Re: [fossil-users] Password prompt with SSH protocol on Windows?

2015-12-12 Thread Andy Bradford 
Thus said Warren Young on Fri, 11 Dec 2015 15:26:29 -0700:

> I'd say  take it up  with the plink  developers, then. It  *should* do
> interactive prompting in this case.

It's possible that there is something  in the way Fossil forks the plink
process on Windows that is causing plink not to prompt, but I cannot say
for certain.

Thanks,

Andy
-- 
TAI64 timestamp: 4000566c5cef


___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] Password prompt with SSH protocol on Windows?

2015-12-12 Thread Andy Bradford 
Thus said Daniel Dumitriu on Fri, 11 Dec 2015 23:18:41 +0100:

> By the  way: Does the  whole reasoning not  hold for https  URLs? They
> allow a password on the command line, too.

HTTP(S)  urls behave  differently than  SSH because  they are  different
protocols/systems. The password in HTTP(S) is not a system login, but is
rather a  Fossil username/password. There  is nothing with  which Fossil
must interact because  all it does is take your  password, pick a nonce,
and then make a signature that gets transmitted to the remote host:

http://www.fossil-scm.org/index.html/artifact/5d5c19958bad3b0de0be4f47ad022c689be0d543?txt=1=40,51

Whereas with SSH,  using the password necessarily means  that Fossil has
to  interact  with  SSH  in  some fashion  by  looking  for  a  password
prompt,  (because SSH  typically  does not  allow  passing in  passwords
non-interactively  and implementations  of such  are non-standard).  The
only way SSH allows non-interactive authentication is to use keys.

> Was  done.  The  user name  is  still  cut  off  at a  possible  colon
> (now  undocumented),   but  I  guess   that's  ok,  given   the  usual
> [a-z_][a-z0-9_-]*[$] rule for user names.

Likely on  all Unix systems,  : is not allowed  in a username,  but that
doesn't  mean that  there  are other  systems that  don't  allow it,  so
perhaps Fossil should not treat the : as special.

To make  the documentation  more accurate and  to not  silently truncate
data in the username,  should Fossil not treat the :  as special for the
SSH protocol?

Andy
-- 
TAI64 timestamp: 4000566c5afe


___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] Password prompt with SSH protocol on Windows?

2015-12-11 Thread Daniel Dumitriu 
On 11.12.2015 06:19, Andy Bradford said:

>> when called  as a  process [1].  I don't  know if  this can  be solved
>> inside fossil; a workaround is to use a modified plink, e.g. that from
>> TortoiseSVN.
>
> You can configure Fossil to use the modified plink. Use:
>
> fossil clone --ssh-command /path/to/modified/plink.exe -T -e none ...

That is exactly what I've done (and more, i.e. "fossil settings --global
ssh-command PATH").

>
>> Still there seems to be another  problem with fossil: it does not pass
>> the password  to plink  when it was  given on the  command line  as in
>> user:pass@host:port.
> This is  because Fossil does not  interact with SSH, the  end user does.
> Fossil  forks an  SSH  command, and  you, the  user,  interact with  any
> prompts  the  SSH  process  issues. When  you  have  completed  entering
> password information into  SSH, Fossil now has a set  of encrypted pipes
> to read/write to via stdin/stdout.

I agree. Still the documentation (e.g. fossil clone) mentions this
possibility for ssh URL's ([userid[:password]@]host), so in my opinion
either fossil passes the password further to plink (it cannot do this on
Linux to ssh, since that one has no password argument), or it removes
this altogether from documentation.

Would it be an idea to detect the case Windows and no Pageant (or maybe
add some new "-p" fossil argument) and implement password prompt inside
fossil? Just contemplating...

Side note: as for the security risk, I agree in principle, but since the
user has already decided to type in his password on fossil's command
line, the evil is there and passing it to plink makes it no worse.

Daniel
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] Password prompt with SSH protocol on Windows?

2015-12-11 Thread Warren Young 
On Dec 11, 2015, at 3:18 PM, Daniel Dumitriu  wrote:
> 
>> Why can’t you just use SSH keys?  The wish for automated login without 
>> leaking passwords is exactly the problem they solve.
> I can and I do. But maybe other users cannot

Why “cannot”?  I get “will not,” but “CAN” not?

You’re asking for Fossil to add a way for your users to shoot themselves in the 
foot, when there is a perfectly sensible alternative available.

PuTTY ships with a tool that can create SSH keys.

> By the way: Does the whole reasoning not hold for https URLs? They allow
> a password on the command line, too.

