This is the mail archive of the cygwin-apps mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: cygport improvements: upload, fish, src_prep_fini_hook


On Jan  9 11:44, Corinna Vinschen wrote:
> On Jan  9 05:35, Andrew Schulman wrote:
> > > > It's vexing that it's so hard to find a solution to such a simple problem:
> > > > prompt the user for a password if and only if one is needed.
> > > 
> > > Indeed.  Here's another crazy idea.
> > > 
> > > - Look if ssh-agent is running (SSH_AGENT_PID non-empty?)
> > > - If not, start ssh-agent and ssh-add.  This asks for the passphrase,
> > >   if any.
> > > - run sftp
> > > - If the script started ssh-agent, run eval $(ssh-agent -k)

I just played with this a bit and it turned out that you must be careful
in terms of the login shell the user is using.  If you run this in a
bash script, while the user's login shell is tcsh, it's essential to
start ssh-agent with the -s flag:

  eval $(ssh-agent -c)
  [...]
  eval $(ssh-agent -k -c)

Otherwise ssh-agent will generate tcsh-compatible setenv/unsetenv
commands :}

Fortunately ssh-add does its job (asking for the passphrase) even when
running in a script.

> > Another case is if the user sets SSH_KEY to use a specific key, and they already
> > have an ssh-agent running, but it doesn't include that key.  Then the key will
> > have to be added and then removed again afterward, or maybe a different
> > ssh-agent started.  I'll have to think about that.
> 
> SSH_KEY?  This env var is not supported by ssh.  If that's an lftp
> thingy you can ignore it using the above method.

On second thought, yes, the user might want to use an ssh key which
is not usually maintained by ssh-agent.  Would it make sense to allow
storing the key in ~/.cygport.conf?

Testing if the key is already maintained by ssh-agent is easy:

  $ ssh-add -l
  2048 88:75:95:cf:de:12:e0:15:45:f2:a6:8e:89:08:93:2c /path/to/private-key

Checking the path might be sufficient, but if you want to be really sure,
you could check against the fingerprint value instead:

  $ ssh-keygen -l -f /path/to/private-key
  2048 88:75:95:cf:de:12:e0:15:45:f2:a6:8e:89:08:93:2c <some string>


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

Attachment: pgp78DeNt0pqm.pgp
Description: PGP signature


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]