Re: [fossil-users] Password prompt with SSH protocol on Windows?
Thus said Warren Young on Fri, 11 Dec 2015 15:26:29 -0700: > I'd say take it up with the plink developers, then. It *should* do > interactive prompting in this case. It's possible that there is something in the way Fossil forks the plink process on Windows that is causing plink not to prompt, but I cannot say for certain. Thanks, Andy -- TAI64 timestamp: 4000566c5cef ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] Password prompt with SSH protocol on Windows?
Thus said Daniel Dumitriu on Fri, 11 Dec 2015 23:18:41 +0100: > By the way: Does the whole reasoning not hold for https URLs? They > allow a password on the command line, too. HTTP(S) urls behave differently than SSH because they are different protocols/systems. The password in HTTP(S) is not a system login, but is rather a Fossil username/password. There is nothing with which Fossil must interact because all it does is take your password, pick a nonce, and then make a signature that gets transmitted to the remote host: http://www.fossil-scm.org/index.html/artifact/5d5c19958bad3b0de0be4f47ad022c689be0d543?txt=1=40,51 Whereas with SSH, using the password necessarily means that Fossil has to interact with SSH in some fashion by looking for a password prompt, (because SSH typically does not allow passing in passwords non-interactively and implementations of such are non-standard). The only way SSH allows non-interactive authentication is to use keys. > Was done. The user name is still cut off at a possible colon > (now undocumented), but I guess that's ok, given the usual > [a-z_][a-z0-9_-]*[$] rule for user names. Likely on all Unix systems, : is not allowed in a username, but that doesn't mean that there are other systems that don't allow it, so perhaps Fossil should not treat the : as special. To make the documentation more accurate and to not silently truncate data in the username, should Fossil not treat the : as special for the SSH protocol? Andy -- TAI64 timestamp: 4000566c5afe ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] Password prompt with SSH protocol on Windows?
On 11.12.2015 06:19, Andy Bradford said: >> when called as a process [1]. I don't know if this can be solved >> inside fossil; a workaround is to use a modified plink, e.g. that from >> TortoiseSVN. > > You can configure Fossil to use the modified plink. Use: > > fossil clone --ssh-command /path/to/modified/plink.exe -T -e none ... That is exactly what I've done (and more, i.e. "fossil settings --global ssh-command PATH"). > >> Still there seems to be another problem with fossil: it does not pass >> the password to plink when it was given on the command line as in >> user:pass@host:port. > This is because Fossil does not interact with SSH, the end user does. > Fossil forks an SSH command, and you, the user, interact with any > prompts the SSH process issues. When you have completed entering > password information into SSH, Fossil now has a set of encrypted pipes > to read/write to via stdin/stdout. I agree. Still the documentation (e.g. fossil clone) mentions this possibility for ssh URL's ([userid[:password]@]host), so in my opinion either fossil passes the password further to plink (it cannot do this on Linux to ssh, since that one has no password argument), or it removes this altogether from documentation. Would it be an idea to detect the case Windows and no Pageant (or maybe add some new "-p" fossil argument) and implement password prompt inside fossil? Just contemplating... Side note: as for the security risk, I agree in principle, but since the user has already decided to type in his password on fossil's command line, the evil is there and passing it to plink makes it no worse. Daniel ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] Password prompt with SSH protocol on Windows?
On Dec 11, 2015, at 3:18 PM, Daniel Dumitriuwrote: > >> Why can’t you just use SSH keys? The wish for automated login without >> leaking passwords is exactly the problem they solve. > I can and I do. But maybe other users cannot Why “cannot”? I get “will not,” but “CAN” not? You’re asking for Fossil to add a way for your users to shoot themselves in the foot, when there is a perfectly sensible alternative available. PuTTY ships with a tool that can create SSH keys. > By the way: Does the whole reasoning not hold for https URLs? They allow > a password on the command line, too. No, because HTTP basic authentication is a thing: http://fossil-users.fossil-scm.narkive.com/ClIwmXcA/command-line-option-for-http-auth If you’re using Fossil + HTTP basic auth + HTTPS, then yes, putting the password in the URL is a problem. But, Fossil can get the password interactively instead, remember it, and send it in HTTPS instead, so no foot-shooting. >>> Side note: as for the security risk, I agree in principle, but since the >>> user has already decided to type in his password on fossil's command >>> line, the evil is there and passing it to plink makes it no worse. >> >> A password interactively typed into ssh/plink is as secure as the box it’s >> running on. > My example was for cases where the user does *not* type his password > into plink since, well, vanilla plink launched by another process does > not prompt for a password - the initial reason for my post. Sorry, I’m not terribly familiar with PuTTY. I use Cygwin OpenSSH or SecureCRT on Windows wherever possible. I’d say take it up with the plink developers, then. It *should* do interactive prompting in this case. ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] Password prompt with SSH protocol on Windows?