No, because HTTP basic authentication is a thing:

  
http://fossil-users.fossil-scm.narkive.com/ClIwmXcA/command-line-option-for-http-auth

If you’re using Fossil + HTTP basic auth + HTTPS, then yes, putting the 
password in the URL is a problem.  But, Fossil can get the password 
interactively instead, remember it, and send it in HTTPS instead, so no 
foot-shooting.

>>> Side note: as for the security risk, I agree in principle, but since the
>>> user has already decided to type in his password on fossil's command
>>> line, the evil is there and passing it to plink makes it no worse.
>> 
>> A password interactively typed into ssh/plink is as secure as the box it’s 
>> running on.
> My example was for cases where the user does *not* type his password
> into plink since, well, vanilla plink launched by another process does
> not prompt for a password - the initial reason for my post.

Sorry, I’m not terribly familiar with PuTTY.  I use Cygwin OpenSSH or SecureCRT 
on Windows wherever possible.

I’d say take it up with the plink developers, then.  It *should* do interactive 
prompting in this case.
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] Password prompt with SSH protocol on Windows?

2015-12-11 Thread Daniel Dumitriu 
> Why can’t you just use SSH keys?  The wish for automated login without 
> leaking passwords is exactly the problem they solve.
I can and I do. But maybe other users cannot, and they get tempted by
that :password bit. Or they like to carry on a stick plink next to their
fossil executable, so they are really portable and not depend on the
host's software.

By the way: Does the whole reasoning not hold for https URLs? They allow
a password on the command line, too.

>> remove this altogether from documentation.
> Agreed.
Was done. The user name is still cut off at a possible colon (now
undocumented), but I guess that's ok, given the usual
[a-z_][a-z0-9_-]*[$] rule for user names.

>> Side note: as for the security risk, I agree in principle, but since the
>> user has already decided to type in his password on fossil's command
>> line, the evil is there and passing it to plink makes it no worse.
> 
> A password interactively typed into ssh/plink is as secure as the box it’s 
> running on.
My example was for cases where the user does *not* type his password
into plink since, well, vanilla plink launched by another process does
not prompt for a password - the initial reason for my post.

Maybe it is best to mention this issue in the (html) documentation and
suggest alternatives, i.e. either use TortoisePlink or plink -i
 (or Pageant, of course).

Daniel
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] Password prompt with SSH protocol on Windows?

2015-12-11 Thread Warren Young 
On Dec 11, 2015, at 2:59 AM, Daniel Dumitriu  wrote:
> 
> the documentation (e.g. fossil clone) mentions this
> possibility for ssh URL's ([userid[:password]@]host), so in my opinion
> either fossil passes the password further to plink

Interesting.  It has a -pw flag for this.

(That is, “interesting” in the ancient Chinese curse sense.)

> (it cannot do this on
> Linux to ssh, since that one has no password argument)

Yes, on purpose.  Standard Linux distros allow any user to snoop on the command 
line arguments to any other user’s process.  A password argument will also get 
logged in your shell’s history file, in the sudo log, etc.  Password flags are 
a horrible idea if you care about security, which presumably you *do* if you’re 
using SSH.  (Else, just use HTTP, no “S”.)

That is all just as true on Windows: the process table is walkable by normal 
user processes (e.g. Task Manager), PowerShell and the Cygwin shells keep a 
command history, etc.  Therefore, the use of plink -pw is highly suspect on 
Windows.

Why can’t you just use SSH keys?  The wish for automated login without leaking 
passwords is exactly the problem they solve.

(And they solve additional problems, like the relatively low entropy of most 
user passwords.)

> remove this altogether from documentation.

Agreed.

> Side note: as for the security risk, I agree in principle, but since the
> user has already decided to type in his password on fossil's command
> line, the evil is there and passing it to plink makes it no worse.

A password interactively typed into ssh/plink is as secure as the box it’s 
running on.

That is to say, the password is secure as long as the box doesn’t have a 
keylogger running on it, or a rogue admin-level process that uses the OS’s 
debugging hooks to snoop plink’s RAM, or…

And if you do have such a process running on your system, you’ve already lost 
control of your data, so the time to worry about security has passed.
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] Password prompt with SSH protocol on Windows?

2015-12-10 Thread Joerg Sonnenberger 
On Thu, Dec 10, 2015 at 03:59:29PM +0100, Daniel Dumitriu wrote:
> Still there seems to be another problem with fossil: it does not pass
> the password to plink when it was given on the command line as in
> user:pass@host:port. Maybe something along these lines ("-p pass")?

I would call that a security nightmare. Unless I am missing some option
for plink.exe to say "use the password from this file descriptor",
that's a big N.

Joerg
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] Password prompt with SSH protocol on Windows?

