blob: ac5a473800f9f8db62e650dfa5413968a39ac6dd (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
Got ssh probing implemented. It checks if it can connect to the server, and
probes the server to see how it should be used.
Turned out to need two ssh probes. The first uses the system's existing ssh
configuration, but disables password prompts. If that's able to get in
without prompting for a password, then the user must have set that up,
and doesn't want to be bothered with password prompts, and it'll respect
that configuration.
Otherwise, it sets up a per-host ssh key, and configures a hostname alias
in `~/.ssh/config` to use that key, and probes using that.
Configuring ssh this way is nice because it avoids changing ssh's
behavior except when git-annex uses it, and it does not open up the server
to arbitrary commands being run without password.
--
Next up will be creating the repositories. When there's a per-host key,
this will also involve setting up `authorized_keys`, locking down the ssh
key to only allow running git-annex-shell or rsync.
I decided to keep that separate from the ssh probing, even though it means
the user will be prompted twice for their ssh password. It's cleaner and
allows the probing to do other checks -- maybe it'll later check the amount
of free disk space -- and the user should be able to decide after the probe
whether or not to proceed with making the repository.
|
