Commit graph

42 commits

Author SHA1 Message Date
Joey Hess
fdcc04096c assistant: Ensure that .ssh/config and .ssh/authorized_keys are not group or world writable when writing to those files, as that can make ssh refuse to use them, if it allows another user to write to them. 2014-01-03 17:44:12 -04:00
Joey Hess
3a6e0d1215 assistant: Set StrictHostKeyChecking yes when creating ssh remotes, and add it to the configuration for any ssh remotes previously created by the assistant. This avoids repeated prompts by ssh if the host key changes, instead syncing with such a remote will fail. Closes: #732602 2013-12-20 20:58:36 -04:00
Joey Hess
b9b5e3370d build assistant and watcher on windows (doesn't work yet) 2013-11-12 17:22:34 -04:00
Joey Hess
5f9f7024e9 enabling ssh gcrypt now works 2013-10-01 16:08:01 -04:00
Joey Hess
61e06c972f webapp can now set up gcrypt repos on ssh servers 2013-10-01 13:43:35 -04:00
Joey Hess
d83a244986 UI for making encrypted ssh remotes with gcrypt
Improved probing the remote server, so it gathers a list of the
capabilities it has. From that list, we can determine which types
of remotes are supported, and display an appropriate UI.

The new buttons for making gcrypt repos don't work yet, but the old buttons
for unencrypted git repo and encrypted rsync repo have been adapted to the
new data types and are working.

This commit was sponsored by David Schmitt.
2013-09-29 15:14:09 -04:00
Joey Hess
d1ed337035 webapp: Improve handling of remotes whose setup has stalled.
This includes recovery from the ssh-agent problem that led to many reporting
http://git-annex.branchable.com/bugs/Internal_Server_Error:_Unknown_UUID/
(Including fixing up .ssh/config to set IdentitiesOnly.)

Remotes that have no known uuid are now displayed in the webapp as
"unfinished". There's a link to check their status, and if the remote
has been set annex-ignore, a retry button can be used to unset that and
try again to set up the remote.

As this bug has shown, the process of adding a ssh remote has some failure
modes that are not really ideal. It would certianly be better if, when
setting up a ssh remote it would detect if it's failed to get the UUID,
and handle that in the remote setup process, rather than waiting until
later and handling it this way.

However, that's hard to do, particularly for local pairing, since the
PairListener runs as a background thread. The best it could do is pop up an
alert if there's a problem. This solution is not much different.

Also, this solution handles cases where the user has gotten their repo into
a mess manually and let's the assistant help with cleaning it up.

This commit was sponsored by Chia Shee Liang. Thanks!
2013-07-31 16:36:29 -04:00
Joey Hess
cbfdf3ab21 set IdentitiesOnly
When setting up a dedicated ssh key to access the annex on a host,
set IdentitiesOnly to prevent the ssh-agent from forcing use of a different
ssh key.

That behavior could result in unncessary password prompts. I remember
getting a message or two from people who got deluged with password
prompts and I couldn't at the time see why.

Also, it would prevent git-annex-shell from being run on the remote host,
when git-annex was installed there by unpacking the standalone tarball,
since the authorized_keys line for the dedicated ssh key, which sets
up calling git-annex-shell when it's not in path, wouldn't be used.

This fixes
http://git-annex.branchable.com/bugs/Internal_Server_Error:_Unknown_UUID
but I've not closed that bug yet since I should still:

1. Investigate why the ssh remote got set up despite being so broken.
2. Make the webapp not handle the NoUUID state in such an ugly way.
3. Possibly add code to fix up systems that encountered the problem.
   Although since it requires changes to .ssh/config this may be one for
   the release notes.

Thanks to TJ for pointing me in the right direction to understand what
was happening here.
2013-07-31 13:30:49 -04:00
Joey Hess
2d7b4517ab got hdevtools working again
Fix comment to not make cpp unhappy
2013-07-27 13:00:49 -04:00
Joey Hess
c8e6947693 webapp: Ensure that ssh keys generated for different directories on a server are always different. 2013-06-25 15:31:04 -04:00
Joey Hess
81d6f96cd9 sanity check 2013-06-11 23:12:01 -04:00
Joey Hess
768f7c87f2 display any illegal character found in ssh comment 2013-06-10 23:55:54 -04:00
Joey Hess
25a8d4b11c rename module 2013-05-12 19:19:28 -04:00
Joey Hess
749c197947 fix use of wrong shebang when android is installing git-annex-shell wrapper on server 2013-05-06 15:58:13 -04:00
Joey Hess
8a2d1988d3 expose Control.Monad.join
I think I've been looking for that function for some time.
Ie, I remember wanting to collapse Just Nothing to Nothing.
2013-04-22 20:24:53 -04:00
Joey Hess
7956177445 webapp: Include the repository directory in the mangled hostname and ssh key name, so that a locked down ssh key for one repository is not re-used when setting up additional repositories on the same server. 2013-04-16 13:49:39 -04:00
Joey Hess
21f93de33c use git-annex for ssh directory name 2013-04-14 20:00:32 -04:00
Joey Hess
aca9e4f0b4 random ssh keys (╯°□°)╯︵ ┻━┻ gnome-keyring
assistant: Work around horrible, terrible, very bad behavior of
gnome-keyring, by not storing special-purpose ssh keys in ~/.ssh/*.pub.

