[Carpet] Please use passwords [was: Re: darcs asking for my password]

Jonathan Thornburg jthorn at aei.mpg.de
Tue Sep 13 18:48:09 CEST 2005

Previous message: [Carpet] Please use passwords [was: Re: darcs asking for my password ...]
Next message: [Carpet] Carpet Status Report (2005-09-13)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi, Erik,

| Basically, it seems darcs wants to prompt for the local key passphrase
| at least once _for_each_patch_to_be_pulled_.

> That depends on the transport protocol that darcs is using.  For scp, 
> your observation is true.  For sftp, it should ask for the password 
> only a few times.  I would have thought that sftp is the default 
> these days, if you have sftp installed.  (In fact, I wrote the sftp 
> code, and it speeds up things considerably.)

Hmm, I see a /usr/bin/sftp on this machine.  I tried
   darcs pull --all --verbose
but that didn't mention what transport protocol it was using.  I'll
have to RTFM a bit more...


[[about the workaround of not having any private-key passphrase]]

> This is just the non-solution that I did not suggest.  In fact, I 
> usually warn about this solution, because it allows everybody who 
> breaks into the AEI computers to instantaneously break into the TAT 
> computers as well.  [[...]]

> Let me repeat that having ssh keys without passwords is similar to 
> using the .rhosts mechanism, which is now universally believed to be 
> a Bad Idea.  It allows intruders to jump from one system right on to 
> the next.

These are cogent points.  I was in fact a bit worried about not having
a private-key passphrase, but didn't think the issues through carefully
enough.  Thanks for alerting me to the dangers (which now that you remind
me of them, I had known before, just not mentally matched to this context).

I've put a passphrase back on my key, and will investigate either Ian's
ssh-agent suggestion or your keychain one (at first glance they seem very
similar; I need to figure out just how they differ)...

ciao,

-- 
-- Jonathan Thornburg <jthorn at aei.mpg.de>
    Max-Planck-Institut fuer Gravitationsphysik (Albert-Einstein-Institut),
    Golm, Germany, "Old Europe"     http://www.aei.mpg.de/~jthorn/home.html
    "Washing one's hands of the conflict between the powerful and the
     powerless means to side with the powerful, not to be neutral."
                                       -- quote by Freire / poster by Oxfam

Previous message: [Carpet] Please use passwords [was: Re: darcs asking for my password ...]
Next message: [Carpet] Carpet Status Report (2005-09-13)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the developers mailing list