Calling ssh from git-gui

Calling ssh from git-gui

[Petr Baudis]

  Hi,

  I'm quite at loss by now searching for a reasonable solution for
invoking ssh (either directly or through git fetch/git push) from
git-gui, which is very problematic right now - doubly so when
considering both UNIX and Win32.

  There are several scenarios to consider:

  (i) SSH to known host with key managed by a running agent.
  (ii) SSH to host without agent running or without keys set up.
  (iii) SSH to unknown host (unregistered fingerprint).

  Currently, (i) is the only scenario git-gui can handle, which means
that users usually have to use Other Means (tm) to "seed" their ssh tool
(OpenSSH or PuTTY) - it forces them to install keys and manually connect
to the machine once. Furthermore, this is pretty much undocumented (and
even if it was, GUI users assume they don't have to read documentation)
and there is no way to give the user feedback why on the earth is the
thing hanging.

  Handling (ii) and (iii) unfortunately turned out to be very tricky.

  On Linux, things are at least manageable - running ssh in a separate
session and setting $SSH_ASKPASS to point at a GUI helper should do.
(Even though the separate session part might get rather tricky to
implement in TCL.) On Windows, there is PuTTY and OpenSSH to consider:

  With PuTTY, I know about no good solutions for both (ii) and (iii)
short of including PuTTY code with custom frontend in msysGit itself -
this might be interesting approach, though. PuTTY is licenced under
something that looks like an MIT licence and can run on UNIX too.

  With OpenSSH, I was not able to get $SSH_ASKPASS to work, even after
going through the ordeal of setting up msysdvlpr and compiling my own
setsid.exe - setsid.exe cat /dev/tty shows it does not exist, yet
OpenSSH still declines to call $SSH_ASKPASS. By now, I'm at loss and
running out of time to investigate this further.


  To sum it up, there are two possible solutions to driving ssh through
git-gui:

  * Call setsid'd ssh with $SSH_ASKPASS; this might get very tricky to
implement in TCL. Either git-gui.sh could execute wish setsid'd already
(which is probably not portable and changes current semantics as git-gui
detaches from the current terminal, but that could be ok), or Git itself
could get support of setsid()ing before calling ssh (probably better
option). To get this working on Win32 would require further work and
possibly ssh or msys code hacking. (Heck, we could customize the ssh we
ship with msysGit to remove the braindead no-controlling-terminal
requirement.)

  * Use PuTTY code with custom frontend for the ssh transport. This is
probably not realistic since I can't think of any benefits this would
get non-Win32 users now - though for Win32 users the benefits might be
significant; making embedding-friendly PuTTY frontend (not even
necessarily git-specific) could be nic next year's GSoC project
candidate?


  Comments, thoughts?

-- 
				Petr "Pasky" Baudis
The next generation of interesting software will be done
on the Macintosh, not the IBM PC.  -- Bill Gates

Re: Calling ssh from git-gui

[Shawn O. Pearce]

Petr Baudis <pasky@suse.cz> wrote:
> 
>   I'm quite at loss by now searching for a reasonable solution for
> invoking ssh (either directly or through git fetch/git push) from
> git-gui, which is very problematic right now - doubly so when
> considering both UNIX and Win32.
> 
>   There are several scenarios to consider:
> 
>   (i) SSH to known host with key managed by a running agent.
>   (ii) SSH to host without agent running or without keys set up.
>   (iii) SSH to unknown host (unregistered fingerprint).
> 
>   Currently, (i) is the only scenario git-gui can handle, [...]
> 
>   Handling (ii) and (iii) unfortunately turned out to be very tricky.

And that is why it doesn't handle (ii) or (iii) at the present time,
and unless I am given a nice patch series for any git-gui related
parts of this, why it will continue to remain that way for quite
some time.

Its annoying, and people complain about it, but I know of no good
solution here, and neither it seems does anyone else.  :-|

At prior day-job I had a customized git-gui starting an rxvt on
Cygwin to run some in-house command line scripts, which in turn
called git fetch and git push.  These worked just fine obviously in
an rxvt, it was a full tty that SSH could interact with the user on.

Damn annoying for git-gui to be invoking a new terminal window, but
maybe that's what we have to do.  Be nice though if the window only
was opened because we couldn't do "git ls-remote url" but its hard
to tell "hanging because SSH needs the user" and "hanging because
the network is a 2400 baud modem".

-- 
Shawn.

Re: Calling ssh from git-gui

[Thomas Rast]

[-- Attachment #1: Type: text/plain, Size: 492 bytes --]

Shawn O. Pearce wrote:
> Damn annoying for git-gui to be invoking a new terminal window, but
> maybe that's what we have to do.  Be nice though if the window only
> was opened because we couldn't do "git ls-remote url" but its hard
> to tell "hanging because SSH needs the user" and "hanging because
> the network is a 2400 baud modem".

You can set BatchMode (ssh_config(5)) to at least prevent it from
hanging, can't you?

- Thomas

-- 
Thomas Rast
trast@student.ethz.ch



[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 197 bytes --]

Re: Calling ssh from git-gui

[Shawn O. Pearce]

Thomas Rast <trast@student.ethz.ch> wrote:
> Shawn O. Pearce wrote:
> > Damn annoying for git-gui to be invoking a new terminal window, but
> > maybe that's what we have to do.  Be nice though if the window only
> > was opened because we couldn't do "git ls-remote url" but its hard
> > to tell "hanging because SSH needs the user" and "hanging because
> > the network is a 2400 baud modem".
> 
> You can set BatchMode (ssh_config(5)) to at least prevent it from
> hanging, can't you?

True, but this is OpenSSH specific, and has to be done on the
command line, which git-gui has no control over.

Maybe git fetch and push can check for a tty on fd 0 and enable
try to enable batch mode if fd 0 isn't a tty?

-- 
Shawn.

Re: Calling ssh from git-gui

[Petr Baudis]

On Wed, Sep 03, 2008 at 10:15:43AM -0700, Shawn O. Pearce wrote:
> And that is why it doesn't handle (ii) or (iii) at the present time,
> and unless I am given a nice patch series for any git-gui related
> parts of this, why it will continue to remain that way for quite
> some time.

My writeup was not actually intended as 'how we might do it' but 'how
should *I* implement this'. ;-) I _do_ plan for a nice patch series.
For now I'm defaulting on the SSH_ASKPASS approach.

> Damn annoying for git-gui to be invoking a new terminal window, but
> maybe that's what we have to do.  Be nice though if the window only
> was opened because we couldn't do "git ls-remote url" but its hard
> to tell "hanging because SSH needs the user" and "hanging because
> the network is a 2400 baud modem".

Oh, indeed - that is something what I had in mind when starting to write
this mail about a week ago, but forgot to mention now. It's the
possibility of having console spawn a real tty (or do some more stuff to
*emulate* a tty, but again, this might get hairy in TCL). However, this
feels very... "untidy" compared to SSH_ASKPASS.

-- 
				Petr "Pasky" Baudis
The next generation of interesting software will be done
on the Macintosh, not the IBM PC.  -- Bill Gates