On 05/29/2010 08:04 AM, Eric Kow wrote:
On Sat, May 29, 2010 at 13:49:21 +0200, Radoslav Dorcik wrote:
I'm not sure what other problems are here related to need within Darcs
support more than one SSH implementation. If the problem is
passing different options to different commands I do not feel it like a
good reason for pushing people into some particular SSH implementation.
So one reason to drop PuTTY support in favour of OpenSSH or TortoiseSSH
may be that we don't have a good way to deal with ssh keys in the later.
I can't seem to find any information on TortoiseSSH... What I found is a
subtly-modified plink (from PuTTY) and information about how TortoiseSVN
uses its own Win32 password prompt window to feed plink. I couldn't find
any information on how Tortoise's plink differs from vanilla PuTTY plink.
I don't really remember the issues behind it, but I seem to remember
that all the Darcs/Windows guides that get written talk about setting a
key with an empty passphrase. I think it may be something to do with
PuTTY grabbing the passphrase from stdin instead of the terminal.
PuTTY's does ask for passwords from stdin by default. PuTTY plink rarely
asks for passphrases because it will not auto-launch PuTTY's ssh agent
(pageant), thus will more likely than not have no idea which keys are
available. If you've already gotten pageant running and keys available
you've already unlocked those keys' passphrases in pageant. (There's no
good reason to have an empty key passphrase that I've ever encountered.)
The problem is not necessarily that PuTTY asks for the password from
stdin-- some versions of darcs have happily passed passwords on to plink
via stdin. The big problem usually is, again, that plink will not
auto-launch an ssh agent and has no way of persisting passwords across
invocations, so you have to type in a password once for each scp/sftp
call. (Which particularly in darcs 1 before transfer-mode could get
amazingly onerous, one password prompt for each and every file. Then
when darcs might try a couple of those calls simultaneously on multiple
threads it became truly impossible...)
So any good Darcs on Windows guide will have to explain SSH keys and
agents (pageant), because PuTTY's agent doesn't do some of the
auto-launch, auto-cookie "magic" that OpenSSH does (particularly with
the (awesome) super-agents that modern distros provide).
IMNSHO all Darcs usage guides should make sure that users are familiar
with SSH keys and their friendly local SSH agent, because such things
will always be more reliable (not to mention more secure) than password
login. Darcs guides for Windows just have the handicap that a) PuTTY's
agent is not magic and does not auto-start nor auto-unlock keys, and
more crucially b) Windows users are generally less likely to have any
familiarity with SSH keys at all than users of any other OS.
If it were crucial that darcs provide good password login support on
Windows, it does sound like darcs could do basically what TortoiseSVN
seems to be doing: provide its own password prompt and then make sure it
provides that in the command line to any plink/pscp/psftp calls it
makes. IMNSHO, darcs' requiring Windows users to learn to use SSH keys
and Pageant is a feature rather than a bug, though. I don't think it is
worth special-casing SSH password login on Windows with PuTTY. (...and I
don't think the lack of password login is a strong enough reason to
force Windows users to change the recommended SSH toolchain away from
PuTTY. There are too many other reasons to keep PuTTY as the preferred
Windows SSH.)
--
--Max Battcher--
http://worldmaker.net
_______________________________________________
darcs-users mailing list
darcs-users@darcs.net
http://lists.osuosl.org/mailman/listinfo/darcs-users