Apparently gnome-keyring apparently will load and indiscriminately use such
keys in some cases, even if they are not using any of the standard ssh key
names. Instead store the keys in ~/.ssh/annex/, which gnome-keyring will
not check.

Note that neither I nor #debian-devel were able to quite reproduce this
problem, but I believe it exists, and that this fixes it. And it certianly
won't hurt anything..
2013-04-14 15:34:59 -04:00
Joey Hess
796f1d806f assistant: Fix ~/.ssh/git-annex-shell wrapper to work when the ssh key does not force a command.
Without a forced command, SSH_ORIGINAL_COMMAND is not set.
So instead, in this case, run $@
2013-03-12 07:12:39 -04:00
Joey Hess
cbd53b4a8c Makefile now builds using cabal, taking advantage of cabal's automatic detection of appropriate build flags.
The only thing lost is ./ghci

Speed: make fast used to take 20 seconds here, when rebuilding from
touching Command/Unused.hs. With cabal, it's 29 seconds.
2013-02-27 02:39:22 -04:00
Joey Hess
9d6fd5b927 webapp: Display any error message from git init if it fails to create a repository. 2013-02-26 13:04:37 -04:00
Joey Hess
f40180f033 deal with Android's nonstandard shell location
This is so gratutious and pointless. It's a shame that everything we
learned about Unix portability and the importance of standards has been
thrown out the window by these guys.
2013-02-13 14:30:04 -04:00
Joey Hess
4c0fb330eb fix typo in name of authorized_keys file when canceling adding a key 2013-01-03 16:11:19 -04:00
Joey Hess
551924e6be webapp: Allow user to specify the ssh port when setting up a remote. 2012-12-06 17:09:38 -04:00
Joey Hess
3fdb78a51e assistant: Allow periods in ssh key comments. 2012-12-06 10:39:51 -04:00
Joey Hess
f6bcab3f57 cleanup 2012-11-06 16:08:36 -04:00
Joey Hess
0b8027e527 webapp: When setting up authorized_keys, use GIT_ANNEX_SHELL_DIRECTORY. 2012-11-05 12:35:05 -04:00
Joey Hess
39e82b1af8 webapp: Generate better git remote names.
Wrote a better git remote name sanitizer. Git blows up on lots of weird
stuff, especially if it starts the remote name, but I managed to get
some common punctuation working.
2012-10-31 15:26:19 -04:00
Joey Hess
88d1907278 where indentation 2012-10-31 02:34:03 -04:00
Joey Hess
7ee0ffaeb9 Use USER and HOME environment when set, and only fall back to getpwent, which doesn't work with LDAP or NIS. 2012-10-25 18:17:54 -04:00
Joey Hess
12efabf070 webapp: Allow dashes in ssh key comments when pairing. 2012-10-22 11:18:19 -04:00
Joey Hess
813b28aa49 removed 3 partial !! and got a much nicer implementation
Yay, monadic Either!
2012-10-20 16:21:39 -04:00
Joey Hess
7f78bc92b6 webapp: Avoid crashing when ssh-keygen -F chokes on an invalid known_hosts file. 2012-09-27 11:27:16 -04:00
Joey Hess
3979086035 use ~/.ssh/git-annex-shell wrapper
This was needed for the OSX self-contained app, but is a generally good
idea. It avoids needing perl; is probably faster; and could eventually
be replaced by something faster yet.
2012-09-26 18:59:18 -04:00
Joey Hess
74906ed13f UI for enabling special remotes
Now other repositories can configure special remotes, and when their
configuration has propigated out, they'll appear in the webapp's list of
repositories, with a link to enable them.

Added support for enabling rsync special remotes, and directory special
remotes that are on removable drives. However, encrypted directory special
remotes are not supported yet. The removable drive configuator doesn't
support them yet anyway.
2012-09-13 16:50:02 -04:00
Joey Hess
df337bb63b hlint 2012-09-13 00:57:52 -04:00
Joey Hess
2c1ceeeaf9 pairing works!!
Finally.

Last bug fixes here: Send PairResp with same UUID in the PairReq.
Fix off-by-one in code that filters out our own pairing messages.

Also reworked the pairing alerts, which are still slightly buggy.
2012-09-11 15:09:00 -04:00
Joey Hess
675621d903 clean up authorized_keys handling
Including rollback of adding the key when a pairing response
gets canceled by the user.
2012-09-11 00:23:34 -04:00
Joey Hess
d19bbd29d8 pairing probably works now (untested) 2012-09-10 21:55:59 -04:00
Joey Hess
a41255723c check that ssh public key received over the wire is sane 2012-09-10 18:18:55 -04:00
Joey Hess
c20d6f4189 responding to pair requests *almost* works 2012-09-10 17:53:51 -04:00
Joey Hess
b573d91aa2 broke out fairly generic ssh stuff to Assistant.Ssh so pairing can use it too
I'd rather Utility.Ssh, but the SshData type is not sufficiently clean and
generic for Utility.
2012-09-10 15:21:34 -04:00