cygport improvements: upload, fish, src_prep_fini_hook

Yaakov Selkowitz yselkowitz@cygwin.com
Mon Jan 5 08:10:00 GMT 2015 

On 2014-12-19 09:13, Andrew Schulman wrote:
>> Here's what I have at the moment based on your branch as of a few weeks
>> ago.  However, with password-protected SSH keys, the password prompt
>> isn't handled properly.  Any ideas?
>
> OK, I've looked into this.  It can be done, but the only solution I can see
> so far is ugly.  Here's the deal:
>
> Using lftp:
>
> There's no way to get lftp to ask for a passphrase if and only if it needs
> one.  I asked about this on the lftp list, and Alexander confirmed it. lftp
> will either always ask for a passphrase, if the connect string looks like
>
>    cygwin@cygwin.com
>
> or never ask for one, if it looks like
>
>    cygwin:@cygwin.com
>
> So the only way to get lftp to ask for a passphrase iff it needs one is to
> figure out in advance which key will be used, find out whether the key is
> encrypted, and use that to pick one of the above connect strings.  More
> about that below.
>
> Using sftp:
>
> sftp seems as though it might work better, since it will prompt the user
> for a passphrase if and only if it needs one to decrypt the key. But to
> feed a batch script to sftp you have to use sftp -b, and unfortunately that
> disables interactive prompting for the passphrase.  I checked this by
> running sftp -b with an encrypted key, and sure enough, it didn't prompt
> for the passphrase but just reported "Connection closed".
>
> So this all kind of sucks.  The only solution I can see so far is:
>
> (1) Run ssh -v cygwin@cygwin.com initially, and scrape stderr to find the
> file name of the key that's being used. (Between ssh-agents, IdentityFile
> entries in .ssh/config, and default key file names, I don't think there's
> any other sane way to figure out what key file ssh will use.)
>
> (2) Run ssh-keygen -y or similar, to figure out whether the key is
> encrypted.
>
> (3) If the key is encrypted, run
>
>     lftp sftp://cygwin@cygwin.com
>
> so lftp will prompt for the passphrase.  If it's not encrypted, run
>
>     lftp sftp://cygwin:@cygwin.com
>
> and lftp won't prompt.
>
> Is this solution acceptable?  It's ugly and slow (an extra ssh connection),
> but I guess it should be reliable.
>
> Is there some better way that I'm overlooking?  An expect script?  That's
> starting to sound like a lot of work.

You're right, this isn't pretty. :-(  Any progress since then?


Yaakov

More information about the Cygwin-apps mailing list