Re: [Monotone-devel] keyring integration from a user POV

[Benoît Dejean]

Le lundi 09 avril 2007 à 12:59 -0700, Justin Patrin a écrit :
> On 4/9/07, Benoît Dejean <address@hidden> wrote:
> > Le lundi 09 avril 2007 à 07:52 -0700, Justin Patrin a écrit :
> > > On 4/8/07, Benoît Dejean <address@hidden> wrote:

> > > >
> > > > > > - Who is asking for unlocking my main real ssh key ?
> > >
> > > To see if ssh-agent has your mtn key in it it has to list the keys
> > > that ssh-agent has. It sounds like your agent is unlocking the keys in
> > > order to list them. This sounds to me like a bit of a misnomer as
> > > listing keys only gets you the public part, not the private part.
> >
> > I am using OpenSSH_4.3p2 Debian-9, OpenSSL 0.9.8e 23 Feb 2007 so i might
> > not be the only one to experience the same.
> 
> It's your agent asking for the passphrase, not openssh/ssl. If you're
> using gnome-keyring, then it's gnome-keyring doing it.

It is just a frontend. ssh-agent is running. Indeed, ssh-add -l ask for
password.

> >
> > I am now totally lost. I have dropped the get_passphrase hook and now
> > the agent prompts my password on command line ... why ? It should use
> > the X prompt as every other application i have (graphical or not)
> 
> The *agent* asks on the command-line? Are you adding your key to the
> agent manually or letting mtn do it? If you let mtn do it then it's
> going to ask on the command-line. 

I don't understand why. Every other program that i have don't ask
password themselves for unlocking the key.

> If you do it using ssh-add (which is
> a command-line program) then it's going to ask on the command-line. 

No. Graphical GTK+.
ssh-add -l pops up graphical prompt on first use.

> If
> you use your X-based agent program to add it (gnome-keyring?) then it
> will ask however it asks.
> 
> >
> > > Actually, if you look closely at the
> > > exported key, it doesn't use the same standard format that ssh-keygen
> > > exports as. It is readable by ssh-agent but in a different format.
> >
> > This is why gnome-keyring (and i guess other graphical keyring manager)
> > display meaningless ID. It's annoying. Is it a bug in gnome-keyring or
> > is mtn abusing ssh-agent ?
> >
> 
> Possibly but I don't know. I've never used gnome-keyring and don't
> know why it would display a "meaningless" ID. ssh-agent (command-line)
> never showed anything meaningless to me, just the ID of my key (i.e.
> address@hidden, the name I gave to monotone).

Yes, ssh-add -l shows the key right.

>  mtn is not
> abusing the agent, it's sending the ID of the key as the comment. The
> only information that can be given about a key, other than the key
> itself, is a comment. I figured the name of the key in mtn was a good
> comment. We could perhaps prefix with (mtn) or something...

That would be nice.


Thanks for your patience :)

-- 
Benoît Dejean
GNOME http://www.gnomefr.org/
LibGTop http://directory.fsf.org/libgtop.html

signature.asc
Description: Ceci est une partie de message numériquement signée