2015-12-10 Thread Ron W 
I would use Pageant if you don't want to have to respond to an interactive
password prompt.


On Thu, Dec 10, 2015 at 9:59 AM, Daniel Dumitriu 
wrote:

> Hi,
>
> Coming back to my own unanswered question: it seems like it has to do
> with standard (PuTTY) plink's inability to hook itself to console input
> when called as a process [1]. I don't know if this can be solved inside
> fossil; a workaround is to use a modified plink, e.g. that from
> TortoiseSVN.
>
> Still there seems to be another problem with fossil: it does not pass
> the password to plink when it was given on the command line as in
> user:pass@host:port. Maybe something along these lines ("-p pass")?
>
> http://www.fossil-scm.org/index.html/artifact/c6f2ce84?ln=104-106
>
> Thanks,
> Daniel
>
> [1]
>
> http://stackoverflow.com/questions/3947551/cant-type-password-or-anything-else-into-plink-with-svnssh
>
> On 04.12.2015 11:48, Daniel Dumitriu wrote:
> > Hi,
> >
> > I'm having problems using Fossil with the SSH protocol on Windows 8.1.
> > Somehow the password is not being prompted for. Interestingly enough,
> > when I run the relevant plink command by itself, the password prompt
> > comes up and connection succeeds.
> >
> > Using keys (Pageant) works though - at least if one ignores the "Unable
> > to write to standard output: The pipe is being closed." message.
> >
> > Below are the relevant output excerpts.
> >
> > Thanks,
> > Daniel
> ___
> fossil-users mailing list
> fossil-users@lists.fossil-scm.org
> http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
>
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] Password prompt with SSH protocol on Windows?

2015-12-10 Thread Andy Bradford 
Thus said Daniel Dumitriu on Thu, 10 Dec 2015 15:59:29 +0100:

> when called  as a  process [1].  I don't  know if  this can  be solved
> inside fossil; a workaround is to use a modified plink, e.g. that from
> TortoiseSVN.

You can configure Fossil to use the modified plink. Use:

fossil clone --ssh-command /path/to/modified/plink.exe -T -e none ...


> Still there seems to be another  problem with fossil: it does not pass
> the password  to plink  when it was  given on the  command line  as in
> user:pass@host:port.

This is  because Fossil does not  interact with SSH, the  end user does.
Fossil  forks an  SSH  command, and  you, the  user,  interact with  any
prompts  the  SSH  process  issues. When  you  have  completed  entering
password information into  SSH, Fossil now has a set  of encrypted pipes
to read/write to via stdin/stdout.

Andy
-- 
TAI64 timestamp: 4000566a5cfd


___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] Password prompt with SSH protocol on Windows?

2015-12-10 Thread Daniel Dumitriu 
Hi,

Coming back to my own unanswered question: it seems like it has to do
with standard (PuTTY) plink's inability to hook itself to console input
when called as a process [1]. I don't know if this can be solved inside
fossil; a workaround is to use a modified plink, e.g. that from TortoiseSVN.

Still there seems to be another problem with fossil: it does not pass
the password to plink when it was given on the command line as in
user:pass@host:port. Maybe something along these lines ("-p pass")?

http://www.fossil-scm.org/index.html/artifact/c6f2ce84?ln=104-106

Thanks,
Daniel

[1]
http://stackoverflow.com/questions/3947551/cant-type-password-or-anything-else-into-plink-with-svnssh

On 04.12.2015 11:48, Daniel Dumitriu wrote:
> Hi,
> 
> I'm having problems using Fossil with the SSH protocol on Windows 8.1.
> Somehow the password is not being prompted for. Interestingly enough,
> when I run the relevant plink command by itself, the password prompt
> comes up and connection succeeds.
> 
> Using keys (Pageant) works though - at least if one ignores the "Unable
> to write to standard output: The pipe is being closed." message.
> 
> Below are the relevant output excerpts.
> 
> Thanks,
> Daniel
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

[fossil-users] Password prompt with SSH protocol on Windows?

2015-12-04 Thread Daniel Dumitriu 
Hi,

I'm having problems using Fossil with the SSH protocol on Windows 8.1.
Somehow the password is not being prompted for. Interestingly enough,
when I run the relevant plink command by itself, the password prompt
comes up and connection succeeds.

Using keys (Pageant) works though - at least if one ignores the "Unable
to write to standard output: The pipe is being closed." message.

Below are the relevant output excerpts.

