaFile::SetBrush(wxBrush*, bool)’:
>> >> > ./ogl/drawn.cpp:2458:43: warning: cast to pointer from integer of
>> >> > different size [-Wint-to-pointer-cast]
>> >>
>> >> What platform/GCC version?
>> >>
>> >
>> > Fedora 17, gcc 4.7 (gcc (GCC) 4.7.0 20120507 (Red Hat 4.7.0-5)). With
>> > full updates on every possible RPM.
>>
>> 32 or 64 bit? Intel I assume?
>>
>
> Intel 64 bit.

Thanks.

--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

Re: SSH Tunneling implementation

From
Dave Page
Date:
On Tue, Jul 17, 2012 at 9:20 AM, Dave Page <dpage@pgadmin.org> wrote:
> On Tue, Jul 17, 2012 at 8:56 AM, Guillaume Lelarge
> <guillaume@lelarge.info> wrote:
>> On Tue, 2012-07-17 at 08:30 +0100, Dave Page wrote:
>>> On Tue, Jul 17, 2012 at 8:17 AM, Guillaume Lelarge
>>> <guillaume@lelarge.info> wrote:
>>> > On Tue, 2012-07-17 at 08:10 +0100, Dave Page wrote:
>>> >> On Mon, Jul 16, 2012 at 10:21 PM, Guillaume Lelarge
>>> >> <guillaume@lelarge.info> wrote:
>>> >> > On Sun, 2012-07-15 at 12:02 +0100, Dave Page wrote:
>>> >> >>
>>> >> >> Not for me - and I'd be the first to complain if I saw it doing that.
>>> >> >> What do you see?
>>> >> >>
>>> >> >
>>> >> > These:
>>> >> >
>>> >> > ./ogl/drawn.cpp: In member function ‘virtual void wxOpSetGDI::Do(wxDC&,
>>> >> > double, double)’:
>>> >> > ./ogl/drawn.cpp:423:53: warning: cast to pointer from integer of
>>> >> > different size [-Wint-to-pointer-cast]
>>> >> > ./ogl/drawn.cpp:444:53: warning: cast to pointer from integer of
>>> >> > different size [-Wint-to-pointer-cast]
>>> >> > ./ogl/drawn.cpp:454:55: warning: cast to pointer from integer of
>>> >> > different size [-Wint-to-pointer-cast]
>>> >> > ./ogl/drawn.cpp: In member function ‘virtual void
>>> >> > wxPseudoMetaFile::SetPen(wxPen*, bool)’:
>>> >> > ./ogl/drawn.cpp:2443:46: warning: cast to pointer from integer of
>>> >> > different size [-Wint-to-pointer-cast]
>>> >> > ./ogl/drawn.cpp: In member function ‘virtual void
>>> >> > wxPseudoMetaFile::SetBrush(wxBrush*, bool)’:
>>> >> > ./ogl/drawn.cpp:2458:43: warning: cast to pointer from integer of
>>> >> > different size [-Wint-to-pointer-cast]
>>> >>
>>> >> What platform/GCC version?
>>> >>
>>> >
>>> > Fedora 17, gcc 4.7 (gcc (GCC) 4.7.0 20120507 (Red Hat 4.7.0-5)). With
>>> > full updates on every possible RPM.
>>>
>>> 32 or 64 bit? Intel I assume?
>>>
>>
>> Intel 64 bit.
>
> Thanks.

OK, I'm going to have to download Fedora 17. I don't get any warnings
on CentOS 6 with GCC 4.4.6.

--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

Re: SSH Tunneling implementation

From
Dave Page
Date:
On Tue, Jul 17, 2012 at 2:16 PM, Akshay Joshi
<akshay.joshi@enterprisedb.com> wrote:
> Hi
>
> I am facing one problem while adding libssh2 source code in pgAdmin3. As
> there are two file with same name "misc.c" and "misc.cpp", so compiler is
> unable to create object file. On Windows I have changed the path of the
> object file, but not found any solution on Linux. Meanwhile I have changed
> the name of libssh2's "misc.c" to "libssh2_misc.c" and start compilation.
>
> Suggestions? Comments?

Yeah, that's because of the way we have a single makefile and a bunch
of module.mk files in pgAdmin. We really need to refactor that in some
way such that the object files are created alongside the source files.

In the meantime, I think yours is the appropriate solution.

--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

Re: SSH Tunneling implementation

From
Akshay Joshi
Date:
Hi

I am facing one problem while adding libssh2 source code in pgAdmin3. As there are two file with same name "misc.c" and "misc.cpp", so compiler is unable to create object file. On Windows I have changed the path of the object file, but not found any solution on Linux. Meanwhile I have changed the name of libssh2's "misc.c" to "libssh2_misc.c" and start compilation.

Suggestions? Comments?

On Tue, Jul 17, 2012 at 6:22 PM, Dave Page <dpage@pgadmin.org> wrote:
On Tue, Jul 17, 2012 at 9:20 AM, Dave Page <dpage@pgadmin.org> wrote:
> On Tue, Jul 17, 2012 at 8:56 AM, Guillaume Lelarge
> <guillaume@lelarge.info> wrote:
>> On Tue, 2012-07-17 at 08:30 +0100, Dave Page wrote:
>>> On Tue, Jul 17, 2012 at 8:17 AM, Guillaume Lelarge
>>> <guillaume@lelarge.info> wrote:
>>> > On Tue, 2012-07-17 at 08:10 +0100, Dave Page wrote:
>>> >> On Mon, Jul 16, 2012 at 10:21 PM, Guillaume Lelarge
>>> >> <guillaume@lelarge.info> wrote:
>>> >> > On Sun, 2012-07-15 at 12:02 +0100, Dave Page wrote:
>>> >> >>
>>> >> >> Not for me - and I'd be the first to complain if I saw it doing that.
>>> >> >> What do you see?
>>> >> >>
>>> >> >
>>> >> > These:
>>> >> >
>>> >> > ./ogl/drawn.cpp: In member function ‘virtual void wxOpSetGDI::Do(wxDC&,
>>> >> > double, double)’:
>>> >> > ./ogl/drawn.cpp:423:53: warning: cast to pointer from integer of
>>> >> > different size [-Wint-to-pointer-cast]
>>> >> > ./ogl/drawn.cpp:444:53: warning: cast to pointer from integer of
>>> >> > different size [-Wint-to-pointer-cast]
>>> >> > ./ogl/drawn.cpp:454:55: warning: cast to pointer from integer of
>>> >> > different size [-Wint-to-pointer-cast]
>>> >> > ./ogl/drawn.cpp: In member function ‘virtual void
>>> >> > wxPseudoMetaFile::SetPen(wxPen*, bool)’:
>>> >> > ./ogl/drawn.cpp:2443:46: warning: cast to pointer from integer of
>>> >> > different size [-Wint-to-pointer-cast]
>>> >> > ./ogl/drawn.cpp: In member function ‘virtual void
>>> >> > wxPseudoMetaFile::SetBrush(wxBrush*, bool)’:
>>> >> > ./ogl/drawn.cpp:2458:43: warning: cast to pointer from integer of
>>> >> > different size [-Wint-to-pointer-cast]
>>> >>
>>> >> What platform/GCC version?
>>> >>
>>> >
>>> > Fedora 17, gcc 4.7 (gcc (GCC) 4.7.0 20120507 (Red Hat 4.7.0-5)). With
>>> > full updates on every possible RPM.
>>>
>>> 32 or 64 bit? Intel I assume?
>>>
>>
>> Intel 64 bit.
>
> Thanks.

OK, I'm going to have to download Fedora 17. I don't get any warnings
on CentOS 6 with GCC 4.4.6.

--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company



--
Akshay Joshi
Senior Software Engineer 
EnterpriseDB Corporation
The Enterprise PostgreSQL Company
Phone: +91 20-3058-9522
Mobile: +91 976-788-8246

Re: SSH Tunneling implementation

From
Dave Page
Date:


On Tue, Jul 17, 2012 at 5:15 PM, Ashesh Vashi <ashesh.vashi@enterprisedb.com> wrote:
On Tue, Jul 17, 2012 at 6:56 PM, Dave Page <dpage@pgadmin.org> wrote:

Yeah, that's because of the way we have a single makefile and a bunch
of module.mk files in pgAdmin. We really need to refactor that in some
way such that the object files are created alongside the source files.

In the meantime, I think yours is the appropriate solution.
This patch should resolve this issue.
This will build the object file in particular subdirectories.

