From: Jeff King <peff@peff.net>
To: Junio C Hamano <gitster@pobox.com>
Cc: Breck Yunits <breck7@gmail.com>, git@vger.kernel.org
Subject: Re: Specifying a private key when connecting to a remote SSH repo
Date: Thu, 12 Sep 2013 01:19:13 -0400 [thread overview]
Message-ID: <20130912051913.GA1977@sigill.intra.peff.net> (raw)
In-Reply-To: <xmqqeh8ur6uc.fsf@gitster.dls.corp.google.com>
On Wed, Sep 11, 2013 at 09:39:55PM -0700, Junio C Hamano wrote:
> If the only thing you are interested in supporting is a one-shot
> invocation, i.e. giving which identity file to use from the command
> line when you run either "git push" or "git fetch", I suspect that
> you could play with GIT_SSH environment variable, e.g.
>
> GIT_SSH_IDENTITY_FILE=$HOME/.ssh/id_for_example_com git push
>
> and do something ugly like the attached, I suppose.
We already have GIT_SSH, so I would expect:
GIT_SSH='ssh -i $HOME/.ssh/id_for_example_com' git push
to work. But sadly, GIT_SSH does not use the shell, unlike most other
configure git commands. :(
We could consider it a consistency bug and fix it, though I suspect we
may be annoying people on Windows who have spaces in their paths.
If we do go the route of adding a new variable, it would make sense to
add something for specifying arbitrary arguments, not just the identity
file. Something like GIT_SSH_ARGS would be enough, though once you start
handling splitting, dequoting, and interpreting variables, you're better
off using the shell. So maybe GIT_SSH_SHELL or similar as a preferred
version of GIT_SSH that uses the shell.
> It also crossed my mind that you could (ab)use the credential helper
> framework and ask it to return not the password but the identity
> filename, and pass it down the callchain to git_connect(), but again
> you will have to teach the credential helper as many settings as you
> would need to make in ~/.ssh/config anyway, so I find it dubious how
> it would be a win.
You could write a credential helper shell script that knows about
classes of remotes (e.g., selecting an identity file based on the
hostname), and write only a few lines to cover a large number of hosts.
For example:
#!/bin/sh
test "$1" = "get" || exit 0
while IFS== read key val; do
test "$key" = "host" || continue
case "$val" in
*.example.com) echo sshident=com_key ;;
*.example.net) echo sshident=net_key ;;
esac
done
But it feels a bit hacky to be using the credential helpers at all for
ssh connections.
-Peff
next prev parent reply other threads:[~2013-09-12 5:19 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-09-11 23:19 Specifying a private key when connecting to a remote SSH repo Breck Yunits
2013-09-12 4:39 ` Junio C Hamano
2013-09-12 5:19 ` Jeff King [this message]
2013-09-12 15:43 ` Junio C Hamano
2013-09-12 17:48 ` Breck Yunits
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130912051913.GA1977@sigill.intra.peff.net \
--to=peff@peff.net \
--cc=breck7@gmail.com \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).