mirrors/git-annex
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions 1
git-annex/doc/bugs/Endless_SSH_password_prompts.mdwn
Joey Hess e213ef310f git-annex (5.20140717) unstable; urgency=high 
* Fix minor FD leak in journal code. Closes: #754608
  * direct: Fix handling of case where a work tree subdirectory cannot
    be written to due to permissions.
  * migrate: Avoid re-checksumming when migrating from hashE to hash backend.
  * uninit: Avoid failing final removal in some direct mode repositories
    due to file modes.
  * S3: Deal with AWS ACL configurations that do not allow creating or
    checking the location of a bucket, but only reading and writing content to
    it.
  * resolvemerge: New plumbing command that runs the automatic merge conflict
    resolver.
  * Deal with change in git 2.0 that made indirect mode merge conflict
    resolution leave behind old files.
  * sync: Fix git sync with local git remotes even when they don't have an
    annex.uuid set. (The assistant already did so.)
  * Set gcrypt-publish-participants when setting up a gcrypt repository,
    to avoid unncessary passphrase prompts.
    This is a security/usability tradeoff. To avoid exposing the gpg key
    ids who can decrypt the repository, users can unset
    gcrypt-publish-participants.
  * Install nautilus hooks even when ~/.local/share/nautilus/ does not yet
    exist, since it is not automatically created for Gnome 3 users.
  * Windows: Move .vbs files out of git\bin, to avoid that being in the
    PATH, which caused some weird breakage. (Thanks, divB)
  * Windows: Fix locking issue that prevented the webapp starting
    (since 5.20140707).

# imported from the archive
2014-07-17 11:27:25 -04:00

34 lines
2.5 KiB
Markdown
Raw Blame History

### Please describe the problem.
Yesterday I installed git-annex on two computers and paired their repos. Today I logged back in to one of them, and as soon as the webapp loaded (autostarted in the background), it popped up an OpenSSH prompt wanting my key's password. I typed it in, and it popped up another. This went on several times. When I hit Cancel instead, it popped up a prompt wanting the password for the user account on my other computer. Even with that, once wasn't enough.
This is bad enough, but worse is that the password prompt captures the keyboard input so I can't even open my Yakuake console to kill git-annex. Well, it's difficult and requires hitting Escape rapidly over and over until I can squeeze in a keystroke to the rest of the system.
I don't understand why this is happening.
1. Shouldn't git-annex have installed a passwordless key on my paired system? It did that for my remote repo.
2. The prompt it's using has no option to remember the pasword. I use ssh-agent, but usually by running ssh-add in a terminal. Maybe if it would use a prompt that works with the agent it wouldn't ask for the password multiple times.
3. I think it's opening multiple SSH connections at once, before I've entered the password even once, so even after I enter the password, it will keep asking for it until I've entered it for every SSH process that was already started.
### What version of git-annex are you using? On what operating system?
1 Nov 2013 Linux tarball on Ubuntu Raring 13.04
> [[fixed|done]]; assistant now sets `StrictHostKeyChecking yes`
> when creating ssh remotes. It also fixes up any ssh remotes it already
> created to have that setting (unless StrictHostKeyChecking is already
> being set).
>
> So, when the host key changes, syncing with the remote will now fail,
> rather than letting ssh prompt for the y/n response. In the local
> pairing case, this is completely right, when on a different lan
> and it tries to communicate with the wrong host there. OTOH, if the ssh
> key of a ssh server has really changed, the assistant does not currently
> help dealing with that.
>
> Any ssh remotes not set up by the assistant are left as-is, so this
> could still happen if the ssh host key of such a ssh remote changes.
> I'll assume that if someone can set up their ssh remotes at the command
> line, they can also read the dialog box ssh pops up, ignore the
> misleading "passphrase request" in the title, and see that it's actually
> prompting about a host key change. --[[Joey]]
Reference in a new issue View git blame Copy permalink