Can you please take a look at it?

 Thanks - this seems to work nicely. Patch applied.

--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

Re: SSH Tunneling implementation

From
Akshay Joshi
Date:
Hi 

I have added "libssh2" source code with pgAdmin3. Attached is the complete patch. I have modified the acinclude.m4 and configure.ac.in to build libssh2 code.
Added "config.rpath.in" which is required to build libssh2 source code.

Please review and let me know the review comments.

On Wed, Jul 18, 2012 at 5:06 PM, Dave Page <dpage@pgadmin.org> wrote:


On Tue, Jul 17, 2012 at 5:15 PM, Ashesh Vashi <ashesh.vashi@enterprisedb.com> wrote:
On Tue, Jul 17, 2012 at 6:56 PM, Dave Page <dpage@pgadmin.org> wrote:

Yeah, that's because of the way we have a single makefile and a bunch
of module.mk files in pgAdmin. We really need to refactor that in some
way such that the object files are created alongside the source files.

In the meantime, I think yours is the appropriate solution.
This patch should resolve this issue.
This will build the object file in particular subdirectories.

Can you please take a look at it?

 Thanks - this seems to work nicely. Patch applied.

--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company




--
Akshay Joshi
Senior Software Engineer 
EnterpriseDB Corporation
The Enterprise PostgreSQL Company
Phone: +91 20-3058-9522
Mobile: +91 976-788-8246

Attachment

Re: SSH Tunneling implementation

From
Dave Page
Date:
Hi

On Thu, Jul 19, 2012 at 8:51 AM, Akshay Joshi
<akshay.joshi@enterprisedb.com> wrote:
> Hi
>
> I have added "libssh2" source code with pgAdmin3. Attached is the complete
> patch. I have modified the acinclude.m4 and configure.ac.in to build libssh2
> code.
> Added "config.rpath.in" which is required to build libssh2 source code.
>
> Please review and let me know the review comments.

I get the following on the link step on Mac:

...
ui/xrcDialogs.o utils/csvfiles.o utils/factory.o utils/favourites.o
utils/misc.o utils/pgconfig.o utils/registry.o utils/sysLogger.o
utils/sysProcess.o utils/sysSettings.o utils/tabcomplete.o
utils/utffile.o utils/macros.o utils/sshTunnel.o libssh2/agent.o
libssh2/channel.o libssh2/comp.o libssh2/crypt.o libssh2/global.o
libssh2/hostkey.o libssh2/keepalive.o libssh2/kex.o
libssh2/knownhost.o libssh2/libgcrypt.o libssh2/mac.o libssh2/misc.o
libssh2/openssl.o libssh2/packet.o libssh2/pem.o libssh2/publickey.o
libssh2/scp.o libssh2/session.o libssh2/sftp.o libssh2/transport.o
libssh2/userauth.o libssh2/version.o -L/usr/local/lib  -framework
IOKit -framework Carbon -framework Cocoa -framework System -framework
QuickTime -framework OpenGL -framework AGL -lwx_macud_stc-2.8
-lwx_macud_richtext-2.8 -lwx_macud_aui-2.8 -lwx_macud_xrc-2.8
-lwx_macud_qa-2.8 -lwx_macud_html-2.8 -lwx_macud_adv-2.8
-lwx_macud_core-2.8 -lwx_base_carbonud_xml-2.8
-lwx_base_carbonud_net-2.8 -lwx_base_carbonud-2.8 -arch i386
-L/usr/local/lib -lxml2 -lz -lpthread -liconv -lm -L/usr/local/lib
-lxslt -lxml2 -lz -lpthread -liconv -lm -L/usr/local/pgsql/lib -lpq
Undefined symbols for architecture i386:
  "_OPENSSL_add_all_algorithms_noconf", referenced from:
      _libssh2_init in global.o
  "_RAND_bytes", referenced from:
      _channel_x11_req in channel.o
      _kexinit in kex.o
      __libssh2_transport_send in transport.o
  "_EVP_CIPHER_CTX_cleanup", referenced from:
      _crypt_dtor in crypt.o
      _aes_ctr_cleanup in openssl.o
  "_EVP_aes_128_cbc", referenced from:
      _libssh2_crypt_method_aes128_cbc in crypt.o
  "_EVP_aes_192_cbc", referenced from:
      _libssh2_crypt_method_aes192_cbc in crypt.o
  "_EVP_aes_256_cbc", referenced from:
      _libssh2_crypt_method_aes256_cbc in crypt.o
      _libssh2_crypt_method_rijndael_cbc_lysator_liu_se in crypt.o
  "_EVP_bf_cbc", referenced from:
      _libssh2_crypt_method_blowfish_cbc in crypt.o
  "_EVP_rc4", referenced from:
      _libssh2_crypt_method_arcfour in crypt.o
      _libssh2_crypt_method_arcfour128 in crypt.o
  "_EVP_cast5_cbc", referenced from:
      _libssh2_crypt_method_cast128_cbc in crypt.o
  "_EVP_des_ede3_cbc", referenced from:
      _libssh2_crypt_method_3des_cbc in crypt.o
  "_EVP_get_digestbyname", referenced from:
      _hostkey_method_ssh_rsa_signv in hostkey.o
      _hostkey_method_ssh_dss_signv in hostkey.o
      _diffie_hellman_sha1 in kex.o
      _libssh2_sha1 in openssl.o
      _libssh2_md5 in openssl.o
  "_EVP_DigestInit", referenced from:
      _hostkey_method_ssh_rsa_signv in hostkey.o
      _hostkey_method_ssh_dss_signv in hostkey.o
      _diffie_hellman_sha1 in kex.o
      _libssh2_sha1 in openssl.o
      _libssh2_md5 in openssl.o
  "_EVP_DigestUpdate", referenced from:
      _hostkey_method_ssh_rsa_signv in hostkey.o
      _hostkey_method_ssh_dss_signv in hostkey.o
      _diffie_hellman_sha1 in kex.o
      _libssh2_sha1 in openssl.o
      _libssh2_md5 in openssl.o
  "_EVP_DigestFinal", referenced from:
      _hostkey_method_ssh_rsa_signv in hostkey.o
      _hostkey_method_ssh_dss_signv in hostkey.o
      _diffie_hellman_sha1 in kex.o
      _libssh2_sha1 in openssl.o
      _libssh2_md5 in openssl.o
  "_RSA_free", referenced from:
      _hostkey_method_ssh_rsa_dtor in hostkey.o
      _gen_publickey_from_rsa_evp in openssl.o
  "_DSA_free", referenced from:
      _hostkey_method_ssh_dss_dtor in hostkey.o
      _gen_publickey_from_dsa_evp in openssl.o
  "_BN_CTX_new", referenced from:
      _diffie_hellman_sha1 in kex.o
  "_BN_new", referenced from:
      _diffie_hellman_sha1 in kex.o
      _kex_method_diffie_hellman_group1_sha1_key_exchange in kex.o
