Martin Pool wrote:
> 2009/9/3 Alexander Belchenko <email address hidden>:
>>> I will also mention that there is a way to get ssh to use an external
>>> program to ask for passwords or passphrases, and we could try to hook
>>> into that. Whether it will give us such nice integration, and whether
>>> it's worth writing that code for both paramiko and openssh is
>>> questionable.
>> So we have stalemate situation. And this is frustrating. :-/
>
> No, I don't think it's a stalemate at all, it's just not quite trivial:
>
> We can pursue either or both of two courses:
>
> 1- Encouraging use of paramiko on unix; a good first step would be to
> ask unix-based devs to try it. This may be easier if there was a
> config option as well as a variable. We can just ask on the list. In
> fact I'll just try it now!
>
That is one thing I forgot. I haven't figured out any way to get
paramiko to be configured to do the crazy port forwarding we need to
connect to private Canonical servers. So when I need to connect there I
have to do:
BZR_SSH=ssh bzr foo bzr+ssh://rookery...
etc.
Nonetheless, we could still favor openssh over paramiko on linux and
favor paramiko over openssh on Windows in the medium term.
> 2- Hooking into openssh so it calls back to our uifactory to get the
> password and other things.
>
And I'd like to get that working. I don't really know what it entails.
Also, given that many users will have an ssh-agent already set up, which
also already knows how to pop up a GUI box to enter their password for
their ssh key, I don't know that we want to do all that work on our own.
Something to consider, but I feel like unix people already have a decent
tool chain when using openssh. And the main issue is that we don't have
that working on Windows, so we can do the work via paramiko there.
John
=:->
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Cygwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Martin Pool wrote:
> 2009/9/3 Alexander Belchenko <email address hidden>:
>>> I will also mention that there is a way to get ssh to use an external
>>> program to ask for passwords or passphrases, and we could try to hook
>>> into that. Whether it will give us such nice integration, and whether
>>> it's worth writing that code for both paramiko and openssh is
>>> questionable.
>> So we have stalemate situation. And this is frustrating. :-/
>
> No, I don't think it's a stalemate at all, it's just not quite trivial:
>
> We can pursue either or both of two courses:
>
> 1- Encouraging use of paramiko on unix; a good first step would be to
> ask unix-based devs to try it. This may be easier if there was a
> config option as well as a variable. We can just ask on the list. In
> fact I'll just try it now!
>
That is one thing I forgot. I haven't figured out any way to get //rookery. ..
paramiko to be configured to do the crazy port forwarding we need to
connect to private Canonical servers. So when I need to connect there I
have to do:
BZR_SSH=ssh bzr foo bzr+ssh:
etc.
Nonetheless, we could still favor openssh over paramiko on linux and
favor paramiko over openssh on Windows in the medium term.
> 2- Hooking into openssh so it calls back to our uifactory to get the
> password and other things.
>
And I'd like to get that working. I don't really know what it entails.
Also, given that many users will have an ssh-agent already set up, which
also already knows how to pop up a GUI box to enter their password for
their ssh key, I don't know that we want to do all that work on our own.
Something to consider, but I feel like unix people already have a decent
tool chain when using openssh. And the main issue is that we don't have
that working on Windows, so we can do the work via paramiko there.
John enigmail. mozdev. org/
=:->
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Cygwin)
Comment: Using GnuPG with Mozilla - http://
iEYEARECAAYFAkq f5BEACgkQJdeBCY SNAAMMLQCgqAZhL 09A31It/ WL4gWCdlsJa 8gwLCqmwT2AtbQB A7
NvIAoMsXPBZk0R2
=+Q15
-----END PGP SIGNATURE-----