webapp: Include no-pty in ssh authorized_keys lines.

git-annex-shell does not need a pty, so this speeds things up.
Also, it may avoid weird misconfigured systems that try to run screen or
tmux on every ssh login from doing so.

2 files changed, 4 insertions, 1 deletions

diff --git a/Assistant/Ssh.hs b/Assistant/Ssh.hs
index 82da9e33a..acb2fc11c 100644
--- a/Assistant/Ssh.hs
+++ b/Assistant/Ssh.hs
@@ -143,6 +143,8 @@ addAuthorizedKeys :: Bool -> FilePath -> SshPubKey -> IO Bool
 addAuthorizedKeys gitannexshellonly dir pubkey = boolSystem "sh"
 	[ Param "-c" , Param $ addAuthorizedKeysCommand gitannexshellonly dir pubkey ]
 
+{- Should only be used within the same process that added the line;
+ - the layout of the line is not kepy stable across versions. -}
 removeAuthorizedKeys :: Bool -> FilePath -> SshPubKey -> IO ()
 removeAuthorizedKeys gitannexshellonly dir pubkey = do
 	let keyline = authorizedKeysLine gitannexshellonly dir pubkey
@@ -195,7 +197,7 @@ authorizedKeysLine gitannexshellonly dir pubkey
 	 - long perl script. -}
 	| otherwise = pubkey
   where
-	limitcommand = "command=\"GIT_ANNEX_SHELL_DIRECTORY="++shellEscape dir++" ~/.ssh/git-annex-shell\",no-agent-forwarding,no-port-forwarding,no-X11-forwarding "
+	limitcommand = "command=\"GIT_ANNEX_SHELL_DIRECTORY="++shellEscape dir++" ~/.ssh/git-annex-shell\",no-agent-forwarding,no-port-forwarding,no-X11-forwarding,no-pty "
 
 {- Generates a ssh key pair. -}
 genSshKeyPair :: IO SshKeyPair
diff --git a/debian/changelog b/debian/changelog
index 16e0f8513..cefa45e89 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -27,6 +27,7 @@ git-annex (5.20140228) UNRELEASED; urgency=medium
   * glacier: Pass --region to glacier checkpresent.
   * webdav: When built with a new enough haskell DAV (0.6), disable
     the http response timeout, which was only 5 seconds.
+  * webapp: Include no-pty in ssh authorized_keys lines.
 
  -- Joey Hess <joeyh@debian.org>  Fri, 28 Feb 2014 14:52:15 -0400