> Why can’t you just use SSH keys? The wish for automated login without > leaking passwords is exactly the problem they solve. I can and I do. But maybe other users cannot, and they get tempted by that :password bit. Or they like to carry on a stick plink next to their fossil executable, so they are really portable and not depend on the host's software. By the way: Does the whole reasoning not hold for https URLs? They allow a password on the command line, too. >> remove this altogether from documentation. > Agreed. Was done. The user name is still cut off at a possible colon (now undocumented), but I guess that's ok, given the usual [a-z_][a-z0-9_-]*[$] rule for user names. >> Side note: as for the security risk, I agree in principle, but since the >> user has already decided to type in his password on fossil's command >> line, the evil is there and passing it to plink makes it no worse. > > A password interactively typed into ssh/plink is as secure as the box it’s > running on. My example was for cases where the user does *not* type his password into plink since, well, vanilla plink launched by another process does not prompt for a password - the initial reason for my post. Maybe it is best to mention this issue in the (html) documentation and suggest alternatives, i.e. either use TortoisePlink or plink -i (or Pageant, of course). Daniel ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] Password prompt with SSH protocol on Windows?
On Dec 11, 2015, at 2:59 AM, Daniel Dumitriuwrote: > > the documentation (e.g. fossil clone) mentions this > possibility for ssh URL's ([userid[:password]@]host), so in my opinion > either fossil passes the password further to plink Interesting. It has a -pw flag for this. (That is, “interesting” in the ancient Chinese curse sense.) > (it cannot do this on > Linux to ssh, since that one has no password argument) Yes, on purpose. Standard Linux distros allow any user to snoop on the command line arguments to any other user’s process. A password argument will also get logged in your shell’s history file, in the sudo log, etc. Password flags are a horrible idea if you care about security, which presumably you *do* if you’re using SSH. (Else, just use HTTP, no “S”.) That is all just as true on Windows: the process table is walkable by normal user processes (e.g. Task Manager), PowerShell and the Cygwin shells keep a command history, etc. Therefore, the use of plink -pw is highly suspect on Windows. Why can’t you just use SSH keys? The wish for automated login without leaking passwords is exactly the problem they solve. (And they solve additional problems, like the relatively low entropy of most user passwords.) > remove this altogether from documentation. Agreed. > Side note: as for the security risk, I agree in principle, but since the > user has already decided to type in his password on fossil's command > line, the evil is there and passing it to plink makes it no worse. A password interactively typed into ssh/plink is as secure as the box it’s running on. That is to say, the password is secure as long as the box doesn’t have a keylogger running on it, or a rogue admin-level process that uses the OS’s debugging hooks to snoop plink’s RAM, or… And if you do have such a process running on your system, you’ve already lost control of your data, so the time to worry about security has passed. ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] Password prompt with SSH protocol on Windows?
On Thu, Dec 10, 2015 at 03:59:29PM +0100, Daniel Dumitriu wrote: > Still there seems to be another problem with fossil: it does not pass > the password to plink when it was given on the command line as in > user:pass@host:port. Maybe something along these lines ("-p pass")? I would call that a security nightmare. Unless I am missing some option for plink.exe to say "use the password from this file descriptor", that's a big N. Joerg ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] Password prompt with SSH protocol on Windows?