Thanks,
Daniel


$ fossil version
This is fossil version 1.34 [5032c50d14] 2015-12-04 00:40:25 UTC

$ plink -V
plink: Release 0.66

$ fossil clone --once --sshtrace --verbose --ssh-command "plink -ssh -T
-v" ssh://p**@d***.**:2224/repos/fossil/testssh.fossil testssh.fossil
Bytes  Cards  Artifacts Deltas
waiting for server...
plink -ssh -T -v -P 2224 p**@d***.** fossil test-http
repos/fossil/testssh.fossil
Looking up host "d***.**"
Connecting to *.*.***.43 port 2224
We claim version: SSH-2.0-PuTTY_Release_0.66
Server version: SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.3
We believe remote version has SSH-2 channel request bug
Using SSH protocol version 2
Doing Diffie-Hellman group exchange
Doing Diffie-Hellman key exchange with hash SHA-256
Host key fingerprint is:
ssh-rsa 4096 20:b2:**:**:**:**:**:**:**:**:**:**:**:**:**:**
Initialised AES-256 SDCTR client->server encryption
Initialised HMAC-SHA-256 client->server MAC algorithm
Initialised AES-256 SDCTR server->client encryption
Initialised HMAC-SHA-256 server->client MAC algorithm
Using username "p**".


$ plink -ssh -T -v -P 2224 p**@d***.** fossil test-http
repos/fossil/testssh.fossil
Looking up host "d***.**"
Connecting to *.*.***.** port 2224
We claim version: SSH-2.0-PuTTY_Release_0.66
Server version: SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.3
We believe remote version has SSH-2 channel request bug
Using SSH protocol version 2
Doing Diffie-Hellman group exchange
Doing Diffie-Hellman key exchange with hash SHA-256
Host key fingerprint is:
ssh-rsa 4096 20:b2:**:**:**:**:**:**:**:**:**:**:**:**:**:**
Initialised AES-256 SDCTR client->server encryption
Initialised HMAC-SHA-256 client->server MAC algorithm
Initialised AES-256 SDCTR server->client encryption
Initialised HMAC-SHA-256 server->client MAC algorithm
Using username "p**".
p**@d***.**'s password:


> fossil clone --once --sshtrace --verbose --ssh-command "plink -ssh -T
-v" ssh://p**@d***.**:2224/repos/fossil/testssh.fossil testssh.fossil
Bytes  Cards  Artifacts Deltas
waiting for server...
plink -ssh -T -v -P 2224 p**@d***.** fossil test-http
repos/fossil/testssh.fossil
Looking up host "d***.**"
Connecting to *.*.***.43 port 2224
We claim version: SSH-2.0-PuTTY_Release_0.66
Server version: SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.3
We believe remote version has SSH-2 channel request bug
Using SSH protocol version 2
Doing Diffie-Hellman group exchange
Doing Diffie-Hellman key exchange with hash SHA-256
Host key fingerprint is:
ssh-rsa 4096 20:b2:**:**:**:**:**:**:**:**:**:**:**:**:**:**
Initialised AES-256 SDCTR client->server encryption
Initialised HMAC-SHA-256 client->server MAC algorithm
Initialised AES-256 SDCTR server->client encryption
Initialised HMAC-SHA-256 server->client MAC algorithm
Pageant is running. Requesting keys.
Pageant has 1 SSH-2 keys
Using username "p**".
Trying Pageant key #0
Authenticating with public key "d***-*_-**-**" from agent
Sending Pageant's response
Access granted
Opening session as main channel
Opened main channel
Started a shell/command
Got line: [Status: 200 OK]
Got line: [X-Frame-Options: SAMEORIGIN]
Got line: [Cache-control: no-cache]
Got line: [Content-Type: application/x-fossil-uncompressed; charset=utf-8]
Got line: [Content-Length: 638]
Got line: []
Reading 638 bytes with 1 on hand...  Got 638 bytes
Sent:  53  1  0  0
Received: 638  9  3  0
waiting for server...Got line: [Status: 200 OK]
Got line: [X-Frame-Options: SAMEORIGIN]
Got line: [Cache-control: no-cache]
Got line: [Content-Type: application/x-fossil; charset=utf-8]
Got line: [Content-Length: 404]
Got line: []
Reading 404 bytes with 0 on hand...  Got 404 bytes
Sent:  58  2  0  0
Received: 694  5  0  0
Clone done, sent: 567  received: 1343  ip: d***.**
Sent EOF message
Unable to write to standard output: The pipe is being closed.
Rebuilding repository meta-data...
  100.0% complete...
Extra delta compression...
Vacuuming the database...
project-id: c0f7a2da10af3a2fb8ffe6c2124b672756c96382
server-id:  b210faec39b4c2d0792c71d618f2e34ef073387f
admin-user: p** (password is "872519")
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users