[
https://issues.apache.org/jira/browse/WAGON-446?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16598665#comment-16598665
]
Per Landberg commented on WAGON-446:
------------------------------------
My use-case is running mvn site-deploy in a maven project with
distributionManagement.site.url set to use the scp-protocol. I have a SSH
private key with a passphrase that I've loaded in a ssh-agent and no specific
settings in my settings.xml for the target host. My expectation is that
wagon-ssh should detect that i'm using a ssh-agent and use the agentĀ for
authentication when running mvn site-deploy.
The problem is that wagon-ssh finds my private key in my .ssh-directory and
always tries to use the key directlry instead of using the ssh-agent. Since I
haven't configured a passphrase (and no other settings either in my
.m2/settings.xml), wagson-ssh assumez that the key have no passphrase and the
authentication fails. My current workaround is to configure wagon-ssh to look
for private keys in an empty directory and since no private key is found,
wagon-ssh will use the running ssh-agent and the authentication succeed.
Hopefully, my use-case description is enough information to reproduce the
problem.
Yes, the patch breaks the use of SSH keys that lacks a passphrase.
Unfortunately, the only way I remember back then how to distingush between the
implicit use of the fallback private key or using the ssh-agent without
compatibility problem is to examine the key to make sure that it doesn't
require a passphrase. I have no idea how to perform such a test.If it's
possible, I'm willing to help produce such a patch.
The correct way IMHO is to alter the behavior to always require that the
private key is declared in settings.xml but as discussed above, this will break
current users that depends on the implicit private key. If you like, I could
provide such a patch.
> SSH agent authentication is no longer working in wagon-ssh 2.10
> ---------------------------------------------------------------
>
> Key: WAGON-446
> URL: https://issues.apache.org/jira/browse/WAGON-446
> Project: Maven Wagon
> Issue Type: Bug
> Components: wagon-ssh
> Affects Versions: 2.10
> Reporter: Per Landberg
> Assignee: Dan Tran
> Priority: Major
> Fix For: waiting-for-feedback
>
> Attachments: wagon-446.patch
>
>
> After upgrading to wagon-2.10, SSH Agent authentication doesn't seems to
> work anymore. I got the following error when trying to publish a site, using
> maven-site-plugin 3.4:
> Using private key: <PATH TO id_rsa>
> : Error uploading site: Cannot connect. Reason: Auth fail -> [Help 1]
> I have no server for this site defined in my settings.xml
> After some investigation, I suspect that the cause is WAGON-413 since the
> logic in AbstractJschWagon was changed to not use the agent if
> ScpHelper.getPrivateKey() returns a File.
> Unfortunate, ScpHelper.getPrivateKey() seems to have a fallback behavior that
> always returns the id_rsa key (if one exists) even when no matching server
> element exists in settings.xml and the effect is that the agent is never
> consulted.
> The authentication will then fail since no server element provides a key
> password.
> My current workaround is to set the wagon.privateKeyDirectory System Property
> to an empty directory. This will prevent the ScpHelper.getPrivateKey()
> fallback to kick in.
> Has anybody else got SSH agent working in combination with existing id_rsa
> files?
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
