From 74d3949cd001294101f24435897491d281557bfb Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Wed, 5 Mar 2014 13:53:21 -0400 Subject: [PATCH] webapp: Include no-pty in ssh authorized_keys lines. git-annex-shell does not need a pty, so this speeds things up. Also, it may avoid weird misconfigured systems that try to run screen or tmux on every ssh login from doing so. --- Assistant/Ssh.hs | 4 +++- debian/changelog | 1 + 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/Assistant/Ssh.hs b/Assistant/Ssh.hs index 82da9e33aa..acb2fc11c6 100644 --- a/Assistant/Ssh.hs +++ b/Assistant/Ssh.hs @@ -143,6 +143,8 @@ addAuthorizedKeys :: Bool -> FilePath -> SshPubKey -> IO Bool addAuthorizedKeys gitannexshellonly dir pubkey = boolSystem "sh" [ Param "-c" , Param $ addAuthorizedKeysCommand gitannexshellonly dir pubkey ] +{- Should only be used within the same process that added the line; + - the layout of the line is not kepy stable across versions. -} removeAuthorizedKeys :: Bool -> FilePath -> SshPubKey -> IO () removeAuthorizedKeys gitannexshellonly dir pubkey = do let keyline = authorizedKeysLine gitannexshellonly dir pubkey @@ -195,7 +197,7 @@ authorizedKeysLine gitannexshellonly dir pubkey - long perl script. -} | otherwise = pubkey where - limitcommand = "command=\"GIT_ANNEX_SHELL_DIRECTORY="++shellEscape dir++" ~/.ssh/git-annex-shell\",no-agent-forwarding,no-port-forwarding,no-X11-forwarding " + limitcommand = "command=\"GIT_ANNEX_SHELL_DIRECTORY="++shellEscape dir++" ~/.ssh/git-annex-shell\",no-agent-forwarding,no-port-forwarding,no-X11-forwarding,no-pty " {- Generates a ssh key pair. -} genSshKeyPair :: IO SshKeyPair diff --git a/debian/changelog b/debian/changelog index 16e0f8513a..cefa45e89c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -27,6 +27,7 @@ git-annex (5.20140228) UNRELEASED; urgency=medium * glacier: Pass --region to glacier checkpresent. * webdav: When built with a new enough haskell DAV (0.6), disable the http response timeout, which was only 5 seconds. + * webapp: Include no-pty in ssh authorized_keys lines. -- Joey Hess Fri, 28 Feb 2014 14:52:15 -0400