problem with bzr push when using sftp
John Arbash Meinel
john at arbash-meinel.com
Tue Mar 15 05:55:08 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 3/15/2011 12:14 AM, Martin Pool wrote:
> Thanks for connecting that up.
>
> 'Service Request' is described in <http://www.ietf.org/rfc/rfc4253.txt>.
>
> It looks like paramiko sends one ssh-userauth request per call to
> auth_* method (eg auth_password etc), and in _paramiko_auth, bzr calls
> these sequentially to try to find an acceptable authentication
> mechanism. That seems on the face of it reasonable to me.
>
> <http://www.ietf.org/rfc/rfc4252.txt> strongly suggests that it's fine
> to send multiple service requests until you find one the service
> accepts.
>
> Martin
>
If it is multiple auth_* requests, it is actually what openssh does, and
what inspired us to do it. I forget the exact nature of it, but openssh
recommends sending auth_none to find the list of auth types that are
supported, and then auth_<the one you want>.
We did that in response to "why is bzr trying to use Password
authentication against Launchpad which doesn't allow it." It seems the
way you are supposed to detect it isn't supported is by using
'auth_none' to get the list of supported types.
If we have something wrong here, we can try to fix it. But I'm pretty
sure it was the correct way to go.
John
=:->
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Cygwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk1+/zsACgkQJdeBCYSNAANFAACeLSR7BO3MaDKwSt174kUL6gnr
oooAoKq7EHFw2AhqnfMcJuul18VOb0rk
=iUEw
-----END PGP SIGNATURE-----
More information about the bazaar
mailing list