cygport upload seems to ignore SSH_KEY

[Federico Kircheis]

On 05/11/2024 17.01, Brian Inglis via Cygwin wrote:
> On 2024-11-05 04:19, Andrew Schulman via Cygwin wrote:
>>> On 2024-11-04 12:20, Federico Kircheis via Cygwin wrote:
>>>> up until recently I've uploaded packages the following way
>>>> export SSH_KEY=/path/to/id_rsa;
>>>> cygport /path/to/file.cygport upload
>>>> but today I got the following error
>>>> cd: Fatal error: max-retries exceeded
>>>> I've fixed it by copying my key in the .ssh folder
>>>> cp $SSH_KEY ~/.ssh/id_rsa
>>>> cygport /path/to/file.cygport upload
>>>> So it is not blocking me, but I wanted to know if this was a known 
>>>> bug, or if I
>>>> am the only one experiencing it.
>>>
>>> See
>>>     https://cygwin.github.io/cygport/cygport_conf.html#SSH_KEY
>>> or
>>>     /usr/share/doc/cygport/html/manual/cygport_conf.html#SSH_KEY
>>>
>>> SSH_KEY
>>>
>>> DESCRIPTION
>>>
>>> Path to the SSH private key corresponding to the public key 
>>> registered for
>>> uploading on sourceware.
>>> You'll need to set this if your private key isn't already loaded into 
>>> a running
>>> ssh-agent(1), and it doesn't have one of the expected file names such as
>>> ~/.ssh/id_rsa.
>>> Also, setting this allows cygport to determine if a passphrase is 
>>> needed to
>>> decrypt the key, and only prompt you for a passphrase if it's needed.
>>> Otherwise, you'll be prompted for a passphrase every time you upload.
>>>
>>> Instead of `ssh-agent` and `ssh-add`, you can use `keychain` in your 
>>> login
>>> profile, which allows cross-session sharing, across X and terminal 
>>> sessions, and
>>> logouts, for example:
>>>     $ eval `/usr/bin/keychain --noask --eval ~/.ssh/id_rsa`
>>> then
>>>     $ keychain ~/.ssh/id_rsa
>>
>> I haven't used cygport up in a long time - I use git push now, and let 
>> scallywag build the packages

Is this workflow described somewhere?
It sounds interesting.

>> - but this does seem like new wrong behavior. 
>> Surely he
>> shouldn't have to use keychain to get cygport to work? According to 
>> the docs, as you cited, his method should work.
> 
> Using keychain is just a way of setting up, persisting, and sharing 
> ssh-/gpg-agent sessions, so keys are kept available in long running 
> agent sessions, across login sessions, without requesting passphrase 
> input for some period.
> 
> Likely the issue could be permissions on his alternate location key file 
> and directory/path, as libraries and clients are getting pickier about 
> security issues and vulnerabilities, and openssh was recently updated, 
> although cygport should diagnose any failures.
> 
> The message itself appears likely to have come from `lftp` invoked by
> `cygport ... upload` /usr/share/cygport/lib/pkg_upload.cygpart failing 
> to authenticate a connection, for some reason?
> 

Yes, the error message comes from lftp, because when cd is executed it 
tries to connect (apparently multiple times instead of erroring out 
immediately, a the beginning I thought it was simply hanging).

So far it seems that it should work, I'll try to gather other 
information next time.

I also did a chmod/chwon on the file to ensure that the permission where 
correct.
The file with the permission unchanged worked without issues when moved 
in ~/.ssh.