 |
 |
 |
 |
|
 |
|
 |
|
 |
|
 |
|
|
|
|
|
|
|
|
|
|
|
|
Hi, I have the same concerns. I feel very uneasy about this. I think that the way to resolve it is to have sshtm record the SnmpSSHAddress and the tmSecurityName for outgoing messages, and match them up to incoming messages. If the principal identity matches the user part of an SnmpSSHAddress in email format, and that is different than the tmSecurityName used with that transport adddress for the outgoing message, then use the tmSecurityName that was used for the corresponding outgoing message. If we send the message to "bob at remote.org", then I presume the response will come back from "bob" at remote.com's address.
NONONO. If we send the message to "bob at remote.org", then we are sending the message to the host remote.org, and using "bob" as _our_ SSH username for use in authenticating to that host. It is _not_ an email address, and "bob" is not the name of the agent we're sending to. It is the name the agent we're sending to (actually, the SSH server we're connecting to) uses to describe _us_.
If we send a message... ... the response will come back _over the same ssh session_. Period.We don't get a response back from a particular IP address or hostname or user. We get a response back over the channel _we_ opened. This is exactly what tmSameSecurity is fore.