> The authentication used by the ssh package is much too heavyweight
> (public key calculations require a lot of CPU as well as rather much
> code for the multi-precision math) and not needed here. A simple keyed
> MD5 authentication is enough. I.e. take a string X as key and a
> non-constant string Z as message, and put (Z, MD5(X+Z)) in the
> datagram. Simple, fast, requires exactly one datagram and doesn't fall
> under US export restrictions (no encryption is done). Use a timer for
> Z to protect against replay.
Well, it is not _that_ simple: You need new sysctl to set the
key. And... I wanted to create generic sysrq over network. But when
command is also protected.
Maybe: First packet: Get challenge. Second packet is cmd, MD5(
challenge+cmd+secretkey )?
I do not like idea of dependancy on timer: There are network delays
and desync clock out there.
> There's not much of a wheel to re-invent here. (And we don't need
> tractor wheels for a bicycle. :-)
Pavel
-- I'm really pavel@atrey.karlin.mff.cuni.cz. Pavel Look at http://atrey.karlin.mff.cuni.cz/~pavel/ ;-).