From 2934787af840e5c14eea447ae2ec41dbfc3a1be5 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Wed, 5 Mar 2014 13:53:21 -0400 Subject: webapp: Include no-pty in ssh authorized_keys lines. git-annex-shell does not need a pty, so this speeds things up. Also, it may avoid weird misconfigured systems that try to run screen or tmux on every ssh login from doing so. --- Assistant/Ssh.hs | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'Assistant') diff --git a/Assistant/Ssh.hs b/Assistant/Ssh.hs index 82da9e33a..acb2fc11c 100644 --- a/Assistant/Ssh.hs +++ b/Assistant/Ssh.hs @@ -143,6 +143,8 @@ addAuthorizedKeys :: Bool -> FilePath -> SshPubKey -> IO Bool addAuthorizedKeys gitannexshellonly dir pubkey = boolSystem "sh" [ Param "-c" , Param $ addAuthorizedKeysCommand gitannexshellonly dir pubkey ] +{- Should only be used within the same process that added the line; + - the layout of the line is not kepy stable across versions. -} removeAuthorizedKeys :: Bool -> FilePath -> SshPubKey -> IO () removeAuthorizedKeys gitannexshellonly dir pubkey = do let keyline = authorizedKeysLine gitannexshellonly dir pubkey @@ -195,7 +197,7 @@ authorizedKeysLine gitannexshellonly dir pubkey - long perl script. -} | otherwise = pubkey where - limitcommand = "command=\"GIT_ANNEX_SHELL_DIRECTORY="++shellEscape dir++" ~/.ssh/git-annex-shell\",no-agent-forwarding,no-port-forwarding,no-X11-forwarding " + limitcommand = "command=\"GIT_ANNEX_SHELL_DIRECTORY="++shellEscape dir++" ~/.ssh/git-annex-shell\",no-agent-forwarding,no-port-forwarding,no-X11-forwarding,no-pty " {- Generates a ssh key pair. -} genSshKeyPair :: IO SshKeyPair -- cgit v1.2.3