This is the mail archive of the
cygwin-apps
mailing list for the Cygwin project.
Re: cygport improvements: upload, fish, src_prep_fini_hook
- From: Andrew Schulman <schulman dot andrew at epa dot gov>
- To: cygwin-apps at cygwin dot com
- Date: Mon, 19 Jan 2015 09:23:09 -0500
- Subject: Re: cygport improvements: upload, fish, src_prep_fini_hook
- Authentication-results: sourceware.org; auth=none
- References: <544D0CC5 dot 9030600 at cygwin dot com> <nu2s4al5tup14gfvge083ri8u9j6t62c7m at 4ax dot com> <nu2s4al5tup14gfvge083ri8u9j6t62c7m-e09XROE/p8c at public dot gmane dot org> <547F5B88 dot 3020403 at cygwin dot com> <dgd89ahb9de6auehdqhdtpgubd5ohue185 at 4ax dot com> <dgd89ahb9de6auehdqhdtpgubd5ohue185-e09XROE/p8c at public dot gmane dot org> <54AA46F3 dot 9090303 at cygwin dot com> <aeglba9fu1vvj52q6qmeepqkpskr8ks2km at 4ax dot com> <aeglba9fu1vvj52q6qmeepqkpskr8ks2km-e09XROE/p8c at public dot gmane dot org> <20150119085101 dot GB9265 at calimero dot vinschen dot de>
> > If SSH_KEY is set (in the environment, or in ~/.cygport.conf), then cygport will
> > load that key into an ssh-agent if necessary.
>
> Minor nit: SSH_KEY as env var is so generic and easily confused with
> the variables set by ssh-agent. Wouldn't something with CYGPORT in its
> name be better? CYGPORT_SSH_KEY?
Either way is okay with me. Yaakov, do you have a preference?
> > If SSH_KEY is not set, then it's just too hard to figure out what key ssh will
> > use. To figure that out, we'd have to reproduce a bunch of logic in ssh,
> > including parsing the ssh config file, and that's not going to happen. So, in
> > this case we just give up and give lftp the connect string
> > sftp://cygwin-rDBXBDvO6BXQT0dZR+AlfA@public.gmane.org, which will cause it to prompt for a passphrase every
> > time.
>
> This puzzles me a bit. Even if an ssh-agent is running? Does lftp
> utilize a running ssh-agent?
Yes, it does. lftp calls ssh to use as its network transport, so ssh-agent is
supported and all of the usual rules apply for which key ssh will use for the
connection.
But here's the problem: I need to add the right key to ssh-agent before I run
lftp. But which key is that? It could be any of the standard key names, or the
user could specify an IdentityFile for cygwin.com in ~/.ssh/config. To figure
it out I'd have to either:
(1) Reimplement the rules that ssh uses to decide which key to use, including
parsing ~/.ssh/config; or
(2) Get ssh to tell me which key it uses, by running an initial ssh connection
to cygwin.com and processing the output to get information about the key.
I've thought about both of these options, and they're hard. They'd add
complexity and unreliability that I think aren't justified by the gain in ease
of use.
So, the fallback is just to make maintainers add SSH_KEY to their .cygport.conf
file, if they don't want to get prompted for a passphrase every time. I think
it's an okay compromise.
Andrew