> Here's what I have at the moment based on your branch as of a few weeks > ago. However, with password-protected SSH keys, the password prompt > isn't handled properly. Any ideas?
OK, I've looked into this. It can be done, but the only solution I can see so far is ugly. Here's the deal: Using lftp: There's no way to get lftp to ask for a passphrase if and only if it needs one. I asked about this on the lftp list, and Alexander confirmed it. lftp will either always ask for a passphrase, if the connect string looks like cyg...@cygwin.com or never ask for one, if it looks like cygwin:@cygwin.com So the only way to get lftp to ask for a passphrase iff it needs one is to figure out in advance which key will be used, find out whether the key is encrypted, and use that to pick one of the above connect strings. More about that below. Using sftp: sftp seems as though it might work better, since it will prompt the user for a passphrase if and only if it needs one to decrypt the key. But to feed a batch script to sftp you have to use sftp -b, and unfortunately that disables interactive prompting for the passphrase. I checked this by running sftp -b with an encrypted key, and sure enough, it didn't prompt for the passphrase but just reported "Connection closed". So this all kind of sucks. The only solution I can see so far is: (1) Run ssh -v cyg...@cygwin.com initially, and scrape stderr to find the file name of the key that's being used. (Between ssh-agents, IdentityFile entries in .ssh/config, and default key file names, I don't think there's any other sane way to figure out what key file ssh will use.) (2) Run ssh-keygen -y or similar, to figure out whether the key is encrypted. (3) If the key is encrypted, run lftp sftp://cyg...@cygwin.com so lftp will prompt for the passphrase. If it's not encrypted, run lftp sftp://cygwin:@cygwin.com and lftp won't prompt. Is this solution acceptable? It's ugly and slow (an extra ssh connection), but I guess it should be reliable. Is there some better way that I'm overlooking? An expect script? That's starting to sound like a lot of work. Andrew