[MERGE] All ssh variants support authentication.conf
Aaron Bentley
aaron at aaronbentley.com
Wed Oct 15 20:41:50 BST 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi all,
There's currently no way for bzrlib clients to control the SSH username
that is used. Well, there is, but only for those using Paramiko's ssh
implementation rather than, say, OpenSSH.
When authentication.conf was originally documented, the intent was for
it to provide default SSH usernames:
Note that ssh servers can be configured to use keys instead of
(``user``, ``password``) and, when used with appropriate agents,
provide the same kind of comfort this specification aims to provide
for all other schemes. Since ssh agents provide a safer way to secure
the passwords, this specification is restricted to providing ``user``
but does not provide ``password``.
But this was only implemented for Paramiko. (It also uses passwords.)
In developing Launchpad, we are now using bzr+ssh URLs that lack
usernames, so that any user can use them. But these URLs only work when
bzr can correctly deduce a user's Launchpad user-id. Most of the time,
the local username matches the launchpad id and all is well. Otherwise,
users must edit .ssh/config.
This is not fair to users. The shouldn't have to repeat themselves to
get the desired effect, first by using launchpad-login, then by editing
.ssh/config. Since they're required to run launchpad-login, they have a
right to expect that to govern all their use of Launchpad URLs.
This patch allows authentication.conf to provide a default username that
will override the local username or ssh configuration. Explicit
usernames will override it, and if there is no setting, client-specific
defaults will be used.
A follow-on will change launchpad-login to update authentication.conf.
Aaron
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkj2R34ACgkQ0F+nu1YWqI1TsgCeIPGLlnm86KTUBKCjGVjeR+gg
OhAAniN93xaJTcP5lE4+oYTi2X6SWcjm
=UTsy
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ssh-authconfig-3784.patch
Type: text/x-diff
Size: 13489 bytes
Desc: not available
Url : https://lists.ubuntu.com/archives/bazaar/attachments/20081015/89af217d/attachment-0001.bin
More information about the bazaar
mailing list