ssh and passwords

Jason Harris jason at jasonfharris.com
Fri Mar 25 18:31:38 CDT 2011


On Mar 26, 2011, at 12:14 AM, Benoit Boissinot wrote:

> On Fri, Mar 25, 2011 at 11:11 PM, Jason Harris <jason at jasonfharris.com> wrote:
>> Actually,
>> 
>> I have a rough understanding of this and the fact that ssh is asking for these things outside the normal stdin, stdout, stderr. Would there be interest in fixing this by using eg http://www.lag.net/paramiko/ or something similar. Or is there a better way to fix this?
> 
> That is not something we want to "fix". Passwords in url for ssh are a
> *really* bad idea, please use ssh keys if you need interactive mode.

First: Ok... But then why are passwords in URL's allowed for https? (Also you don't want to fix allowing the users to set username and password in the [auth] section for ssh connections either I take? (But you still want to allow these for https?)

Second: I mean *I* can very easily set things to generate keys, etc. For some users, though its not so smooth, or they are not so knowledgeable about such things. They just want a slick GUI that just handles all the details for them... Ie they see something like:

-------------- next part --------------
A non-text attachment was scrubbed...
Name: PastedGraphic-1.png
Type: image/png
Size: 54742 bytes
Desc: not available
URL: <http://selenic.com/pipermail/mercurial-devel/attachments/20110326/41da3620/attachment.png>
-------------- next part --------------


And they just want to fill in the details...

Thus what is the best way to make these connections in a programatic way without setting up ssh keys? This looks to be what libraries like paramiko where created for... Or do you have other suggestions beyond "setting up ssh keys..."

Cheers,
  Jas



More information about the Mercurial-devel mailing list