      _kex_method_diffie_hellman_group14_sha1_key_exchange in kex.o
      _kex_method_diffie_hellman_group_exchange_sha1_key_exchange in kex.o
      __libssh2_rsa_new in openssl.o
      __libssh2_dsa_new in openssl.o
      __libssh2_dsa_sha1_verify in openssl.o
      ...
  "_BN_rand", referenced from:
      _diffie_hellman_sha1 in kex.o
  "_BN_mod_exp", referenced from:
      _diffie_hellman_sha1 in kex.o
  "_BN_num_bits", referenced from:
      _diffie_hellman_sha1 in kex.o
      __libssh2_dsa_sha1_sign in openssl.o
      _gen_publickey_from_rsa in openssl.o
      _gen_publickey_from_dsa in openssl.o
  "_BN_bn2bin", referenced from:
      _diffie_hellman_sha1 in kex.o
      __libssh2_dsa_sha1_sign in openssl.o
      _write_bn in openssl.o
  "_BN_bin2bn", referenced from:
      _diffie_hellman_sha1 in kex.o
      _kex_method_diffie_hellman_group1_sha1_key_exchange in kex.o
      _kex_method_diffie_hellman_group14_sha1_key_exchange in kex.o
      _kex_method_diffie_hellman_group_exchange_sha1_key_exchange in kex.o
      __libssh2_rsa_new in openssl.o
      __libssh2_dsa_new in openssl.o
      __libssh2_dsa_sha1_verify in openssl.o
      ...
  "_BN_clear_free", referenced from:
      _diffie_hellman_sha1 in kex.o
      _kex_method_diffie_hellman_group1_sha1_key_exchange in kex.o
      _kex_method_diffie_hellman_group14_sha1_key_exchange in kex.o
      _kex_method_diffie_hellman_group_exchange_sha1_key_exchange in kex.o
      __libssh2_dsa_sha1_verify in openssl.o
  "_BN_CTX_free", referenced from:
      _diffie_hellman_sha1 in kex.o
  "_BN_set_word", referenced from:
      _kex_method_diffie_hellman_group1_sha1_key_exchange in kex.o
      _kex_method_diffie_hellman_group14_sha1_key_exchange in kex.o
  "_EVP_sha1", referenced from:
      _knownhost_check in knownhost.o
      _mac_method_hmac_sha1_hash in mac.o
  "_HMAC_Init", referenced from:
      _knownhost_check in knownhost.o
      _mac_method_hmac_sha1_hash in mac.o
      _mac_method_hmac_md5_hash in mac.o
      _mac_method_hmac_ripemd160_hash in mac.o
  "_HMAC_Update", referenced from:
      _knownhost_check in knownhost.o
      _mac_method_hmac_sha1_hash in mac.o
      _mac_method_hmac_md5_hash in mac.o
      _mac_method_hmac_ripemd160_hash in mac.o
  "_HMAC_Final", referenced from:
      _knownhost_check in knownhost.o
      _mac_method_hmac_sha1_hash in mac.o
      _mac_method_hmac_md5_hash in mac.o
      _mac_method_hmac_ripemd160_hash in mac.o
  "_HMAC_CTX_cleanup", referenced from:
      _knownhost_check in knownhost.o
      _mac_method_hmac_sha1_hash in mac.o
      _mac_method_hmac_md5_hash in mac.o
      _mac_method_hmac_ripemd160_hash in mac.o
  "_EVP_md5", referenced from:
      _mac_method_hmac_md5_hash in mac.o
  "_EVP_ripemd160", referenced from:
      _mac_method_hmac_ripemd160_hash in mac.o
  "_RSA_new", referenced from:
      __libssh2_rsa_new in openssl.o
  "_RSA_verify", referenced from:
      __libssh2_rsa_sha1_verify in openssl.o
  "_DSA_new", referenced from:
      __libssh2_dsa_new in openssl.o
  "_DSA_do_verify", referenced from:
      __libssh2_dsa_sha1_verify in openssl.o
  "_EVP_CIPHER_CTX_init", referenced from:
      __libssh2_cipher_init in openssl.o
  "_EVP_CipherInit", referenced from:
      __libssh2_cipher_init in openssl.o
  "_EVP_Cipher", referenced from:
      __libssh2_cipher_crypt in openssl.o
  "_EVP_aes_128_ecb", referenced from:
      _aes_ctr_init in openssl.o
  "_EVP_aes_192_ecb", referenced from:
      _aes_ctr_init in openssl.o
  "_EVP_aes_256_ecb", referenced from:
      _aes_ctr_init in openssl.o
  "_EVP_EncryptInit", referenced from:
      _aes_ctr_init in openssl.o
  "_EVP_CIPHER_CTX_set_padding", referenced from:
      _aes_ctr_init in openssl.o
  "_EVP_CIPHER_CTX_set_app_data", referenced from:
      _aes_ctr_init in openssl.o
  "_EVP_CIPHER_CTX_get_app_data", referenced from:
      _aes_ctr_do_cipher in openssl.o
      _aes_ctr_cleanup in openssl.o
  "_EVP_EncryptUpdate", referenced from:
      _aes_ctr_do_cipher in openssl.o
  "_BIO_new_file", referenced from:
      _read_private_key_from_file in openssl.o
      __libssh2_pub_priv_keyfile in openssl.o
  "_BIO_free", referenced from:
      _read_private_key_from_file in openssl.o
      __libssh2_pub_priv_keyfile in openssl.o
  "_RSA_size", referenced from:
      __libssh2_rsa_sha1_sign in openssl.o
  "_RSA_sign", referenced from:
      __libssh2_rsa_sha1_sign in openssl.o
  "_DSA_do_sign", referenced from:
      __libssh2_dsa_sha1_sign in openssl.o
  "_DSA_SIG_free", referenced from:
      __libssh2_dsa_sha1_sign in openssl.o
  "_EVP_PKEY_get1_RSA", referenced from:
      _gen_publickey_from_rsa_evp in openssl.o
  "_EVP_PKEY_get1_DSA", referenced from:
      _gen_publickey_from_dsa_evp in openssl.o
  "_EVP_get_cipherbyname", referenced from:
      __libssh2_pub_priv_keyfile in openssl.o
  "_OpenSSL_add_all_ciphers", referenced from:
      __libssh2_pub_priv_keyfile in openssl.o
  "_BIO_ctrl", referenced from:
      __libssh2_pub_priv_keyfile in openssl.o
  "_PEM_read_bio_PrivateKey", referenced from:
      __libssh2_pub_priv_keyfile in openssl.o
  "_EVP_PKEY_free", referenced from:
      __libssh2_pub_priv_keyfile in openssl.o
  "_PEM_read_bio_DSAPrivateKey", referenced from:
      __libssh2_dsa_new_private in openssl.o
  "_PEM_read_bio_RSAPrivateKey", referenced from:
      __libssh2_rsa_new_private in openssl.o
ld: symbol(s) not found for architecture i386
collect2: ld returned 1 exit status
make[3]: *** [pgadmin3] Error 1
make[2]: *** [all] Error 2
make[1]: *** [all-recursive] Error 1
make: *** [all] Error 2



