ssh: let password override keys?
Martin Pool
mbp at canonical.com
Thu Oct 5 00:25:56 BST 2006
On 04/10/2006, at 14:56 , John Arbash Meinel wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Robey Pointer wrote:
>> I found this message while trying to clear out my mailbox. (Sorry it
>> got lost for so long.) I think he's suggesting that if a password is
>> given in the sftp:// url, it should be tried before local .ssh/
>> private
>> keys are tried.
>>
>> Sounds reasonable to me. Does anyone have an objection? If not,
>> I'll
>> submit a patch.
>
> We are unable to pass passwords to an ssh subprocess. So if there is a
> 'ssh' program available, we don't support the password portion of
> sftp://user:password@host/'.
>
>
> passing in a ":password" is generally not recommended, since it starts
> showing up in the .*history files and in the output of 'ps', etc.
>
> So, in general, I think we want to get away from having people use
> passwords in their urls. That said, it is reasonable that if the
> password does exist, then it should be used before the agent is asked.
I agree. I think it'd be reasonable if
- If we're using a non-paramiko ssh vendor, the user should get a
warning that
the password can't be passed through. (There should perhaps be a
method on
the vendor class that tells whether this can be supported.) This
should indicate
that people need to install paramiko and/or configure bzr to use it.
- Probably we should give a warning "warning: supplying a password
in a
url is a security hazard."
--
Martin
More information about the bazaar
mailing list