Gentoo Archives: gentoo-dev

From: Jeremy Maitin-Shepard <jbms@g.o>
To: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] SSH password authentication support for cvs.eclass
Date: Mon, 29 Dec 2003 04:34:23
In Reply to: Re: [gentoo-dev] SSH password authentication support for cvs.eclass by Nick Jones
1 Nick Jones <carpaski@××××××.net> writes:
3 >> Additionally, dealing with the SSH known hosts file is somewhat of a
4 >> problem. If no additional options are passed to SSH, in many cases it
5 >> is expected that the user would not have added the keys for the relevant
6 >> host to /root/.ssh/known_hosts before running the ebuild command; thus,
7 >> the client would not allow the connection.
9 > You can write an interface inbetween the eclass and ssh using popen and
10 > forktty. I did this for work. It's fairly aggitating to do, but does
11 > work. forktty opens master and slave pty's and you use the master as
12 > the stderr pipe that communicates with ssh for the password and the
13 > host messages. The data you have to do close() and dup() operations
14 > to get them forwarded to the interface's stdout and stdin.
16 I don't quite see how this would do anything better than what I am
17 currently doing. The issue is not specifying to SSH to ignore that the
18 host is not in the known_hosts file -- that can be done using a simple
19 -oStrictHostKeyChecking=no. The issue is that if special care is not
20 taken, the key is then added to the user's personal known_hosts file,
21 which is probably undesirable. As I state in the message, the solution
22 I employ is to use a temporary known_hosts file. This works fine,
23 except that if the user has specified an alternative location for the
24 known_hosts file in his ssh_config file, the eclass will not copy the
25 alternative file to the temporary location, and so if the user did in
26 fact have the hosts' key in his known_hosts file in an alternative
27 location, the key would not be checked, when ideally it would. All in
28 all though, that seems like a very minor problem.
30 --
31 Jeremy Maitin-Shepard
33 --
34 gentoo-dev@g.o mailing list