--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

Re: SSH Tunneling implementation

From
Akshay Joshi
Date:


On Thu, Jul 19, 2012 at 3:33 PM, Dave Page <dpage@pgadmin.org> wrote:
Hi

On Thu, Jul 19, 2012 at 8:51 AM, Akshay Joshi
<akshay.joshi@enterprisedb.com> wrote:
> Hi
>
> I have added "libssh2" source code with pgAdmin3. Attached is the complete
> patch. I have modified the acinclude.m4 and configure.ac.in to build libssh2
> code.
> Added "config.rpath.in" which is required to build libssh2 source code.
>
> Please review and let me know the review comments.

I get the following on the link step on Mac:

...
ui/xrcDialogs.o utils/csvfiles.o utils/factory.o utils/favourites.o
utils/misc.o utils/pgconfig.o utils/registry.o utils/sysLogger.o
utils/sysProcess.o utils/sysSettings.o utils/tabcomplete.o
utils/utffile.o utils/macros.o utils/sshTunnel.o libssh2/agent.o
libssh2/channel.o libssh2/comp.o libssh2/crypt.o libssh2/global.o
libssh2/hostkey.o libssh2/keepalive.o libssh2/kex.o
libssh2/knownhost.o libssh2/libgcrypt.o libssh2/mac.o libssh2/misc.o
libssh2/openssl.o libssh2/packet.o libssh2/pem.o libssh2/publickey.o
libssh2/scp.o libssh2/session.o libssh2/sftp.o libssh2/transport.o
libssh2/userauth.o libssh2/version.o -L/usr/local/lib  -framework
IOKit -framework Carbon -framework Cocoa -framework System -framework
QuickTime -framework OpenGL -framework AGL -lwx_macud_stc-2.8
-lwx_macud_richtext-2.8 -lwx_macud_aui-2.8 -lwx_macud_xrc-2.8
-lwx_macud_qa-2.8 -lwx_macud_html-2.8 -lwx_macud_adv-2.8
-lwx_macud_core-2.8 -lwx_base_carbonud_xml-2.8
-lwx_base_carbonud_net-2.8 -lwx_base_carbonud-2.8 -arch i386
-L/usr/local/lib -lxml2 -lz -lpthread -liconv -lm -L/usr/local/lib
-lxslt -lxml2 -lz -lpthread -liconv -lm -L/usr/local/pgsql/lib -lpq
Undefined symbols for architecture i386:
  "_OPENSSL_add_all_algorithms_noconf", referenced from:
      _libssh2_init in global.o
  "_RAND_bytes", referenced from:
      _channel_x11_req in channel.o
      _kexinit in kex.o
      __libssh2_transport_send in transport.o
  "_EVP_CIPHER_CTX_cleanup", referenced from:
      _crypt_dtor in crypt.o
      _aes_ctr_cleanup in openssl.o
  "_EVP_aes_128_cbc", referenced from:
      _libssh2_crypt_method_aes128_cbc in crypt.o
  "_EVP_aes_192_cbc", referenced from:
      _libssh2_crypt_method_aes192_cbc in crypt.o
  "_EVP_aes_256_cbc", referenced from:
      _libssh2_crypt_method_aes256_cbc in crypt.o
      _libssh2_crypt_method_rijndael_cbc_lysator_liu_se in crypt.o
  "_EVP_bf_cbc", referenced from:
      _libssh2_crypt_method_blowfish_cbc in crypt.o
  "_EVP_rc4", referenced from:
      _libssh2_crypt_method_arcfour in crypt.o
      _libssh2_crypt_method_arcfour128 in crypt.o
  "_EVP_cast5_cbc", referenced from:
      _libssh2_crypt_method_cast128_cbc in crypt.o
  "_EVP_des_ede3_cbc", referenced from:
      _libssh2_crypt_method_3des_cbc in crypt.o
  "_EVP_get_digestbyname", referenced from:
      _hostkey_method_ssh_rsa_signv in hostkey.o
      _hostkey_method_ssh_dss_signv in hostkey.o
      _diffie_hellman_sha1 in kex.o
      _libssh2_sha1 in openssl.o
      _libssh2_md5 in openssl.o
  "_EVP_DigestInit", referenced from:
      _hostkey_method_ssh_rsa_signv in hostkey.o
      _hostkey_method_ssh_dss_signv in hostkey.o
      _diffie_hellman_sha1 in kex.o
      _libssh2_sha1 in openssl.o
      _libssh2_md5 in openssl.o
  "_EVP_DigestUpdate", referenced from:
      _hostkey_method_ssh_rsa_signv in hostkey.o
      _hostkey_method_ssh_dss_signv in hostkey.o
      _diffie_hellman_sha1 in kex.o
      _libssh2_sha1 in openssl.o
      _libssh2_md5 in openssl.o
  "_EVP_DigestFinal", referenced from:
      _hostkey_method_ssh_rsa_signv in hostkey.o
      _hostkey_method_ssh_dss_signv in hostkey.o
      _diffie_hellman_sha1 in kex.o
      _libssh2_sha1 in openssl.o
      _libssh2_md5 in openssl.o
  "_RSA_free", referenced from:
      _hostkey_method_ssh_rsa_dtor in hostkey.o
      _gen_publickey_from_rsa_evp in openssl.o
  "_DSA_free", referenced from:
      _hostkey_method_ssh_dss_dtor in hostkey.o
      _gen_publickey_from_dsa_evp in openssl.o
  "_BN_CTX_new", referenced from:
      _diffie_hellman_sha1 in kex.o
  "_BN_new", referenced from:
      _diffie_hellman_sha1 in kex.o
      _kex_method_diffie_hellman_group1_sha1_key_exchange in kex.o
      _kex_method_diffie_hellman_group14_sha1_key_exchange in kex.o
      _kex_method_diffie_hellman_group_exchange_sha1_key_exchange in kex.o
      __libssh2_rsa_new in openssl.o
      __libssh2_dsa_new in openssl.o
      __libssh2_dsa_sha1_verify in openssl.o
      ...
  "_BN_rand", referenced from:
      _diffie_hellman_sha1 in kex.o
  "_BN_mod_exp", referenced from:
      _diffie_hellman_sha1 in kex.o
  "_BN_num_bits", referenced from:
      _diffie_hellman_sha1 in kex.o
      __libssh2_dsa_sha1_sign in openssl.o
      _gen_publickey_from_rsa in openssl.o
      _gen_publickey_from_dsa in openssl.o
  "_BN_bn2bin", referenced from:
      _diffie_hellman_sha1 in kex.o
      __libssh2_dsa_sha1_sign in openssl.o
      _write_bn in openssl.o
  "_BN_bin2bn", referenced from:
      _diffie_hellman_sha1 in kex.o
      _kex_method_diffie_hellman_group1_sha1_key_exchange in kex.o
      _kex_method_diffie_hellman_group14_sha1_key_exchange in kex.o
      _kex_method_diffie_hellman_group_exchange_sha1_key_exchange in kex.o
      __libssh2_rsa_new in openssl.o
      __libssh2_dsa_new in openssl.o
      __libssh2_dsa_sha1_verify in openssl.o
      ...
  "_BN_clear_free", referenced from:
      _diffie_hellman_sha1 in kex.o
      _kex_method_diffie_hellman_group1_sha1_key_exchange in kex.o
      _kex_method_diffie_hellman_group14_sha1_key_exchange in kex.o
      _kex_method_diffie_hellman_group_exchange_sha1_key_exchange in kex.o
      __libssh2_dsa_sha1_verify in openssl.o
  "_BN_CTX_free", referenced from:
      _diffie_hellman_sha1 in kex.o
  "_BN_set_word", referenced from:
      _kex_method_diffie_hellman_group1_sha1_key_exchange in kex.o
      _kex_method_diffie_hellman_group14_sha1_key_exchange in kex.o
  "_EVP_sha1", referenced from:
      _knownhost_check in knownhost.o
      _mac_method_hmac_sha1_hash in mac.o
  "_HMAC_Init", referenced from:
      _knownhost_check in knownhost.o
      _mac_method_hmac_sha1_hash in mac.o
      _mac_method_hmac_md5_hash in mac.o
      _mac_method_hmac_ripemd160_hash in mac.o
  "_HMAC_Update", referenced from:
      _knownhost_check in knownhost.o
      _mac_method_hmac_sha1_hash in mac.o
      _mac_method_hmac_md5_hash in mac.o
      _mac_method_hmac_ripemd160_hash in mac.o
  "_HMAC_Final", referenced from:
      _knownhost_check in knownhost.o
      _mac_method_hmac_sha1_hash in mac.o
      _mac_method_hmac_md5_hash in mac.o
      _mac_method_hmac_ripemd160_hash in mac.o
  "_HMAC_CTX_cleanup", referenced from:
      _knownhost_check in knownhost.o
      _mac_method_hmac_sha1_hash in mac.o
      _mac_method_hmac_md5_hash in mac.o
      _mac_method_hmac_ripemd160_hash in mac.o
  "_EVP_md5", referenced from:
      _mac_method_hmac_md5_hash in mac.o
  "_EVP_ripemd160", referenced from:
      _mac_method_hmac_ripemd160_hash in mac.o
  "_RSA_new", referenced from:
      __libssh2_rsa_new in openssl.o
  "_RSA_verify", referenced from:
      __libssh2_rsa_sha1_verify in openssl.o
  "_DSA_new", referenced from:
      __libssh2_dsa_new in openssl.o
  "_DSA_do_verify", referenced from:
      __libssh2_dsa_sha1_verify in openssl.o
  "_EVP_CIPHER_CTX_init", referenced from:
      __libssh2_cipher_init in openssl.o
  "_EVP_CipherInit", referenced from:
      __libssh2_cipher_init in openssl.o
  "_EVP_Cipher", referenced from:
      __libssh2_cipher_crypt in openssl.o
  "_EVP_aes_128_ecb", referenced from:
      _aes_ctr_init in openssl.o
  "_EVP_aes_192_ecb", referenced from:
      _aes_ctr_init in openssl.o
  "_EVP_aes_256_ecb", referenced from:
      _aes_ctr_init in openssl.o
  "_EVP_EncryptInit", referenced from:
      _aes_ctr_init in openssl.o
  "_EVP_CIPHER_CTX_set_padding", referenced from:
      _aes_ctr_init in openssl.o
  "_EVP_CIPHER_CTX_set_app_data", referenced from:
      _aes_ctr_init in openssl.o
  "_EVP_CIPHER_CTX_get_app_data", referenced from:
      _aes_ctr_do_cipher in openssl.o
      _aes_ctr_cleanup in openssl.o
  "_EVP_EncryptUpdate", referenced from:
      _aes_ctr_do_cipher in openssl.o
  "_BIO_new_file", referenced from:
      _read_private_key_from_file in openssl.o
      __libssh2_pub_priv_keyfile in openssl.o
  "_BIO_free", referenced from:
      _read_private_key_from_file in openssl.o
      __libssh2_pub_priv_keyfile in openssl.o
  "_RSA_size", referenced from:
      __libssh2_rsa_sha1_sign in openssl.o
  "_RSA_sign", referenced from:
      __libssh2_rsa_sha1_sign in openssl.o
  "_DSA_do_sign", referenced from:
      __libssh2_dsa_sha1_sign in openssl.o
  "_DSA_SIG_free", referenced from:
      __libssh2_dsa_sha1_sign in openssl.o
  "_EVP_PKEY_get1_RSA", referenced from:
      _gen_publickey_from_rsa_evp in openssl.o
  "_EVP_PKEY_get1_DSA", referenced from:
      _gen_publickey_from_dsa_evp in openssl.o
  "_EVP_get_cipherbyname", referenced from:
      __libssh2_pub_priv_keyfile in openssl.o
  "_OpenSSL_add_all_ciphers", referenced from:
      __libssh2_pub_priv_keyfile in openssl.o
  "_BIO_ctrl", referenced from:
      __libssh2_pub_priv_keyfile in openssl.o
  "_PEM_read_bio_PrivateKey", referenced from:
      __libssh2_pub_priv_keyfile in openssl.o
  "_EVP_PKEY_free", referenced from:
      __libssh2_pub_priv_keyfile in openssl.o
  "_PEM_read_bio_DSAPrivateKey", referenced from:
      __libssh2_dsa_new_private in openssl.o
  "_PEM_read_bio_RSAPrivateKey", referenced from:
      __libssh2_rsa_new_private in openssl.o
ld: symbol(s) not found for architecture i386
collect2: ld returned 1 exit status
make[3]: *** [pgadmin3] Error 1
make[2]: *** [all] Error 2
make[1]: *** [all-recursive] Error 1
make: *** [all] Error 2


