webapp: Include no-pty in ssh authorized_keys lines.

git-annex-shell does not need a pty, so this speeds things up. Also, it may avoid weird misconfigured systems that try to run screen or tmux on every ssh login from doing so.
2014-03-05 13:53:21 -04:00 · 2014-03-05 13:53:21 -04:00 · 74d3949cd0
commit 74d3949cd0
parent c30cc4a119
2 changed files with 4 additions and 1 deletions
--- a/Assistant/Ssh.hs
+++ b/Assistant/Ssh.hs
@ -143,6 +143,8 @@ addAuthorizedKeys :: Bool -> FilePath -> SshPubKey -> IO Bool
 addAuthorizedKeys gitannexshellonly dir pubkey = boolSystem "sh"
 	[ Param "-c" , Param $ addAuthorizedKeysCommand gitannexshellonly dir pubkey ]

+{- Should only be used within the same process that added the line;
+ - the layout of the line is not kepy stable across versions. -}
 removeAuthorizedKeys :: Bool -> FilePath -> SshPubKey -> IO ()
 removeAuthorizedKeys gitannexshellonly dir pubkey = do
 	let keyline = authorizedKeysLine gitannexshellonly dir pubkey
@ -195,7 +197,7 @@ authorizedKeysLine gitannexshellonly dir pubkey
 	 - long perl script. -}
 	| otherwise = pubkey
  where
-	limitcommand = "command=\"GIT_ANNEX_SHELL_DIRECTORY="++shellEscape dir++" ~/.ssh/git-annex-shell\",no-agent-forwarding,no-port-forwarding,no-X11-forwarding "
+	limitcommand = "command=\"GIT_ANNEX_SHELL_DIRECTORY="++shellEscape dir++" ~/.ssh/git-annex-shell\",no-agent-forwarding,no-port-forwarding,no-X11-forwarding,no-pty "

 {- Generates a ssh key pair. -}
 genSshKeyPair :: IO SshKeyPair
--- a/debian/changelog
+++ b/debian/changelog
@ -27,6 +27,7 @@ git-annex (5.20140228) UNRELEASED; urgency=medium
  * glacier: Pass --region to glacier checkpresent.
  * webdav: When built with a new enough haskell DAV (0.6), disable
    the http response timeout, which was only 5 seconds.
+  * webapp: Include no-pty in ssh authorized_keys lines.

 -- Joey Hess <joeyh@debian.org>  Fri, 28 Feb 2014 14:52:15 -0400