This is the mail archive of the
cygwin-apps
mailing list for the Cygwin project.
Re: cygport improvements: upload, fish, src_prep_fini_hook
- From: Andrew Schulman <schulman dot andrew at epa dot gov>
- To: cygwin-apps at cygwin dot com
- Date: Sat, 17 Jan 2015 18:25:11 -0500
- Subject: Re: cygport improvements: upload, fish, src_prep_fini_hook
- Authentication-results: sourceware.org; auth=none
- References: <i1c74ah3hi6gdirp06o45tq2kcstclnr14 at 4ax dot com> <i1c74ah3hi6gdirp06o45tq2kcstclnr14-e09XROE/p8c at public dot gmane dot org> <544D0CC5 dot 9030600 at cygwin dot com> <nu2s4al5tup14gfvge083ri8u9j6t62c7m at 4ax dot com> <nu2s4al5tup14gfvge083ri8u9j6t62c7m-e09XROE/p8c at public dot gmane dot org> <547F5B88 dot 3020403 at cygwin dot com> <dgd89ahb9de6auehdqhdtpgubd5ohue185 at 4ax dot com> <dgd89ahb9de6auehdqhdtpgubd5ohue185-e09XROE/p8c at public dot gmane dot org> <54AA46F3 dot 9090303 at cygwin dot com>
> You're right, this isn't pretty. :-( Any progress since then?
OK, here's what I've worked out.
If SSH_KEY is set (in the environment, or in ~/.cygport.conf), then cygport will
load that key into an ssh-agent if necessary.
* If no ssh-agent is running, cygport will start one and load the key, then kill
the agent when the upload is done.
* If an ssh-agent is running but the key isn't already loaded into it, cygport
will load the key, then unload it again when the upload is done.
In either of the above cases, ssh-add will prompt for a passphrase if needed
when it loads the key. So in this case, the user will be prompted for a
passphrase if and only if one is needed. Hooray.
If SSH_KEY is not set, then it's just too hard to figure out what key ssh will
use. To figure that out, we'd have to reproduce a bunch of logic in ssh,
including parsing the ssh config file, and that's not going to happen. So, in
this case we just give up and give lftp the connect string
sftp://cygwin@cygwin.com, which will cause it to prompt for a passphrase every
time.
So this isn't a perfect solution, but I think it's the best available
compromise. If, like me, you always have your keys loaded into an ssh-agent,
and you don't want to be prompted for an unneeded passphrase on every upload,
then you'll need to do the one-time configuration of setting SSH_KEY in your
~/.cygport.conf file. Then cygport will be able to figure out that it doesn't
need to prompt you every time.
I've coded the above and tested it in all of the cases of SSH_KEY set/not set,
ssh agent running/not running, private key file encrypted/not encrypted,
loaded/not loaded. It works for me, but of course more testing is welcome.
Result is pushed to https://github.com/andrex-e-schulman/cygport/tree/upload.
Thanks to Corinna for the suggestion of using ssh-agent.
Andrew