I would use Pageant if you don't want to have to respond to an interactive password prompt. On Thu, Dec 10, 2015 at 9:59 AM, Daniel Dumitriuwrote: > Hi, > > Coming back to my own unanswered question: it seems like it has to do > with standard (PuTTY) plink's inability to hook itself to console input > when called as a process [1]. I don't know if this can be solved inside > fossil; a workaround is to use a modified plink, e.g. that from > TortoiseSVN. > > Still there seems to be another problem with fossil: it does not pass > the password to plink when it was given on the command line as in > user:pass@host:port. Maybe something along these lines ("-p pass")? > > http://www.fossil-scm.org/index.html/artifact/c6f2ce84?ln=104-106 > > Thanks, > Daniel > > [1] > > http://stackoverflow.com/questions/3947551/cant-type-password-or-anything-else-into-plink-with-svnssh > > On 04.12.2015 11:48, Daniel Dumitriu wrote: > > Hi, > > > > I'm having problems using Fossil with the SSH protocol on Windows 8.1. > > Somehow the password is not being prompted for. Interestingly enough, > > when I run the relevant plink command by itself, the password prompt > > comes up and connection succeeds. > > > > Using keys (Pageant) works though - at least if one ignores the "Unable > > to write to standard output: The pipe is being closed." message. > > > > Below are the relevant output excerpts. > > > > Thanks, > > Daniel > ___ > fossil-users mailing list > fossil-users@lists.fossil-scm.org > http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users > ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] Password prompt with SSH protocol on Windows?
Thus said Daniel Dumitriu on Thu, 10 Dec 2015 15:59:29 +0100: > when called as a process [1]. I don't know if this can be solved > inside fossil; a workaround is to use a modified plink, e.g. that from > TortoiseSVN. You can configure Fossil to use the modified plink. Use: fossil clone --ssh-command /path/to/modified/plink.exe -T -e none ... > Still there seems to be another problem with fossil: it does not pass > the password to plink when it was given on the command line as in > user:pass@host:port. This is because Fossil does not interact with SSH, the end user does. Fossil forks an SSH command, and you, the user, interact with any prompts the SSH process issues. When you have completed entering password information into SSH, Fossil now has a set of encrypted pipes to read/write to via stdin/stdout. Andy -- TAI64 timestamp: 4000566a5cfd ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] Password prompt with SSH protocol on Windows?
Hi, Coming back to my own unanswered question: it seems like it has to do with standard (PuTTY) plink's inability to hook itself to console input when called as a process [1]. I don't know if this can be solved inside fossil; a workaround is to use a modified plink, e.g. that from TortoiseSVN. Still there seems to be another problem with fossil: it does not pass the password to plink when it was given on the command line as in user:pass@host:port. Maybe something along these lines ("-p pass")? http://www.fossil-scm.org/index.html/artifact/c6f2ce84?ln=104-106 Thanks, Daniel [1] http://stackoverflow.com/questions/3947551/cant-type-password-or-anything-else-into-plink-with-svnssh On 04.12.2015 11:48, Daniel Dumitriu wrote: > Hi, > > I'm having problems using Fossil with the SSH protocol on Windows 8.1. > Somehow the password is not being prompted for. Interestingly enough, > when I run the relevant plink command by itself, the password prompt > comes up and connection succeeds. > > Using keys (Pageant) works though - at least if one ignores the "Unable > to write to standard output: The pipe is being closed." message. > > Below are the relevant output excerpts. > > Thanks, > Daniel ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
[fossil-users] Password prompt with SSH protocol on Windows?
