Ticket #323 (closed defect: fixed)

Opened 3 years ago

Last modified 3 years ago

Research/Describe how the SSH client and server work

Reported by: jimse Owned by: dbuss
Priority: optional Milestone: Sprint: 2/15
Component: Integration Demos: OTIS, IIL enabled applications Version:
Keywords: b20 Cc:
Blocking: Blocked By:

Description

We could use mod_infocard. Or we could have the client pass name/pw and use the temp-LDAP model and have SVN use LDAP for authN?

Can use SSH AskPass? to pop up the selector.

Change History

Changed 3 years ago by dbuss

  • owner set to dbuss
  • status changed from new to assigned
  • milestone changed from Bandit: January 08 to Bandit: March 08

Changed 3 years ago by dbuss

  • status changed from assigned to accepted

Changed 3 years ago by jimse

  • milestone changed from Bandit: March 08 to Bandit 2.0 Sprint 5: Mar-31

Changed 3 years ago by dbuss

  • milestone changed from Bandit 2.0 Sprint 5: Mar-31 to Bandit 2.0 Sprint 2: Feb-15

Changed 3 years ago by dbuss

  • keywords b20 added

Changed 3 years ago by dbuss

  • priority changed from committed to optional

Changed 3 years ago by dbuss

If DISPLAY and SSH_ASKPASS are set, it will execute the program specified by SSH_ASKPASS. From ssh config:

ControlMaster?

Enables the sharing of multiple sessions over a single network connec- tion. When set to yes ssh will listen for connections on a con- trol socket specified using the ControlPath? argument. Additional ses- sions can connect to this socket using the same ControlPath? with Con- trolMaster set to no (the default). These sessions will try to reuse the master instance's network connection rather than initiating new ones, but will fall back to connecting normally if the control socket does not exist, or is not listening.

Setting this to ask will cause ssh to listen for control connec- tions, but require confirmation using the SSH_ASKPASS program before they are accepted (see ssh-add(1) for details). If the ControlPath? can not be opened, ssh will continue without connecting to a master instance.

X11 and ssh-agent(1) forwarding is supported over these multiplexed connections, however the display and agent forwarded will be the one belonging to the master connection i.e. it is not possible to forward multiple displays or agents.

Two additional options allow for opportunistic multiplexing: try to use a master connection but fall back to creating a new one if one does not already exist. These options are: auto and autoask. The latter requires confirmation like the ask option.

ControlPath?

Specify the path to the control socket used for connection sharing as described in the ControlMaster? section above or the string none to disable connection sharing. In the path, `%h' will be substituted by the target host name, %p' the port and %r' by the remote login user- name. It is recommended that any ControlPath? used for opportunistic connection sharing include all three of these escape sequences. This ensures that shared connections are uniquely identified.

Also see: http://blogs.sun.com/chrisg/entry/ssh_add_meets_gnome_keyring

Changed 3 years ago by dbuss

  • status changed from accepted to closed
  • resolution set to fixed

gnome-kering is now an ssh agent which will allow it to be a cert store. We could integrate with gnome keyring and have it return credential information to clients such as ssh.

Note: See TracTickets for help on using tickets.