1 |
Hello, |
2 |
|
3 |
I sent this message to Tal Peer <coredumb@g.o> (the current |
4 |
maintainer of cvs.eclass), but I thought others might be interested, so |
5 |
I am posting it here as well. Message follows: |
6 |
|
7 |
I needed SSH password authentication for app-editors/emacs-cvs, so I |
8 |
modified cvs.eclass to support it. |
9 |
|
10 |
See URL: http://dev.gentoo.org/~jbms/cvs.eclass |
11 |
|
12 |
As you will notice, the changes involve a rather complex hack; |
13 |
unfortunately, I do not believe that there is any better way to do it |
14 |
unless the interface to ssh changes. |
15 |
|
16 |
Additionally, dealing with the SSH known hosts file is somewhat of a |
17 |
problem. If no additional options are passed to SSH, in many cases it |
18 |
is expected that the user would not have added the keys for the relevant |
19 |
host to /root/.ssh/known_hosts before running the ebuild command; thus, |
20 |
the client would not allow the connection. |
21 |
|
22 |
In order to avoid this problem, I have added the option |
23 |
ECVS_SSH_NO_STRICT_HOST_CHECKING, which, if set to "1", allows the host |
24 |
key checking to be ignored. But, if -oStrictHostKeyChecking=no is |
25 |
simply appended to the SSH command-line, however, the result is that |
26 |
root's SSH known_hosts file is modified, which is not desirable. As a |
27 |
workaround, the eclass copies "${HOME}/.ssh/known_hosts" to a temporary |
28 |
location and specifies to SSH to use the temporary file. The result is |
29 |
that host key checking is disabled if the host is not already present |
30 |
in "${HOME}/.ssh/known_hosts" or the global known_hosts file, but |
31 |
non-temporary files are not modified. |
32 |
|
33 |
There still remains one minor issue, which is that if the host is |
34 |
present in a non-default known_hosts file which the user has specified |
35 |
in an ssh_config file, host checking would ideally be enabled, but |
36 |
because there appears to be no way to learn of a non-default known_hosts |
37 |
file location short of parsing the ssh_config files, the eclass in that |
38 |
case disables host checking. I do not believe this is a very serious |
39 |
problem, however. |
40 |
|
41 |
Anyway, I did not modify the comments at the top, so before committing |
42 |
these modifications, the comments should probably be updated. |
43 |
|
44 |
What are you thoughts? |
45 |
|
46 |
-- |
47 |
Jeremy Maitin-Shepard |