26 lines
1.3 KiB
Markdown
26 lines
1.3 KiB
Markdown
Got ssh probing implemented. It checks if it can connect to the server, and
|
|
probes the server to see how it should be used.
|
|
|
|
Turned out to need two ssh probes. The first uses the system's existing ssh
|
|
configuration, but disables password prompts. If that's able to get in
|
|
without prompting for a password, then the user must have set that up,
|
|
and doesn't want to be bothered with password prompts, and it'll respect
|
|
that configuration.
|
|
|
|
Otherwise, it sets up a per-host ssh key, and configures a hostname alias
|
|
in `~/.ssh/config` to use that key, and probes using that.
|
|
Configuring ssh this way is nice because it avoids changing ssh's
|
|
behavior except when git-annex uses it, and it does not open up the server
|
|
to arbitrary commands being run without password.
|
|
|
|
--
|
|
|
|
Next up will be creating the repositories. When there's a per-host key,
|
|
this will also involve setting up `authorized_keys`, locking down the ssh
|
|
key to only allow running git-annex-shell or rsync.
|
|
|
|
I decided to keep that separate from the ssh probing, even though it means
|
|
the user will be prompted twice for their ssh password. It's cleaner and
|
|
allows the probing to do other checks -- maybe it'll later check the amount
|
|
of free disk space -- and the user should be able to decide after the probe
|
|
whether or not to proceed with making the repository.
|