> Still, it's good for the controller to not try doing something it can't, but I
> wonder if instead of blanket assuming we don't work over SSH, we could use
> pkcheck to actively verify this.
This would equate the insecure policy (which is insecure for a reason) with the secure policy. I don't think that would fly.
One other approach would be to have different (and co-installable) policies that we can detect and, e.g. know that we have the 'remote access policy'.
> Still, it's good for the controller to not try doing something it can't, but I
> wonder if instead of blanket assuming we don't work over SSH, we could use
> pkcheck to actively verify this.
This would equate the insecure policy (which is insecure for a reason) with the secure policy. I don't think that would fly.
One other approach would be to have different (and co-installable) policies that we can detect and, e.g. know that we have the 'remote access policy'.