On Sat, Oct 9, 2010 at 2:05 PM, Les Mikesell <lesmikes...@gmail.com> wrote: > On 10/9/10 12:51 PM, Nico Kadel-Garcia wrote:
>> Yeah, both Subversion and SSH share the flaw of *ALLOWING* such >> unprotected keys to be stored locally, with no special command line >> arguments or special settings, and impossible to compile out of the >> clients with the current source trees. > > If they didn't, it would be impossible to do automated commands. There are > times when you have to choose between trusting the OS to protect your files > (which is, after all, one of its jobs) or not being able to do what you > want. This is incorrect. There are at least 5 tools in common use to support unlocking SSH keys and making them available for other programs to use, all based on the "ssh-agent" built-in technology of all vaguely complete SSH software packages. The include: * Pageant, built into the Putty installer, for Windows users. * gnome-keyring, already mentioned in this thread and aimed at X sessions, possible to use for command line sessions with considerable work. * kde-wallet, similar to gnome-keyring * keychain, a popular and lightweight Perl script for just this use. * Typing "eval ssh-agent" and "ssh-add [name of your SSH private key" from the command line in the window or session you will run Subversion from. It's a pain in the backside, but it's fairly common practice. It wouldn't be so necessary if Subversion didn't rely on central repository access for committing any changes. but that's pretty core to the way CVS and and now Subversion work, and I don't see that going away.