   I have tried to run it on MAC but getting below error when run bootstrap 

   configure.ac:85: error: possibly undefined macro: AC_LIB_HAVE_LINKFLAGS
      If this token and others are legitimate, please use m4_pattern_allow.
      See the Autoconf documentation.

  After some googling I have found it requires gettext to be installed. I did that but still facing the same problem. Is anybody have any idea how to
  solve this? 

--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company



--
Akshay Joshi
Senior Software Engineer 
EnterpriseDB Corporation
The Enterprise PostgreSQL Company
Phone: +91 20-3058-9522
Mobile: +91 976-788-8246

Re: SSH Tunneling implementation

From
Dave Page
Date:
On Thu, Jul 19, 2012 at 1:58 PM, Akshay Joshi
<akshay.joshi@enterprisedb.com> wrote:
>
>
> On Thu, Jul 19, 2012 at 3:33 PM, Dave Page <dpage@pgadmin.org> wrote:
>>
>> Hi
>>
>> On Thu, Jul 19, 2012 at 8:51 AM, Akshay Joshi
>> <akshay.joshi@enterprisedb.com> wrote:
>> > Hi
>> >
>> > I have added "libssh2" source code with pgAdmin3. Attached is the
>> > complete
>> > patch. I have modified the acinclude.m4 and configure.ac.in to build
>> > libssh2
>> > code.
>> > Added "config.rpath.in" which is required to build libssh2 source code.
>> >
>> > Please review and let me know the review comments.
>>
>> I get the following on the link step on Mac:
>>
>> ...
>> ui/xrcDialogs.o utils/csvfiles.o utils/factory.o utils/favourites.o
>> utils/misc.o utils/pgconfig.o utils/registry.o utils/sysLogger.o
>> utils/sysProcess.o utils/sysSettings.o utils/tabcomplete.o
>> utils/utffile.o utils/macros.o utils/sshTunnel.o libssh2/agent.o
>> libssh2/channel.o libssh2/comp.o libssh2/crypt.o libssh2/global.o
>> libssh2/hostkey.o libssh2/keepalive.o libssh2/kex.o
>> libssh2/knownhost.o libssh2/libgcrypt.o libssh2/mac.o libssh2/misc.o
>> libssh2/openssl.o libssh2/packet.o libssh2/pem.o libssh2/publickey.o
>> libssh2/scp.o libssh2/session.o libssh2/sftp.o libssh2/transport.o
>> libssh2/userauth.o libssh2/version.o -L/usr/local/lib  -framework
>> IOKit -framework Carbon -framework Cocoa -framework System -framework
>> QuickTime -framework OpenGL -framework AGL -lwx_macud_stc-2.8
>> -lwx_macud_richtext-2.8 -lwx_macud_aui-2.8 -lwx_macud_xrc-2.8
>> -lwx_macud_qa-2.8 -lwx_macud_html-2.8 -lwx_macud_adv-2.8
>> -lwx_macud_core-2.8 -lwx_base_carbonud_xml-2.8
>> -lwx_base_carbonud_net-2.8 -lwx_base_carbonud-2.8 -arch i386
>> -L/usr/local/lib -lxml2 -lz -lpthread -liconv -lm -L/usr/local/lib
>> -lxslt -lxml2 -lz -lpthread -liconv -lm -L/usr/local/pgsql/lib -lpq
>> Undefined symbols for architecture i386:
>>   "_OPENSSL_add_all_algorithms_noconf", referenced from:
>>       _libssh2_init in global.o
>>   "_RAND_bytes", referenced from:
>>       _channel_x11_req in channel.o
>>       _kexinit in kex.o
>>       __libssh2_transport_send in transport.o
>>   "_EVP_CIPHER_CTX_cleanup", referenced from:
>>       _crypt_dtor in crypt.o
>>       _aes_ctr_cleanup in openssl.o
>>   "_EVP_aes_128_cbc", referenced from:
>>       _libssh2_crypt_method_aes128_cbc in crypt.o
>>   "_EVP_aes_192_cbc", referenced from:
>>       _libssh2_crypt_method_aes192_cbc in crypt.o
>>   "_EVP_aes_256_cbc", referenced from:
>>       _libssh2_crypt_method_aes256_cbc in crypt.o
>>       _libssh2_crypt_method_rijndael_cbc_lysator_liu_se in crypt.o
>>   "_EVP_bf_cbc", referenced from:
>>       _libssh2_crypt_method_blowfish_cbc in crypt.o
>>   "_EVP_rc4", referenced from:
>>       _libssh2_crypt_method_arcfour in crypt.o
>>       _libssh2_crypt_method_arcfour128 in crypt.o
>>   "_EVP_cast5_cbc", referenced from:
>>       _libssh2_crypt_method_cast128_cbc in crypt.o
>>   "_EVP_des_ede3_cbc", referenced from:
>>       _libssh2_crypt_method_3des_cbc in crypt.o
>>   "_EVP_get_digestbyname", referenced from:
>>       _hostkey_method_ssh_rsa_signv in hostkey.o
>>       _hostkey_method_ssh_dss_signv in hostkey.o
>>       _diffie_hellman_sha1 in kex.o
>>       _libssh2_sha1 in openssl.o
>>       _libssh2_md5 in openssl.o
>>   "_EVP_DigestInit", referenced from:
>>       _hostkey_method_ssh_rsa_signv in hostkey.o
>>       _hostkey_method_ssh_dss_signv in hostkey.o
>>       _diffie_hellman_sha1 in kex.o
>>       _libssh2_sha1 in openssl.o
>>       _libssh2_md5 in openssl.o
>>   "_EVP_DigestUpdate", referenced from:
>>       _hostkey_method_ssh_rsa_signv in hostkey.o
>>       _hostkey_method_ssh_dss_signv in hostkey.o
>>       _diffie_hellman_sha1 in kex.o
>>       _libssh2_sha1 in openssl.o
>>       _libssh2_md5 in openssl.o
>>   "_EVP_DigestFinal", referenced from:
>>       _hostkey_method_ssh_rsa_signv in hostkey.o
>>       _hostkey_method_ssh_dss_signv in hostkey.o
>>       _diffie_hellman_sha1 in kex.o
>>       _libssh2_sha1 in openssl.o
>>       _libssh2_md5 in openssl.o
>>   "_RSA_free", referenced from:
>>       _hostkey_method_ssh_rsa_dtor in hostkey.o
>>       _gen_publickey_from_rsa_evp in openssl.o
>>   "_DSA_free", referenced from:
>>       _hostkey_method_ssh_dss_dtor in hostkey.o
>>       _gen_publickey_from_dsa_evp in openssl.o
>>   "_BN_CTX_new", referenced from:
>>       _diffie_hellman_sha1 in kex.o
>>   "_BN_new", referenced from:
>>       _diffie_hellman_sha1 in kex.o
>>       _kex_method_diffie_hellman_group1_sha1_key_exchange in kex.o
>>       _kex_method_diffie_hellman_group14_sha1_key_exchange in kex.o
>>       _kex_method_diffie_hellman_group_exchange_sha1_key_exchange in kex.o
>>       __libssh2_rsa_new in openssl.o
>>       __libssh2_dsa_new in openssl.o
>>       __libssh2_dsa_sha1_verify in openssl.o
>>       ...
>>   "_BN_rand", referenced from:
>>       _diffie_hellman_sha1 in kex.o
>>   "_BN_mod_exp", referenced from:
>>       _diffie_hellman_sha1 in kex.o
>>   "_BN_num_bits", referenced from:
>>       _diffie_hellman_sha1 in kex.o
>>       __libssh2_dsa_sha1_sign in openssl.o
>>       _gen_publickey_from_rsa in openssl.o
>>       _gen_publickey_from_dsa in openssl.o
