Is there an SSL equivelent to an ssh agent?

Posted by Matthew J Morrison on Server Fault See other posts from Server Fault or by Matthew J Morrison
Published on 2012-06-15T19:38:12Z Indexed on 2012/06/15 21:18 UTC
Read the original article Hit count: 327

Filed under:
|
|
|

Here is my situation: There are a number of developers who all need to have access to be able to install ruby gems and python eggs from a remote source. Currently, we have a server inside our firewall that hosts the gems and eggs. We now want the ability to be able to install things hosted on that server outside of our firewall. Since some of the gems and eggs that we host are proprietary I would like to somewhat lock access to that machine down, as unobtrusively as possible to the developers.

My first thought was using something like ssh keys. So, I spent some time looking at SSL mutual authentication. I was able to get everything set up and working correctly, testing with curl, but the unfortunate thing was that I had to pass extra arguments to curl so it knows about the certificate, key and certificate authority.

I was wondering if there is anything like the ssh agent that I can set up to provide that information automatically so that I can push the certificates and keys to the developer's machines so the developers don't have to log in or provide keys each time they try to install something.

Another thing that I want to avoid is having to modify the 'gem' command and the 'pip' command to provide keys when they make the http connection.

Any other suggestions that may solve this problem (not related to ssl mutual auth) are also welcome.

EDIT: I've been continuing to research this and I came across stunnel. I think this may be what I'm looking for, any feedback regarding stunnel would also be great!

© Server Fault or respective owner

Related posts about security

Related posts about ssl