On 10/10/10 3:12 PM, Nico Kadel-Garcia wrote:
> On Sat, Oct 9, 2010 at 2:05 PM, Les Mikesell<lesmikesell_at_gmail.com> wrote:
>> On 10/9/10 12:51 PM, Nico Kadel-Garcia wrote:
>
>>> Yeah, both Subversion and SSH share the flaw of *ALLOWING* such
>>> unprotected keys to be stored locally, with no special command line
>>> arguments or special settings, and impossible to compile out of the
>>> clients with the current source trees.
>>
>> If they didn't, it would be impossible to do automated commands. There are
>> times when you have to choose between trusting the OS to protect your files
>> (which is, after all, one of its jobs) or not being able to do what you
>> want.
>
> This is incorrect. There are at least 5 tools in common use to support
> unlocking SSH keys and making them available for other programs to
> use, all based on the "ssh-agent" built-in technology of all vaguely
> complete SSH software packages. The include:
>
> * Pageant, built into the Putty installer, for Windows users.
> * gnome-keyring, already mentioned in this thread and aimed at X
> sessions, possible to use for command line sessions with considerable
> work.
> * kde-wallet, similar to gnome-keyring
> * keychain, a popular and lightweight Perl script for just this use.
> * Typing "eval ssh-agent" and "ssh-add [name of your SSH private key"
> from the command line in the window or session you will run Subversion
> from.
All of which require user interaction at some point. What if the machine
reboots? And what do you do about other files with contents that need to be
protected? Your ssh key probably isn't the only thing you'd like to keep private.
--
Les Mikesell
lesmikesell_at_gmail.com
Received on 2010-10-10 22:26:59 CEST