>>   "_BN_bn2bin", referenced from:
>>       _diffie_hellman_sha1 in kex.o
>>       __libssh2_dsa_sha1_sign in openssl.o
>>       _write_bn in openssl.o
>>   "_BN_bin2bn", referenced from:
>>       _diffie_hellman_sha1 in kex.o
>>       _kex_method_diffie_hellman_group1_sha1_key_exchange in kex.o
>>       _kex_method_diffie_hellman_group14_sha1_key_exchange in kex.o
>>       _kex_method_diffie_hellman_group_exchange_sha1_key_exchange in kex.o
>>       __libssh2_rsa_new in openssl.o
>>       __libssh2_dsa_new in openssl.o
>>       __libssh2_dsa_sha1_verify in openssl.o
>>       ...
>>   "_BN_clear_free", referenced from:
>>       _diffie_hellman_sha1 in kex.o
>>       _kex_method_diffie_hellman_group1_sha1_key_exchange in kex.o
>>       _kex_method_diffie_hellman_group14_sha1_key_exchange in kex.o
>>       _kex_method_diffie_hellman_group_exchange_sha1_key_exchange in kex.o
>>       __libssh2_dsa_sha1_verify in openssl.o
>>   "_BN_CTX_free", referenced from:
>>       _diffie_hellman_sha1 in kex.o
>>   "_BN_set_word", referenced from:
>>       _kex_method_diffie_hellman_group1_sha1_key_exchange in kex.o
>>       _kex_method_diffie_hellman_group14_sha1_key_exchange in kex.o
>>   "_EVP_sha1", referenced from:
>>       _knownhost_check in knownhost.o
>>       _mac_method_hmac_sha1_hash in mac.o
>>   "_HMAC_Init", referenced from:
>>       _knownhost_check in knownhost.o
>>       _mac_method_hmac_sha1_hash in mac.o
>>       _mac_method_hmac_md5_hash in mac.o
>>       _mac_method_hmac_ripemd160_hash in mac.o
>>   "_HMAC_Update", referenced from:
>>       _knownhost_check in knownhost.o
>>       _mac_method_hmac_sha1_hash in mac.o
>>       _mac_method_hmac_md5_hash in mac.o
>>       _mac_method_hmac_ripemd160_hash in mac.o
>>   "_HMAC_Final", referenced from:
>>       _knownhost_check in knownhost.o
>>       _mac_method_hmac_sha1_hash in mac.o
>>       _mac_method_hmac_md5_hash in mac.o
>>       _mac_method_hmac_ripemd160_hash in mac.o
>>   "_HMAC_CTX_cleanup", referenced from:
>>       _knownhost_check in knownhost.o
>>       _mac_method_hmac_sha1_hash in mac.o
>>       _mac_method_hmac_md5_hash in mac.o
>>       _mac_method_hmac_ripemd160_hash in mac.o
>>   "_EVP_md5", referenced from:
>>       _mac_method_hmac_md5_hash in mac.o
>>   "_EVP_ripemd160", referenced from:
>>       _mac_method_hmac_ripemd160_hash in mac.o
>>   "_RSA_new", referenced from:
>>       __libssh2_rsa_new in openssl.o
>>   "_RSA_verify", referenced from:
>>       __libssh2_rsa_sha1_verify in openssl.o
>>   "_DSA_new", referenced from:
>>       __libssh2_dsa_new in openssl.o
>>   "_DSA_do_verify", referenced from:
>>       __libssh2_dsa_sha1_verify in openssl.o
>>   "_EVP_CIPHER_CTX_init", referenced from:
>>       __libssh2_cipher_init in openssl.o
>>   "_EVP_CipherInit", referenced from:
>>       __libssh2_cipher_init in openssl.o
>>   "_EVP_Cipher", referenced from:
>>       __libssh2_cipher_crypt in openssl.o
>>   "_EVP_aes_128_ecb", referenced from:
>>       _aes_ctr_init in openssl.o
>>   "_EVP_aes_192_ecb", referenced from:
>>       _aes_ctr_init in openssl.o
>>   "_EVP_aes_256_ecb", referenced from:
>>       _aes_ctr_init in openssl.o
>>   "_EVP_EncryptInit", referenced from:
>>       _aes_ctr_init in openssl.o
>>   "_EVP_CIPHER_CTX_set_padding", referenced from:
>>       _aes_ctr_init in openssl.o
>>   "_EVP_CIPHER_CTX_set_app_data", referenced from:
>>       _aes_ctr_init in openssl.o
>>   "_EVP_CIPHER_CTX_get_app_data", referenced from:
>>       _aes_ctr_do_cipher in openssl.o
>>       _aes_ctr_cleanup in openssl.o
>>   "_EVP_EncryptUpdate", referenced from:
>>       _aes_ctr_do_cipher in openssl.o
>>   "_BIO_new_file", referenced from:
>>       _read_private_key_from_file in openssl.o
>>       __libssh2_pub_priv_keyfile in openssl.o
>>   "_BIO_free", referenced from:
>>       _read_private_key_from_file in openssl.o
>>       __libssh2_pub_priv_keyfile in openssl.o
>>   "_RSA_size", referenced from:
>>       __libssh2_rsa_sha1_sign in openssl.o
>>   "_RSA_sign", referenced from:
>>       __libssh2_rsa_sha1_sign in openssl.o
>>   "_DSA_do_sign", referenced from:
>>       __libssh2_dsa_sha1_sign in openssl.o
>>   "_DSA_SIG_free", referenced from:
>>       __libssh2_dsa_sha1_sign in openssl.o
>>   "_EVP_PKEY_get1_RSA", referenced from:
>>       _gen_publickey_from_rsa_evp in openssl.o
>>   "_EVP_PKEY_get1_DSA", referenced from:
>>       _gen_publickey_from_dsa_evp in openssl.o
>>   "_EVP_get_cipherbyname", referenced from:
>>       __libssh2_pub_priv_keyfile in openssl.o
>>   "_OpenSSL_add_all_ciphers", referenced from:
>>       __libssh2_pub_priv_keyfile in openssl.o
>>   "_BIO_ctrl", referenced from:
>>       __libssh2_pub_priv_keyfile in openssl.o
>>   "_PEM_read_bio_PrivateKey", referenced from:
>>       __libssh2_pub_priv_keyfile in openssl.o
>>   "_EVP_PKEY_free", referenced from:
>>       __libssh2_pub_priv_keyfile in openssl.o
>>   "_PEM_read_bio_DSAPrivateKey", referenced from:
>>       __libssh2_dsa_new_private in openssl.o
>>   "_PEM_read_bio_RSAPrivateKey", referenced from:
>>       __libssh2_rsa_new_private in openssl.o
>> ld: symbol(s) not found for architecture i386
>> collect2: ld returned 1 exit status
>> make[3]: *** [pgadmin3] Error 1
>> make[2]: *** [all] Error 2
>> make[1]: *** [all-recursive] Error 1
>> make: *** [all] Error 2
>>
>>
>    I have tried to run it on MAC but getting below error when run bootstrap
>
>    configure.ac:85: error: possibly undefined macro: AC_LIB_HAVE_LINKFLAGS
>       If this token and others are legitimate, please use m4_pattern_allow.
>       See the Autoconf documentation.
>
>   After some googling I have found it requires gettext to be installed. I
> did that but still facing the same problem. Is anybody have any idea how to
>   solve this?

No idea - I don't get that error. FYI, I'm using autoconf 2.69 and
automake 1.12, both from MacPorts.


