This is the mail archive of the
mailing list for the Cygwin project.
Re: cygport improvements: upload, fish, src_prep_fini_hook
- From: Yaakov Selkowitz <yselkowitz at cygwin dot com>
- To: cygwin-apps at cygwin dot com
- Date: Mon, 05 Jan 2015 02:10:27 -0600
- Subject: Re: cygport improvements: upload, fish, src_prep_fini_hook
- Authentication-results: sourceware.org; auth=none
- References: <i1c74ah3hi6gdirp06o45tq2kcstclnr14 at 4ax dot com> <i1c74ah3hi6gdirp06o45tq2kcstclnr14-e09XROE/p8c at public dot gmane dot org> <544D0CC5 dot 9030600 at cygwin dot com> <nu2s4al5tup14gfvge083ri8u9j6t62c7m at 4ax dot com> <nu2s4al5tup14gfvge083ri8u9j6t62c7m-e09XROE/p8c at public dot gmane dot org> <547F5B88 dot 3020403 at cygwin dot com> <dgd89ahb9de6auehdqhdtpgubd5ohue185 at 4ax dot com>
On 2014-12-19 09:13, Andrew Schulman wrote:
Here's what I have at the moment based on your branch as of a few weeks
ago. However, with password-protected SSH keys, the password prompt
isn't handled properly. Any ideas?
OK, I've looked into this. It can be done, but the only solution I can see
so far is ugly. Here's the deal:
There's no way to get lftp to ask for a passphrase if and only if it needs
one. I asked about this on the lftp list, and Alexander confirmed it. lftp
will either always ask for a passphrase, if the connect string looks like
or never ask for one, if it looks like
So the only way to get lftp to ask for a passphrase iff it needs one is to
figure out in advance which key will be used, find out whether the key is
encrypted, and use that to pick one of the above connect strings. More
about that below.
sftp seems as though it might work better, since it will prompt the user
for a passphrase if and only if it needs one to decrypt the key. But to
feed a batch script to sftp you have to use sftp -b, and unfortunately that
disables interactive prompting for the passphrase. I checked this by
running sftp -b with an encrypted key, and sure enough, it didn't prompt
for the passphrase but just reported "Connection closed".
So this all kind of sucks. The only solution I can see so far is:
(1) Run ssh -v email@example.com initially, and scrape stderr to find the
file name of the key that's being used. (Between ssh-agents, IdentityFile
entries in .ssh/config, and default key file names, I don't think there's
any other sane way to figure out what key file ssh will use.)
(2) Run ssh-keygen -y or similar, to figure out whether the key is
(3) If the key is encrypted, run
so lftp will prompt for the passphrase. If it's not encrypted, run
and lftp won't prompt.
Is this solution acceptable? It's ugly and slow (an extra ssh connection),
but I guess it should be reliable.
Is there some better way that I'm overlooking? An expect script? That's
starting to sound like a lot of work.
You're right, this isn't pretty. :-( Any progress since then?