diff options
| -rw-r--r-- | debian/changelog | 1 | ||||
| -rw-r--r-- | doc/design/assistant/sshpassword.mdwn | 12 |
2 files changed, 10 insertions, 3 deletions
diff --git a/debian/changelog b/debian/changelog index 9ed7d0ffd..349ca153e 100644 --- a/debian/changelog +++ b/debian/changelog @@ -6,6 +6,7 @@ git-annex (5.20140422) UNRELEASED; urgency=medium * Simplified repository description line format. The remote name, if any, is always in square brackets after the description. * assistant: Clean up stale tmp files on startup. + * webapp: Better ssh password prompting. -- Joey Hess <joeyh@debian.org> Fri, 02 May 2014 15:28:53 -0300 diff --git a/doc/design/assistant/sshpassword.mdwn b/doc/design/assistant/sshpassword.mdwn index 0113144c5..8b0ac3fe3 100644 --- a/doc/design/assistant/sshpassword.mdwn +++ b/doc/design/assistant/sshpassword.mdwn @@ -14,10 +14,12 @@ can be pretty sure noone is sniffing the (localhost) connection. ## ssh-askpass approach * If ssh-askpass is in PATH, or `SSH_ASKPASS` is set, do nothing. - (Unless webapp is run remotely.) + (Unless webapp is run remotely.) + XXX not currently done; the UI would need to omit the password entry + fields in this case. * Otherwise, have the assistant set `SSH_ASKPASS` to a command that will cause the webapp to read the password and forward it on. Also, set - DISPLAY to ensure that ssh runs the program. + DISPLAY to ensure that ssh runs the program. **done** Looking at ssh.exe, I think this will even work on windows; it contains the code to run ssh-askpass. @@ -36,14 +38,18 @@ code to run ssh-askpass. ### ssh-askpass shim, and password forwarding `SSH_ASKPASS` needs to be set to a program (probably git-annex) -which gets the password from the webapp, and outputs it to stdout. +which gets the password from the webapp, and outputs it to stdout. **done** Seems to call for the webapp and program to communicate over a local socket (locked down so only user can access) or environment. Environment is not as secure (easily snooped by root). Local socket probably won't work on Windows. Could just use a temp file. +(Currently uses a temp file with locked down perms that it's careful +to clean up after use.) + Note that the webapp can probe to see if ssh needs a password, and can prompt the user for it before running ssh and the ssh-askpass shim. This avoids some complexity, and perhaps some attack vectors, if the shim cannot requst an arbitrary password prompt. +(This complexity not needed with the temp file approach..) |