[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Subclipse 0.9.33 Released

From: Roberto C. Sanchez <roberto_at_familiasanchez.net>
Date: 2005-09-13 15:40:12 CEST

On Tue, Sep 13, 2005 at 09:29:08AM -0400, Mark Phippard wrote:
> "Roberto C. Sanchez" <roberto@familiasanchez.net> wrote on 09/13/2005
> 09:16:09 AM:
> > I would really like to know how to get this working with ssh-agent, as
> > every other application that needs access to the ssh keys works fine
> > with ssh-agent. Particularly, I am uncomfortable with leaving my
> > passphrase specified in the configuration file. I also certainly don't
> > want to specify it on the command line, as anyone logged into the
> > machine when I have done that can run a `ps aux` and see my passprase.
> I believe that he is using JavaHL, which uses the "normal" ssh client and
> therefore works with the ssh-agent. JavaSVN uses a pure Java SSH library
> named JSch. In all likelihood that library does not work with ssh-agent.
I would be interested to know as well. Hopefully Russel will enlighten
us. However, since he said he is on Debian Testing, I am guessing that
he is not using JavaHL.

> A future version of Subclipse/JavaSVN is going to extend the current
> prompt to allow you to be prompted for your key file and passphrase with
> the option of allowing JavaSVN to cache that information.
Is there a way to change this? Do you know if the JSch developers have
any plans to incorporate this functionality. Frankly, I would have to
consider an ssh library that can't interact with an ssh-agent to be a
bit on the broken side, or at least incomplete. Also, I would
personally steer clear of letting JavaSVN cache things like passphrases.
My main concern there is how do you ensure the security of the cached


Roberto C. Sanchez

  • application/pgp-signature attachment: stored
Received on Tue Sep 13 23:40:12 2005

This is an archived mail posted to the Subclipse Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.