Hi, I'm having problems using Fossil with the SSH protocol on Windows 8.1. Somehow the password is not being prompted for. Interestingly enough, when I run the relevant plink command by itself, the password prompt comes up and connection succeeds. Using keys (Pageant) works though - at least if one ignores the "Unable to write to standard output: The pipe is being closed." message. Below are the relevant output excerpts. Thanks, Daniel $ fossil version This is fossil version 1.34 [5032c50d14] 2015-12-04 00:40:25 UTC $ plink -V plink: Release 0.66 $ fossil clone --once --sshtrace --verbose --ssh-command "plink -ssh -T -v" ssh://p**@d***.**:2224/repos/fossil/testssh.fossil testssh.fossil Bytes Cards Artifacts Deltas waiting for server... plink -ssh -T -v -P 2224 p**@d***.** fossil test-http repos/fossil/testssh.fossil Looking up host "d***.**" Connecting to *.*.***.43 port 2224 We claim version: SSH-2.0-PuTTY_Release_0.66 Server version: SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.3 We believe remote version has SSH-2 channel request bug Using SSH protocol version 2 Doing Diffie-Hellman group exchange Doing Diffie-Hellman key exchange with hash SHA-256 Host key fingerprint is: ssh-rsa 4096 20:b2:**:**:**:**:**:**:**:**:**:**:**:**:**:** Initialised AES-256 SDCTR client->server encryption Initialised HMAC-SHA-256 client->server MAC algorithm Initialised AES-256 SDCTR server->client encryption Initialised HMAC-SHA-256 server->client MAC algorithm Using username "p**". $ plink -ssh -T -v -P 2224 p**@d***.** fossil test-http repos/fossil/testssh.fossil Looking up host "d***.**" Connecting to *.*.***.** port 2224 We claim version: SSH-2.0-PuTTY_Release_0.66 Server version: SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.3 We believe remote version has SSH-2 channel request bug Using SSH protocol version 2 Doing Diffie-Hellman group exchange Doing Diffie-Hellman key exchange with hash SHA-256 Host key fingerprint is: ssh-rsa 4096 20:b2:**:**:**:**:**:**:**:**:**:**:**:**:**:** Initialised AES-256 SDCTR client->server encryption Initialised HMAC-SHA-256 client->server MAC algorithm Initialised AES-256 SDCTR server->client encryption Initialised HMAC-SHA-256 server->client MAC algorithm Using username "p**". p**@d***.**'s password: > fossil clone --once --sshtrace --verbose --ssh-command "plink -ssh -T -v" ssh://p**@d***.**:2224/repos/fossil/testssh.fossil testssh.fossil Bytes Cards Artifacts Deltas waiting for server... plink -ssh -T -v -P 2224 p**@d***.** fossil test-http repos/fossil/testssh.fossil Looking up host "d***.**" Connecting to *.*.***.43 port 2224 We claim version: SSH-2.0-PuTTY_Release_0.66 Server version: SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.3 We believe remote version has SSH-2 channel request bug Using SSH protocol version 2 Doing Diffie-Hellman group exchange Doing Diffie-Hellman key exchange with hash SHA-256 Host key fingerprint is: ssh-rsa 4096 20:b2:**:**:**:**:**:**:**:**:**:**:**:**:**:** Initialised AES-256 SDCTR client->server encryption Initialised HMAC-SHA-256 client->server MAC algorithm Initialised AES-256 SDCTR server->client encryption Initialised HMAC-SHA-256 server->client MAC algorithm Pageant is running. Requesting keys. Pageant has 1 SSH-2 keys Using username "p**". Trying Pageant key #0 Authenticating with public key "d***-*_-**-**" from agent Sending Pageant's response Access granted Opening session as main channel Opened main channel Started a shell/command Got line: [Status: 200 OK] Got line: [X-Frame-Options: SAMEORIGIN] Got line: [Cache-control: no-cache] Got line: [Content-Type: application/x-fossil-uncompressed; charset=utf-8] Got line: [Content-Length: 638] Got line: [] Reading 638 bytes with 1 on hand... Got 638 bytes Sent: 53 1 0 0 Received: 638 9 3 0 waiting for server...Got line: [Status: 200 OK] Got line: [X-Frame-Options: SAMEORIGIN] Got line: [Cache-control: no-cache] Got line: [Content-Type: application/x-fossil; charset=utf-8] Got line: [Content-Length: 404] Got line: [] Reading 404 bytes with 0 on hand... Got 404 bytes Sent: 58 2 0 0 Received: 694 5 0 0 Clone done, sent: 567 received: 1343 ip: d***.** Sent EOF message Unable to write to standard output: The pipe is being closed. Rebuilding repository meta-data... 100.0% complete... Extra delta compression... Vacuuming the database... project-id: c0f7a2da10af3a2fb8ffe6c2124b672756c96382 server-id: b210faec39b4c2d0792c71d618f2e34ef073387f admin-user: p** (password is "872519") ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users