Home » Archived » Buckminster » How to I specify an ssh key passphrase when using headless Buckminster?
How to I specify an ssh key passphrase when using headless Buckminster? [message #756211] |
Fri, 11 November 2011 13:58 |
Matthew Webber Messages: 198 Registered: December 2010 |
Senior Member |
|
|
When I materialize a certain CQuery into a new empty workspace, it needs to clone a remote git repository (the RMap tells it this). The remote repository is managed by gitolite, which uses keypair authentiaction (just like github).
My SSH private key has a passphrase.
When I perform the materialize using Buckminster within the Eclipse IDE, it pops up a dialog box asking me for my passphrase for my private key. I enter it, and the materialize proceeds successfully.
However, if I perform the materialize using headless Buckminster, i am never prompted for my passphrase for my private key. The materialize simply fails with:
ERROR [0001] : org.eclipse.jgit.api.errors.JGitInternalException: Exception caught during execution of fetch command
If I remove the passphrase from my private key, the materialize using headless Buckminster is successful.
Is there a way that I can materialize using headless Buckminster, while keeping the passphrase on my private key? I tried using ssh-add (to add the passphrase to the agent), but that did not help.
This is Linux with the latest Buckminster and everything,
Thanks
Matthew
|
|
|
Re: How to I specify an ssh key passphrase when using headless Buckminster? [message #756214 is a reply to message #756211] |
Fri, 11 November 2011 14:10 |
|
Hi Matthew,
There's no way to specify a passphrase when running headless. Then again, why would you want that? You're running
headless to avoid interaction so any passphrase would need to be stored in a file. The reason you have a passphrase in
the first place is to protect your private key from being compromised. Seems to me like storing a passphrase in a file
would render that protection useless.
I would recommend that you have a special purpose private key that you use for builds only and it should be without a
passphrase. We have no plans to provide support for entering passphrases in a headless Buckminster.
HTH,
Thomas Hallgren
On 2011-11-11 14:58, Matthew Webber wrote:
> When I materialize a certain CQuery into a new empty workspace, it needs to clone a remote git repository (the RMap
> tells it this). The remote repository is managed by gitolite, which uses keypair authentiaction (just like github).
>
> My SSH private key has a passphrase.
>
> When I perform the materialize using Buckminster within the Eclipse IDE, it pops up a dialog box asking me for my
> passphrase for my private key. I enter it, and the materialize proceeds successfully.
>
> However, if I perform the materialize using headless Buckminster, i am never prompted for my passphrase for my private
> key. The materialize simply fails with:
> ERROR [0001] : org.eclipse.jgit.api.errors.JGitInternalException: Exception caught during execution of fetch command
>
> If I remove the passphrase from my private key, the materialize using headless Buckminster is successful.
>
> Is there a way that I can materialize using headless Buckminster, while keeping the passphrase on my private key? I
> tried using ssh-add (to add the passphrase to the agent), but that did not help.
>
> This is Linux with the latest Buckminster and everything,
>
> Thanks
> Matthew
>
|
|
| |
Re: How to I specify an ssh key passphrase when using headless Buckminster? [message #756313 is a reply to message #756219] |
Fri, 11 November 2011 22:04 |
Henrik Lindberg Messages: 2509 Registered: July 2009 |
Senior Member |
|
|
On 11/11/11 3:33 PM, Matthew Webber wrote:
> OK, understood.
>
> The reason I was interested in passphrase support is that we would like
> developers to be able to check out a fresh workspace using the command
> line. So when I said "headless" I was not just thinking of an unattended
> build server, but also a user at a command line.
>
> For new developers, I have a python script which downloads a zipped
> template workspace, unzips it, and calls headless buckminster to
> materialize a component. It's all very nice - the user can specify an
> short name for which of our products (and which version) they want, and
> the tools determines the correct CQuery and component name, and does it
> all.
>
> It works, unless the SSH key has a passphrase ...!
>
Have you looked at using something like ssh-agent
(http://en.wikipedia.org/wiki/Ssh-agent) - some useful tips at
http://help.github.com/ssh-key-passphrases/ and gory details here
http://www.unixwiz.net/techtips/ssh-agent-forwarding.html
In theory, this enables someone to give the passphrase to the agent so
subsequent usage does not require it.
I have no idea if a technique like that can be used in this case, but
perhaps worth looking into. BTW, on Mac, the ssh-agent is nicely
integrated with OSx.
- henrik
|
|
| | |
Re: How to I specify an ssh key passphrase when using headless Buckminster? [message #756623 is a reply to message #756606] |
Mon, 14 November 2011 14:25 |
|
On 2011-11-14 14:56, Matthew Webber wrote:
> I probably should have mentioned this in my original posting:
>
> We use ssh-agent, and I did run ssh-add to provide my passphrase prior to invoking command line buckminster, and
> confirmed that it worked for normal ssh connections. Unfortunately, for buckminster this did not make any difference,
> the buckminster materialize still failed in the same way.
>
> The way it's supposed to work (as far as I know) is that the ssh software should forward the key request to the agent
> software. I suspect the problem here is that the SSH software that buckminster uses is not the standard ssh software (is
> it some Java equivalent?), and maybe that doesn't talk to ssh-agent.
>
I suspected as much. Jsch (the Java SSH solution that jgit use) has no clue about any SSH implementation provided by the
OS. I would be surprised if it integrates with the Eclipse IDE.
- thomas
|
|
| |
Re: How to I specify an ssh key passphrase when using headless Buckminster? [message #799828 is a reply to message #799790] |
Thu, 16 February 2012 11:03 |
|
On 02/16/2012 11:10 AM, Matt Biggs wrote:
> Matthew
>
> Do you mind me asking how you managed to get around this? I've run into the exact same problem.
> I can get buckminster to use a (temporary) anonymous read only git:// url, which works fine. If i use the IDE with
> ssh-agent setup it also works fine using the public/private keys with no password prompt.
>
> But if i try to use headless it fails with the above mentioned exception. We're hoping to try out github for a private
> repo in the future which as far as i can tell uses ssh keys so using anonymous won't be possible.
> How have people worked around this?
>
One way around this is to use SSH keys that do not require a pass-phrase.
- thomas
|
|
| |
Re: How to I specify an ssh key passphrase when using headless Buckminster? [message #799839 is a reply to message #799831] |
Thu, 16 February 2012 11:20 |
|
On 02/16/2012 12:09 PM, Matt Biggs wrote:
> Thanks Thomas, i'll try that.
>
> Given that EGit does not indeed support ssh-agent and keys etc for use with github. And given that running buckminster
> in the IDE works fine. Is this a bug or are there any plans to support it in headless mode? I'm just trying to work out
> why it works in the IDE yet headless doesn't.
When you're using the IDE, does it prompt you for the pass-phrase? If not, where did you enter it?
|
|
| | |
Goto Forum:
Current Time: Thu Apr 18 10:27:17 GMT 2024
Powered by FUDForum. Page generated in 0.02809 seconds
|