--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

Re: SSH Tunneling implementation

From
Akshay Joshi
Date:

On Thu, Jul 19, 2012 at 3:33 PM, Dave Page <dpage@pgadmin.org> wrote:
Hi

On Thu, Jul 19, 2012 at 8:51 AM, Akshay Joshi
<akshay.joshi@enterprisedb.com> wrote:
> Hi
>
> I have added "libssh2" source code with pgAdmin3. Attached is the complete
> patch. I have modified the acinclude.m4 and configure.ac.in to build libssh2
> code.
> Added "config.rpath.in" which is required to build libssh2 source code.
>
> Please review and let me know the review comments.

I get the following on the link step on Mac:

...
ui/xrcDialogs.o utils/csvfiles.o utils/factory.o utils/favourites.o
utils/misc.o utils/pgconfig.o utils/registry.o utils/sysLogger.o
utils/sysProcess.o utils/sysSettings.o utils/tabcomplete.o
utils/utffile.o utils/macros.o utils/sshTunnel.o libssh2/agent.o
libssh2/channel.o libssh2/comp.o libssh2/crypt.o libssh2/global.o
libssh2/hostkey.o libssh2/keepalive.o libssh2/kex.o
libssh2/knownhost.o libssh2/libgcrypt.o libssh2/mac.o libssh2/misc.o
libssh2/openssl.o libssh2/packet.o libssh2/pem.o libssh2/publickey.o
libssh2/scp.o libssh2/session.o libssh2/sftp.o libssh2/transport.o
libssh2/userauth.o libssh2/version.o -L/usr/local/lib  -framework
IOKit -framework Carbon -framework Cocoa -framework System -framework
QuickTime -framework OpenGL -framework AGL -lwx_macud_stc-2.8
-lwx_macud_richtext-2.8 -lwx_macud_aui-2.8 -lwx_macud_xrc-2.8
-lwx_macud_qa-2.8 -lwx_macud_html-2.8 -lwx_macud_adv-2.8
-lwx_macud_core-2.8 -lwx_base_carbonud_xml-2.8
-lwx_base_carbonud_net-2.8 -lwx_base_carbonud-2.8 -arch i386
-L/usr/local/lib -lxml2 -lz -lpthread -liconv -lm -L/usr/local/lib
-lxslt -lxml2 -lz -lpthread -liconv -lm -L/usr/local/pgsql/lib -lpq
Undefined symbols for architecture i386:
  "_OPENSSL_add_all_algorithms_noconf", referenced from:
      _libssh2_init in global.o
  "_RAND_bytes", referenced from:
      _channel_x11_req in channel.o
      _kexinit in kex.o
      __libssh2_transport_send in transport.o
  "_EVP_CIPHER_CTX_cleanup", referenced from:
      _crypt_dtor in crypt.o
      _aes_ctr_cleanup in openssl.o
  "_EVP_aes_128_cbc", referenced from:
      _libssh2_crypt_method_aes128_cbc in crypt.o
  "_EVP_aes_192_cbc", referenced from:
      _libssh2_crypt_method_aes192_cbc in crypt.o
  "_EVP_aes_256_cbc", referenced from:
      _libssh2_crypt_method_aes256_cbc in crypt.o
      _libssh2_crypt_method_rijndael_cbc_lysator_liu_se in crypt.o
  "_EVP_bf_cbc", referenced from:
      _libssh2_crypt_method_blowfish_cbc in crypt.o
  "_EVP_rc4", referenced from:
      _libssh2_crypt_method_arcfour in crypt.o
      _libssh2_crypt_method_arcfour128 in crypt.o
  "_EVP_cast5_cbc", referenced from:
      _libssh2_crypt_method_cast128_cbc in crypt.o
  "_EVP_des_ede3_cbc", referenced from:
      _libssh2_crypt_method_3des_cbc in crypt.o
  "_EVP_get_digestbyname", referenced from:
      _hostkey_method_ssh_rsa_signv in hostkey.o
      _hostkey_method_ssh_dss_signv in hostkey.o
      _diffie_hellman_sha1 in kex.o
      _libssh2_sha1 in openssl.o
      _libssh2_md5 in openssl.o
  "_EVP_DigestInit", referenced from:
      _hostkey_method_ssh_rsa_signv in hostkey.o
      _hostkey_method_ssh_dss_signv in hostkey.o
      _diffie_hellman_sha1 in kex.o
      _libssh2_sha1 in openssl.o
      _libssh2_md5 in openssl.o
  "_EVP_DigestUpdate", referenced from:
      _hostkey_method_ssh_rsa_signv in hostkey.o
      _hostkey_method_ssh_dss_signv in hostkey.o
      _diffie_hellman_sha1 in kex.o
      _libssh2_sha1 in openssl.o
      _libssh2_md5 in openssl.o
  "_EVP_DigestFinal", referenced from:
      _hostkey_method_ssh_rsa_signv in hostkey.o
      _hostkey_method_ssh_dss_signv in hostkey.o
      _diffie_hellman_sha1 in kex.o
      _libssh2_sha1 in openssl.o
      _libssh2_md5 in openssl.o
  "_RSA_free", referenced from:
      _hostkey_method_ssh_rsa_dtor in hostkey.o
      _gen_publickey_from_rsa_evp in openssl.o
  "_DSA_free", referenced from:
      _hostkey_method_ssh_dss_dtor in hostkey.o
      _gen_publickey_from_dsa_evp in openssl.o
  "_BN_CTX_new", referenced from:
      _diffie_hellman_sha1 in kex.o
  "_BN_new", referenced from:
      _diffie_hellman_sha1 in kex.o
      _kex_method_diffie_hellman_group1_sha1_key_exchange in kex.o
      _kex_method_diffie_hellman_group14_sha1_key_exchange in kex.o
      _kex_method_diffie_hellman_group_exchange_sha1_key_exchange in kex.o
      __libssh2_rsa_new in openssl.o
      __libssh2_dsa_new in openssl.o
      __libssh2_dsa_sha1_verify in openssl.o
      ...
  "_BN_rand", referenced from:
      _diffie_hellman_sha1 in kex.o
  "_BN_mod_exp", referenced from:
      _diffie_hellman_sha1 in kex.o
  "_BN_num_bits", referenced from:
      _diffie_hellman_sha1 in kex.o
      __libssh2_dsa_sha1_sign in openssl.o
      _gen_publickey_from_rsa in openssl.o
      _gen_publickey_from_dsa in openssl.o
  "_BN_bn2bin", referenced from:
      _diffie_hellman_sha1 in kex.o
      __libssh2_dsa_sha1_sign in openssl.o
      _write_bn in openssl.o
  "_BN_bin2bn", referenced from:
      _diffie_hellman_sha1 in kex.o
      _kex_method_diffie_hellman_group1_sha1_key_exchange in kex.o
      _kex_method_diffie_hellman_group14_sha1_key_exchange in kex.o
      _kex_method_diffie_hellman_group_exchange_sha1_key_exchange in kex.o
      __libssh2_rsa_new in openssl.o
      __libssh2_dsa_new in openssl.o
      __libssh2_dsa_sha1_verify in openssl.o
      ...
  "_BN_clear_free", referenced from:
      _diffie_hellman_sha1 in kex.o
      _kex_method_diffie_hellman_group1_sha1_key_exchange in kex.o
      _kex_method_diffie_hellman_group14_sha1_key_exchange in kex.o
      _kex_method_diffie_hellman_group_exchange_sha1_key_exchange in kex.o
      __libssh2_dsa_sha1_verify in openssl.o
  "_BN_CTX_free", referenced from:
      _diffie_hellman_sha1 in kex.o
  "_BN_set_word", referenced from:
      _kex_method_diffie_hellman_group1_sha1_key_exchange in kex.o
      _kex_method_diffie_hellman_group14_sha1_key_exchange in kex.o
  "_EVP_sha1", referenced from:
      _knownhost_check in knownhost.o
      _mac_method_hmac_sha1_hash in mac.o
  "_HMAC_Init", referenced from:
      _knownhost_check in knownhost.o
      _mac_method_hmac_sha1_hash in mac.o
      _mac_method_hmac_md5_hash in mac.o
      _mac_method_hmac_ripemd160_hash in mac.o
  "_HMAC_Update", referenced from:
      _knownhost_check in knownhost.o
      _mac_method_hmac_sha1_hash in mac.o
      _mac_method_hmac_md5_hash in mac.o
      _mac_method_hmac_ripemd160_hash in mac.o
  "_HMAC_Final", referenced from:
      _knownhost_check in knownhost.o
      _mac_method_hmac_sha1_hash in mac.o
      _mac_method_hmac_md5_hash in mac.o
      _mac_method_hmac_ripemd160_hash in mac.o
  "_HMAC_CTX_cleanup", referenced from:
      _knownhost_check in knownhost.o
      _mac_method_hmac_sha1_hash in mac.o
      _mac_method_hmac_md5_hash in mac.o
      _mac_method_hmac_ripemd160_hash in mac.o
  "_EVP_md5", referenced from:
      _mac_method_hmac_md5_hash in mac.o
  "_EVP_ripemd160", referenced from:
      _mac_method_hmac_ripemd160_hash in mac.o
  "_RSA_new", referenced from:
      __libssh2_rsa_new in openssl.o
  "_RSA_verify", referenced from:
      __libssh2_rsa_sha1_verify in openssl.o
  "_DSA_new", referenced from:
      __libssh2_dsa_new in openssl.o
  "_DSA_do_verify", referenced from:
      __libssh2_dsa_sha1_verify in openssl.o
  "_EVP_CIPHER_CTX_init", referenced from:
      __libssh2_cipher_init in openssl.o
  "_EVP_CipherInit", referenced from:
      __libssh2_cipher_init in openssl.o
  "_EVP_Cipher", referenced from:
      __libssh2_cipher_crypt in openssl.o
  "_EVP_aes_128_ecb", referenced from:
      _aes_ctr_init in openssl.o
  "_EVP_aes_192_ecb", referenced from:
      _aes_ctr_init in openssl.o
  "_EVP_aes_256_ecb", referenced from:
      _aes_ctr_init in openssl.o
  "_EVP_EncryptInit", referenced from:
      _aes_ctr_init in openssl.o
  "_EVP_CIPHER_CTX_set_padding", referenced from:
      _aes_ctr_init in openssl.o
  "_EVP_CIPHER_CTX_set_app_data", referenced from:
      _aes_ctr_init in openssl.o
  "_EVP_CIPHER_CTX_get_app_data", referenced from:
      _aes_ctr_do_cipher in openssl.o
      _aes_ctr_cleanup in openssl.o
  "_EVP_EncryptUpdate", referenced from:
      _aes_ctr_do_cipher in openssl.o
  "_BIO_new_file", referenced from:
      _read_private_key_from_file in openssl.o
      __libssh2_pub_priv_keyfile in openssl.o
  "_BIO_free", referenced from:
      _read_private_key_from_file in openssl.o
      __libssh2_pub_priv_keyfile in openssl.o
  "_RSA_size", referenced from:
      __libssh2_rsa_sha1_sign in openssl.o
  "_RSA_sign", referenced from:
      __libssh2_rsa_sha1_sign in openssl.o
  "_DSA_do_sign", referenced from:
      __libssh2_dsa_sha1_sign in openssl.o
  "_DSA_SIG_free", referenced from:
      __libssh2_dsa_sha1_sign in openssl.o
  "_EVP_PKEY_get1_RSA", referenced from:
      _gen_publickey_from_rsa_evp in openssl.o
  "_EVP_PKEY_get1_DSA", referenced from:
      _gen_publickey_from_dsa_evp in openssl.o
  "_EVP_get_cipherbyname", referenced from:
      __libssh2_pub_priv_keyfile in openssl.o
  "_OpenSSL_add_all_ciphers", referenced from:
      __libssh2_pub_priv_keyfile in openssl.o
  "_BIO_ctrl", referenced from:
      __libssh2_pub_priv_keyfile in openssl.o
  "_PEM_read_bio_PrivateKey", referenced from:
      __libssh2_pub_priv_keyfile in openssl.o
  "_EVP_PKEY_free", referenced from:
      __libssh2_pub_priv_keyfile in openssl.o
  "_PEM_read_bio_DSAPrivateKey", referenced from:
      __libssh2_dsa_new_private in openssl.o
  "_PEM_read_bio_RSAPrivateKey", referenced from:
      __libssh2_rsa_new_private in openssl.o
ld: symbol(s) not found for architecture i386
collect2: ld returned 1 exit status
make[3]: *** [pgadmin3] Error 1
make[2]: *** [all] Error 2
make[1]: *** [all-recursive] Error 1
make: *** [all] Error 2


