I found the way to keep the current schema more secure.
I did a coulpe of commits about that.
Now using the ssh key allows only to open remote port redirections (supporting recovery shell notifications) and upload files to the data folder.
I think that's enough for a quick costless solution.

If dropbear gives the possibility to ignore the server host key we can also support management server migrations.

-Walter

Il giorno 28/mag/2011 07.43, "Srikanth Sundaresan" <srikanth@gatech.edu> ha scritto:
> This is good stuff. I think it's a good idea to test these out; the current solution is quite elegant, but the security holes are worrisome.
>
> - Srikanth
> On May 28, 2011, at 5:39 AM, Dave Taht wrote:
>
>> I have put my thoughts towards VPNs up on the wiki at:
>>
>> http://www.bufferbloat.net/projects/bismark/wiki/VPN_solutions_under_evaluation
>>
>> Completely outside for the scope of the existing tunneling scheme, I have had multiple requests for a working vpn solution from outside of this project, so I hope to spend a little time next week looking into the problems and alternatives as I catch up on cerowrt and iscwrt.
>>
>> However, if you have any thoughts towards requirements or would be willing to join in a test,
>> please add them to the wiki page.
>>
>> --
>> Dave Täht
>> SKYPE: davetaht
>> US Tel: 1-239-829-5608
>> http://the-edge.blogspot.com
>> _______________________________________________
>> Bismark-devel mailing list
>> Bismark-devel@lists.bufferbloat.net
>> https://lists.bufferbloat.net/listinfo/bismark-devel
>
> _______________________________________________
> Bismark-devel mailing list
> Bismark-devel@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/bismark-devel
>