On Tue, Sep 13, 2005 at 09:29:08AM -0400, Mark Phippard wrote:
> "Roberto C. Sanchez" <roberto@familiasanchez.net> wrote on 09/13/2005
> 09:16:09 AM:
>
> > I would really like to know how to get this working with ssh-agent, as
> > every other application that needs access to the ssh keys works fine
> > with ssh-agent. Particularly, I am uncomfortable with leaving my
> > passphrase specified in the configuration file. I also certainly don't
> > want to specify it on the command line, as anyone logged into the
> > machine when I have done that can run a `ps aux` and see my passprase.
>
> I believe that he is using JavaHL, which uses the "normal" ssh client and
> therefore works with the ssh-agent. JavaSVN uses a pure Java SSH library
> named JSch. In all likelihood that library does not work with ssh-agent.
>
I would be interested to know as well. Hopefully Russel will enlighten
us. However, since he said he is on Debian Testing, I am guessing that
he is not using JavaHL.
> A future version of Subclipse/JavaSVN is going to extend the current
> prompt to allow you to be prompted for your key file and passphrase with
> the option of allowing JavaSVN to cache that information.
>
Is there a way to change this? Do you know if the JSch developers have
any plans to incorporate this functionality. Frankly, I would have to
consider an ssh library that can't interact with an ssh-agent to be a
bit on the broken side, or at least incomplete. Also, I would
personally steer clear of letting JavaSVN cache things like passphrases.
My main concern there is how do you ensure the security of the cached
information?
-Roberto
--
Roberto C. Sanchez
http://familiasanchez.net/~roberto
- application/pgp-signature attachment: stored
Received on Tue Sep 13 23:40:12 2005