  Fixed. Attached is the new patch file. 


--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company



--
Akshay Joshi
Senior Software Engineer 
EnterpriseDB Corporation
The Enterprise PostgreSQL Company
Phone: +91 20-3058-9522
Mobile: +91 976-788-8246

Attachment

Re: SSH Tunneling implementation

From
Dave Page
Date:
On Fri, Jul 20, 2012 at 9:45 AM, Akshay Joshi
<akshay.joshi@enterprisedb.com> wrote:
>
>> ld: symbol(s) not found for architecture i386
>> collect2: ld returned 1 exit status
>> make[3]: *** [pgadmin3] Error 1
>> make[2]: *** [all] Error 2
>> make[1]: *** [all-recursive] Error 1
>> make: *** [all] Error 2
>>
>
>   Fixed. Attached is the new patch file.

Hi

It compiles OK now, but I'm seeing the same problem I did with the
first version. The log shows:

2012-07-20 13:48:19 ERROR  : SSH error: bind failed
2012-07-20 13:48:21 ERROR  : Error connecting to the server:

(note the lack of an actual error message on the second line).

--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

Re: SSH Tunneling implementation

From
Akshay Joshi
Date:


On Fri, Jul 20, 2012 at 6:20 PM, Dave Page <dpage@pgadmin.org> wrote:
On Fri, Jul 20, 2012 at 9:45 AM, Akshay Joshi
<akshay.joshi@enterprisedb.com> wrote:
>
>> ld: symbol(s) not found for architecture i386
>> collect2: ld returned 1 exit status
>> make[3]: *** [pgadmin3] Error 1
>> make[2]: *** [all] Error 2
>> make[1]: *** [all-recursive] Error 1
>> make: *** [all] Error 2
>>
>
>   Fixed. Attached is the new patch file.

Hi

It compiles OK now, but I'm seeing the same problem I did with the
first version. The log shows:

2012-07-20 13:48:19 ERROR  : SSH error: bind failed
2012-07-20 13:48:21 ERROR  : Error connecting to the server:

(note the lack of an actual error message on the second line).

  I have added the appropriate error message using error codes to first "SSH error: bind failed", for second actual error string is empty as we are
  unable to create SSH Tunnel so error message for connection object is empty. Attached is the modified patch.

  I am also facing the bind failed problem on OSX. Will continue to work on that. On Windows and Ubuntu it works fine.
  

--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company



--
Akshay Joshi
Senior Software Engineer 
EnterpriseDB Corporation
The Enterprise PostgreSQL Company
Phone: +91 20-3058-9522
Mobile: +91 976-788-8246

Attachment

Re: SSH Tunneling implementation

From
Dave Page
Date:
On Wed, Aug 1, 2012 at 3:36 PM, Akshay Joshi
<akshay.joshi@enterprisedb.com> wrote:
>
>
> On Fri, Jul 20, 2012 at 6:20 PM, Dave Page <dpage@pgadmin.org> wrote:
>>
>> On Fri, Jul 20, 2012 at 9:45 AM, Akshay Joshi
>> <akshay.joshi@enterprisedb.com> wrote:
>> >
>> >> ld: symbol(s) not found for architecture i386
>> >> collect2: ld returned 1 exit status
>> >> make[3]: *** [pgadmin3] Error 1
>> >> make[2]: *** [all] Error 2
>> >> make[1]: *** [all-recursive] Error 1
>> >> make: *** [all] Error 2
>> >>
>> >
>> >   Fixed. Attached is the new patch file.
>>
>> Hi
>>
>> It compiles OK now, but I'm seeing the same problem I did with the
>> first version. The log shows:
>>
>> 2012-07-20 13:48:19 ERROR  : SSH error: bind failed
>> 2012-07-20 13:48:21 ERROR  : Error connecting to the server:
>>
>> (note the lack of an actual error message on the second line).
>
>
>   I have added the appropriate error message using error codes to first "SSH
> error: bind failed", for second actual error string is empty as we are
>   unable to create SSH Tunnel so error message for connection object is
> empty. Attached is the modified patch.
>
>   I am also facing the bind failed problem on OSX. Will continue to work on
> that. On Windows and Ubuntu it works fine.

OK, well it needs to work on Mac before I can commit to pgAdmin.

Thanks.


--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company