This is the mail archive of the
cygwin-apps
mailing list for the Cygwin project.
Re: cygport improvements: upload, fish, src_prep_fini_hook
- From: Andrew Schulman <schulman dot andrew at epa dot gov>
- To: cygwin-apps at cygwin dot com
- Date: Fri, 09 Jan 2015 14:37:57 -0500
- Subject: Re: cygport improvements: upload, fish, src_prep_fini_hook
- Authentication-results: sourceware.org; auth=none
- References: <dgd89ahb9de6auehdqhdtpgubd5ohue185-e09XROE/p8c at public dot gmane dot org> <54AA46F3 dot 9090303 at cygwin dot com> <sbpkaa5h5ruhcv42rv9jqpe4bhn0lkrt3s at 4ax dot com> <sbpkaa5h5ruhcv42rv9jqpe4bhn0lkrt3s-e09XROE/p8c at public dot gmane dot org> <20150107155622 dot GA25322 at calimero dot vinschen dot de> <gtavaapu1ujh2031ugiamentip68klkk7m at 4ax dot com> <20150109104440 dot GE15791 at calimero dot vinschen dot de> <20150109104440.GE15791-gFVU/9LpRbY7J6Wt5sVu1mfrygkm6VTR at public dot gmane dot org> <20150109111649 dot GF15791 at calimero dot vinschen dot de>
> > > > - Look if ssh-agent is running (SSH_AGENT_PID non-empty?)
> > > > - If not, start ssh-agent and ssh-add. This asks for the passphrase,
> > > > if any.
> > > > - run sftp
> > > > - If the script started ssh-agent, run eval $(ssh-agent -k)
>
> I just played with this a bit and it turned out that you must be careful
> in terms of the login shell the user is using. If you run this in a
> bash script, while the user's login shell is tcsh, it's essential to
> start ssh-agent with the -s flag:
>
> eval $(ssh-agent -c)
> [...]
> eval $(ssh-agent -k -c)
>
> Otherwise ssh-agent will generate tcsh-compatible setenv/unsetenv
> commands :}
Ack, thanks.
> > > Another case is if the user sets SSH_KEY to use a specific key, and they already
> > > have an ssh-agent running, but it doesn't include that key. Then the key will
> > > have to be added and then removed again afterward, or maybe a different
> > > ssh-agent started. I'll have to think about that.
> >
> > SSH_KEY? This env var is not supported by ssh. If that's an lftp
> > thingy you can ignore it using the above method.
>
> On second thought, yes, the user might want to use an ssh key which
> is not usually maintained by ssh-agent. Would it make sense to allow
> storing the key in ~/.cygport.conf?
Yes, SSH_KEY is a variable that I added just to the cygport upload command,
to allow people to specify a different key they might want to use for
uploading. It can be specified in the shell environment or in
~/.cygport.conf.
> Testing if the key is already maintained by ssh-agent is easy:
>
> $ ssh-add -l
> 2048 88:75:95:cf:de:12:e0:15:45:f2:a6:8e:89:08:93:2c /path/to/private-key
>
> Checking the path might be sufficient, but if you want to be really sure,
> you could check against the fingerprint value instead:
>
> $ ssh-keygen -l -f /path/to/private-key
> 2048 88:75:95:cf:de:12:e0:15:45:f2:a6:8e:89:08:93:2c <some string>
Yes, comparing hashes is better (though a bit scrapy).
Thanks,
Andrew
- References:
- Re: cygport improvements: upload, fish, src_prep_fini_hook
- Re: cygport improvements: upload, fish, src_prep_fini_hook
- Re: cygport improvements: upload, fish, src_prep_fini_hook
- Re: cygport improvements: upload, fish, src_prep_fini_hook
- Re: cygport improvements: upload, fish, src_prep_fini_hook
- Re: cygport improvements: upload, fish, src_prep_fini_hook