On 10/10/10 3:12 PM, Nico Kadel-Garcia wrote:
On Sat, Oct 9, 2010 at 2:05 PM, Les Mikesell<lesmikes...@gmail.com> wrote:
On 10/9/10 12:51 PM, Nico Kadel-Garcia wrote:
Yeah, both Subversion and SSH share the flaw of *ALLOWING* such
unprotected keys to be stored locally, with no special command line
arguments or special settings, and impossible to compile out of the
clients with the current source trees.
If they didn't, it would be impossible to do automated commands. There are
times when you have to choose between trusting the OS to protect your files
(which is, after all, one of its jobs) or not being able to do what you
want.
This is incorrect. There are at least 5 tools in common use to support
unlocking SSH keys and making them available for other programs to
use, all based on the "ssh-agent" built-in technology of all vaguely
complete SSH software packages. The include:
* Pageant, built into the Putty installer, for Windows users.
* gnome-keyring, already mentioned in this thread and aimed at X
sessions, possible to use for command line sessions with considerable
work.
* kde-wallet, similar to gnome-keyring
* keychain, a popular and lightweight Perl script for just this use.
* Typing "eval ssh-agent" and "ssh-add [name of your SSH private key"
from the command line in the window or session you will run Subversion
from.
All of which require user interaction at some point. What if the machine
reboots? And what do you do about other files with contents that need to be
protected? Your ssh key probably isn't the only thing you'd like to keep private.
--
Les Mikesell
lesmikes...@gmail.com
