cygport improvements: upload, fish, src_prep_fini_hook

Corinna Vinschen corinna-cygwin@cygwin.com
Mon Jan 19 15:48:00 GMT 2015 

On Jan 19 09:23, Andrew Schulman wrote:
> > > If SSH_KEY is set (in the environment, or in ~/.cygport.conf), then cygport will
> > > load that key into an ssh-agent if necessary.  
> > 
> > Minor nit:  SSH_KEY as env var is so generic and easily confused with
> > the variables set by ssh-agent.  Wouldn't something with CYGPORT in its
> > name be better?  CYGPORT_SSH_KEY?
> 
> Either way is okay with me.  Yaakov, do you have a preference?
> 
> > > If SSH_KEY is not set, then it's just too hard to figure out what key ssh will
> > > use.  To figure that out, we'd have to reproduce a bunch of logic in ssh,
> > > including parsing the ssh config file, and that's not going to happen.  So, in
> > > this case we just give up and give lftp the connect string
> > > sftp://cygwin-rDBXBDvO6BXQT0dZR+AlfA@public.gmane.org, which will cause it to prompt for a passphrase every
> > > time.
> > 
> > This puzzles me a bit.  Even if an ssh-agent is running?  Does lftp
> > utilize a running ssh-agent?
> 
> Yes, it does.  lftp calls ssh to use as its network transport, so
> ssh-agent is supported and all of the usual rules apply for which key
> ssh will use for the connection.
> 
> But here's the problem:  I need to add the right key to ssh-agent
> before I run lftp.  But which key is that?  It could be any of the
> standard key names, or the user could specify an IdentityFile for
> cygwin.com in ~/.ssh/config.  To figure it out I'd have to either:

No, no, it's fine, and if the key isn't loaded or {CYGPORT_}SSH_KEY
isn't set it's all the users fault, IMHO.

Your description somehow made me think lftp would *always* ask for the
passphrase, even if ssh-agent with the correct key loaded is already
running.  On second thought, that wasn't very rational.  Probably I was
just low on caffein this morning :)

> So, the fallback is just to make maintainers add SSH_KEY to their
> .cygport.conf file, if they don't want to get prompted for a
> passphrase every time.  I think it's an okay compromise.

Absolutely.


Thanks,
Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin-apps/attachments/20150119/87712fe7/attachment.sig>

More information about the Cygwin-apps mailing list