This is the mail archive of the cygwin-apps mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: cygport improvements: upload, fish, src_prep_fini_hook

On 2014-12-19 09:13, Andrew Schulman wrote:
Here's what I have at the moment based on your branch as of a few weeks
ago.  However, with password-protected SSH keys, the password prompt
isn't handled properly.  Any ideas?

OK, I've looked into this.  It can be done, but the only solution I can see
so far is ugly.  Here's the deal:

Using lftp:

There's no way to get lftp to ask for a passphrase if and only if it needs
one.  I asked about this on the lftp list, and Alexander confirmed it. lftp
will either always ask for a passphrase, if the connect string looks like

or never ask for one, if it looks like

So the only way to get lftp to ask for a passphrase iff it needs one is to
figure out in advance which key will be used, find out whether the key is
encrypted, and use that to pick one of the above connect strings.  More
about that below.

Using sftp:

sftp seems as though it might work better, since it will prompt the user
for a passphrase if and only if it needs one to decrypt the key. But to
feed a batch script to sftp you have to use sftp -b, and unfortunately that
disables interactive prompting for the passphrase.  I checked this by
running sftp -b with an encrypted key, and sure enough, it didn't prompt
for the passphrase but just reported "Connection closed".

So this all kind of sucks.  The only solution I can see so far is:

(1) Run ssh -v initially, and scrape stderr to find the
file name of the key that's being used. (Between ssh-agents, IdentityFile
entries in .ssh/config, and default key file names, I don't think there's
any other sane way to figure out what key file ssh will use.)

(2) Run ssh-keygen -y or similar, to figure out whether the key is

(3) If the key is encrypted, run

    lftp s

so lftp will prompt for the passphrase.  If it's not encrypted, run

    lftp s

and lftp won't prompt.

Is this solution acceptable?  It's ugly and slow (an extra ssh connection),
but I guess it should be reliable.

Is there some better way that I'm overlooking?  An expect script?  That's
starting to sound like a lot of work.

You're right, this isn't pretty. :-(  Any progress since then?


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]