cygport improvements: upload, fish, src_prep_fini_hook
Yaakov Selkowitz
yselkowitz@cygwin.com
Mon Jan 5 08:10:00 GMT 2015
On 2014-12-19 09:13, Andrew Schulman wrote:
>> Here's what I have at the moment based on your branch as of a few weeks
>> ago. However, with password-protected SSH keys, the password prompt
>> isn't handled properly. Any ideas?
>
> OK, I've looked into this. It can be done, but the only solution I can see
> so far is ugly. Here's the deal:
>
> Using lftp:
>
> There's no way to get lftp to ask for a passphrase if and only if it needs
> one. I asked about this on the lftp list, and Alexander confirmed it. lftp
> will either always ask for a passphrase, if the connect string looks like
>
> cygwin@cygwin.com
>
> or never ask for one, if it looks like
>
> cygwin:@cygwin.com
>
> So the only way to get lftp to ask for a passphrase iff it needs one is to
> figure out in advance which key will be used, find out whether the key is
> encrypted, and use that to pick one of the above connect strings. More
> about that below.
>
> Using sftp:
>
> sftp seems as though it might work better, since it will prompt the user
> for a passphrase if and only if it needs one to decrypt the key. But to
> feed a batch script to sftp you have to use sftp -b, and unfortunately that
> disables interactive prompting for the passphrase. I checked this by
> running sftp -b with an encrypted key, and sure enough, it didn't prompt
> for the passphrase but just reported "Connection closed".
>
> So this all kind of sucks. The only solution I can see so far is:
>
> (1) Run ssh -v cygwin@cygwin.com initially, and scrape stderr to find the
> file name of the key that's being used. (Between ssh-agents, IdentityFile
> entries in .ssh/config, and default key file names, I don't think there's
> any other sane way to figure out what key file ssh will use.)
>
> (2) Run ssh-keygen -y or similar, to figure out whether the key is
> encrypted.
>
> (3) If the key is encrypted, run
>
> lftp sftp://cygwin@cygwin.com
>
> so lftp will prompt for the passphrase. If it's not encrypted, run
>
> lftp sftp://cygwin:@cygwin.com
>
> and lftp won't prompt.
>
> Is this solution acceptable? It's ugly and slow (an extra ssh connection),
> but I guess it should be reliable.
>
> Is there some better way that I'm overlooking? An expect script? That's
> starting to sound like a lot of work.
You're right, this isn't pretty. :-( Any progress since then?
Yaakov
More information about the Cygwin-apps
mailing list