This is the mail archive of the
cygwin-apps
mailing list for the Cygwin project.
Re: cygport improvements: upload, fish, src_prep_fini_hook
- From: David Rothenberger <daveroth at acm dot org>
- To: cygwin-apps at cygwin dot com
- Date: Sun, 21 Dec 2014 08:41:14 -0800
- Subject: Re: cygport improvements: upload, fish, src_prep_fini_hook
- Authentication-results: sourceware.org; auth=none
- References: <i1c74ah3hi6gdirp06o45tq2kcstclnr14 at 4ax dot com> <i1c74ah3hi6gdirp06o45tq2kcstclnr14-e09XROE/p8c at public dot gmane dot org> <544D0CC5 dot 9030600 at cygwin dot com> <nu2s4al5tup14gfvge083ri8u9j6t62c7m at 4ax dot com> <nu2s4al5tup14gfvge083ri8u9j6t62c7m-e09XROE/p8c at public dot gmane dot org> <547F5B88 dot 3020403 at cygwin dot com> <dgd89ahb9de6auehdqhdtpgubd5ohue185 at 4ax dot com>
On 12/19/2014 7:13 AM, Andrew Schulman wrote:
>> Here's what I have at the moment based on your branch as of a few weeks
>> ago. However, with password-protected SSH keys, the password prompt
>> isn't handled properly. Any ideas?
>
> OK, I've looked into this. It can be done, but the only solution I can see
> so far is ugly. Here's the deal:
>
> So this all kind of sucks. The only solution I can see so far is:
>
> (1) Run ssh -v cygwin@cygwin.com initially, and scrape stderr to find the
> file name of the key that's being used. (Between ssh-agents, IdentityFile
> entries in .ssh/config, and default key file names, I don't think there's
> any other sane way to figure out what key file ssh will use.)
>
> (2) Run ssh-keygen -y or similar, to figure out whether the key is
> encrypted.
>
> (3) If the key is encrypted, run
>
> lftp sftp://cygwin@cygwin.com
>
> so lftp will prompt for the passphrase. If it's not encrypted, run
>
> lftp sftp://cygwin:@cygwin.com
>
> and lftp won't prompt.
>
> Is this solution acceptable? It's ugly and slow (an extra ssh connection),
> but I guess it should be reliable.
Would be enough to default to prompting for the password but allow the
user to define a variable in /etc/cygport.conf or ~/.cygport.conf to
override the behavior? That variable could either be a boolean or
perhaps the entire connect string for lftp, or even a lftp bookmark.
Personally I use an encrypted key and ssh-agent. It's not a huge deal if
lftp prompts me for a password because I can just press Enter to have it
use ssh-agent, but it would be nice if I didn't have to.
--
David Rothenberger ---- daveroth@acm.org
"It ain't over until it's over."
-- Casey Stengel