On Sat, Oct 9, 2010 at 2:05 PM, Les Mikesell <lesmikesell_at_gmail.com> wrote:
> On 10/9/10 12:51 PM, Nico Kadel-Garcia wrote:
>> Yeah, both Subversion and SSH share the flaw of *ALLOWING* such
>> unprotected keys to be stored locally, with no special command line
>> arguments or special settings, and impossible to compile out of the
>> clients with the current source trees.
>
> If they didn't, it would be impossible to do automated commands. There are
> times when you have to choose between trusting the OS to protect your files
> (which is, after all, one of its jobs) or not being able to do what you
> want.
This is incorrect. There are at least 5 tools in common use to support
unlocking SSH keys and making them available for other programs to
use, all based on the "ssh-agent" built-in technology of all vaguely
complete SSH software packages. The include:
* Pageant, built into the Putty installer, for Windows users.
* gnome-keyring, already mentioned in this thread and aimed at X
sessions, possible to use for command line sessions with considerable
work.
* kde-wallet, similar to gnome-keyring
* keychain, a popular and lightweight Perl script for just this use.
* Typing "eval ssh-agent" and "ssh-add [name of your SSH private key"
from the command line in the window or session you will run Subversion
from.
It's a pain in the backside, but it's fairly common practice. It
wouldn't be so necessary if Subversion didn't rely on central
repository access for committing any changes. but that's pretty core
to the way CVS and and now Subversion work, and I don't see that going
away.
Received on 2010-10-10 22:12:42 CEST