Recently I had to deploy a couple of new virtual servers and since we are in the 21st century, I decided to configure puppet from the beginning. For the first two machines, on the internal network, the job is easy. Puppet is well packaged in debian and the default configuration was like a charm.
The problem (and solution) I'm describing here is about tunneling puppet thought ssh jump from the DMZ to the internal network and to allow the client in the DMZ to access the puppet master in the internal network.
Not without pain, this evening I've learned how to write a small client side script with greasemonkey  . Even if conceptually very easy, I discovered (the hard way) that the firefox security model changed quite drastically with firefox 3.0 introducing
XPCNativeWrappers. This page  explains the problem in details.
Anyway below it is a small js script to replace http with https in all forms on a page. It can be handy to force login using https on website that do not offer this option by default.
Here I come. Following from the DSA announcement I've regenerated the ssh/openssl keys for cduce.org.
One the user side:
first ssh to the remote machine and remove the for ~/.ssh/authorized_keys . This will lock you out if you don't remember the passowrd for that machine !
Then, you should remove your ssh keys (from you local machine), and regenerate them with: