Set up password-less access from internally

[KronosTheLate]

I just noticed that OpenSSH_jll defines the following:

which has me thinking - could we not add a passwordless connection from within this package? I realized I also had to use ssh-copy-id pi@192.168.4.2, which is not defined by OpenSSH_jll. But perhaps the defined ssh_agent could do this? Alternatively, it is also possible to run arbitrary commands via run, so this should be doable either way.

[c42f]

We might be able to automate some setup and I welcome PRs to make this easier. Or just to document the process.

However, we can't entirely automate getting the user's public key to the remote machine in a secure way. To do this, the user needs a way to get the public key data onto that machine securely. Some examples of reasonable ways to do this:

• Physically walking to that machine with a USB stick and copying the key
• Copy the key data using SSH username and password login for the remote machine
• Sending your public key to the admin of the remote machine via an email
• Using a remote desktop protocol with username and password
• etc etc

I'll never make RemoteREPL insecure by default, but any other type of PR which helps the user to set things up is great.

In certain situations it might be possible to automate some more things by using HTTPS as a transport instead of SSH and relying on the public key infrastructure which comes with that to identify the server to the client. This would also secure the link against MITM attacks, similar to what we get from SSH. However, it still wouldn't solve the problem of identifying clients to the server as trusted clients who are allowed to start a session. Requiring users to set up their SSH login solves both problems of secure transport and identifying trusted clients. See #25 for more about TLS