I added a global option ('ssh-options') to override what backend invoke passes to ssh. Default behavior is the same as current behavior; set this to empty to allow password authentication.

CommentFileSizeAuthor
#7 remove-ssh-options.patch3.66 KBgreg.1.anderson
#4 ssh-options-2.patch1.52 KBgreg.1.anderson
ssh-options.patch2.35 KBgreg.1.anderson

Comments

moshe weitzman’s picture

moshe weitzman commented

OK with me. Lets give Adrian a couple days to comment.

moshe weitzman’s picture

moshe weitzman commented

My only hesitation is with clutterring the global options with this rarely used entry. Maybe we just document it in example.drushrc.php and leave it at that?

greg.1.anderson’s picture

greg.1.anderson commented

That would be fine by me...

greg.1.anderson’s picture

greg.1.anderson commented
StatusFileSize
new ssh-options-2.patch1.52 KB

Same patch as above, but without the change to the global help options.

moshe weitzman’s picture

moshe weitzman commented
Status: Needs review » Fixed

Committed.

dman’s picture

dman commented

FYI cross-reference with #686384: Allow the site-aliases configs to define extra options when invoking ssh

greg.1.anderson’s picture

greg.1.anderson commented
Assigned: Unassigned » adrian
Status: Fixed » Needs review
StatusFileSize
new remove-ssh-options.patch3.66 KB

Based on a comment in #686384: Allow the site-aliases configs to define extra options when invoking ssh, I present this alternate proposal: take out ssh-options altogether, and add comments directing the users to .ssh/config.

@adrian: This removes your PasswordAuthentication=no from backend_invoke, so I'm assigning this to you for your review.

adrian’s picture

adrian commented

i added the password authentication because the command would hang with no feedback and require to be exited with kill to get back.

unless you can somehow ensure that ssh will never try to open a read from shell (which is a bit tricky since ssh uses a different term for the input for security reasons), i'm not sure we can commit this.

adrian’s picture

adrian commented
Status: Needs review » Reviewed & tested by the community

actually. looking at the code. it only seems to be defaulted.

if you want to break your system, you should be free to.

feel free to ommit

greg.1.anderson’s picture

greg.1.anderson commented
Status: Reviewed & tested by the community » Needs review

@adrian: Your comment refers to #4, which has already been committed. #7 removes password authentication altogether.

On my Debian/Ubuntu system, it works just fine with password authentication (although it's better with ssh key authentication, of course). Does it break on other systems, or does it break if backend invoke calls a function that calls backend invoke (remotely)?

moshe weitzman’s picture

moshe weitzman commented
Status: Needs review » Fixed

#7 is won't fix in favor of #686384: Allow the site-aliases configs to define extra options when invoking ssh. returning issue a resting state.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.