cygport improvements: upload, fish, src_prep_fini_hook
Andrew Schulman
schulman.andrew@epa.gov
Fri Dec 19 15:13:00 GMT 2014
> Here's what I have at the moment based on your branch as of a few weeks
> ago. However, with password-protected SSH keys, the password prompt
> isn't handled properly. Any ideas?
OK, I've looked into this. It can be done, but the only solution I can see
so far is ugly. Here's the deal:
Using lftp:
There's no way to get lftp to ask for a passphrase if and only if it needs
one. I asked about this on the lftp list, and Alexander confirmed it. lftp
will either always ask for a passphrase, if the connect string looks like
cygwin@cygwin.com
or never ask for one, if it looks like
cygwin:@cygwin.com
So the only way to get lftp to ask for a passphrase iff it needs one is to
figure out in advance which key will be used, find out whether the key is
encrypted, and use that to pick one of the above connect strings. More
about that below.
Using sftp:
sftp seems as though it might work better, since it will prompt the user
for a passphrase if and only if it needs one to decrypt the key. But to
feed a batch script to sftp you have to use sftp -b, and unfortunately that
disables interactive prompting for the passphrase. I checked this by
running sftp -b with an encrypted key, and sure enough, it didn't prompt
for the passphrase but just reported "Connection closed".
So this all kind of sucks. The only solution I can see so far is:
(1) Run ssh -v cygwin@cygwin.com initially, and scrape stderr to find the
file name of the key that's being used. (Between ssh-agents, IdentityFile
entries in .ssh/config, and default key file names, I don't think there's
any other sane way to figure out what key file ssh will use.)
(2) Run ssh-keygen -y or similar, to figure out whether the key is
encrypted.
(3) If the key is encrypted, run
lftp sftp://cygwin@cygwin.com
so lftp will prompt for the passphrase. If it's not encrypted, run
lftp sftp://cygwin:@cygwin.com
and lftp won't prompt.
Is this solution acceptable? It's ugly and slow (an extra ssh connection),
but I guess it should be reliable.
Is there some better way that I'm overlooking? An expect script? That's
starting to sound like a lot of work.
Andrew
More information about the Cygwin-apps
mailing list