Background:
when the 'ssh' command is run, its stdin and stdout are often connected
to pipes. Think about rsync, git, scp, ...
ssh-ident internally calls ssh-add. If ssh-add does not have a terminal
for stdin and stdout, it can't read a password, so it invokes ssh-askpass,
and FAILS if ssh-askpass cannot be found.
Which is annoying for a few reasons:
- ssh-askpass becomes a requirement to use ssh-ident.
ssh-add will fail if it can't find it :(
- ssh-askpass is invoked even in cases where, well, a terminal
would normally be used.
In this change:
- when running ssh-add, connect its stdin and stdout to a suitable
terminal.
- add code to detect a 'suitable' terminal.
The logic to determine what 'suitable' here is more complex than
it should be. Normally one would just check if stdin / stdout are
terminals. But this does not work here (see background).
So instead the code checks if 1) there is a /dev/tty, and 2) this
/dev/tty is an usable tty. 2) is necessary because in some cases
/dev/tty exists, is readable and writable, it is a character device,
but using it as a terminal returns ENXIO or ENODEV.
So the detection code does a 'noop' tty ioctl, in order to detect
ENXIO and ENODEV. If no error is returned, then it is a dvice.
Terminals are black magic.
This (hopefully) closes#29, and closes#32.
"ASSIGNMENT" syntax everywhere.
For some reason, when I wrote the documentation I was assuming a dict
was used for configuration parameters. Closes#20.
Background:
Whenever ssh was run, before this change, ssh-ident cleaned the
environment.
However, this breaks users that set SSH_ASKPASS, or even things
like the LOCALE settings or DISPLAY.
After this change, the environment is no longer cleaned.
Thanks to eugenesvk for reporting the issue.
This should fix#18.
python 2.6 and 3.0 require string.format() arguments to be
number explicitly, otherwise they raise ValueError.
Fixed code to number them.
This fixes#14.
Background:
ssh-ident needs to determine which binary to run next
to complete the requested command. Generally, this binary
is 'ssh'.
With previous changes (thanks to black2754), code was added
to detect the binary to run based on argv[0], and to find
it in PATH.
Depending on the setup, this can be fragile as argv[0] may
not contain a path at all, or the path in $PATH may contain
symlinks or bind mounts, which would be difficult to exclude.
In this change:
- if BINARY_DIR is set, look for the next binary to run
in that directory only. This could be set to "/usr/bin"
on most unix systems.
This is optional, the default is still to search in
the path.
Additionally:
- be a bit more paranoid when searching in PATH. Specifically,
handle relative paths without defaulting to the CWD.
- add more verbose messages, as those problems may be difficult
or obscure to debug.
options per identity, and to debug the generated command.
In this change:
- introduced a few more configuration parameters to have
default flags passed to ssh, and per identity flags.
- when VERBOSITY=LOG_DEBUG ssh-ident is called, the generated
ssh command is now displayed. Used to verify correct
behavior of code.
Don't ignore global ssh_config by default.
From pull request:
"""
Specifying a config file to ssh makes it impossible to also read the global
config. Which is daft, but that's what ssh does. So I've removed ~/.ssh as
a place to look for configs, on the principle that not specifying any
config will read both the global ssh_config and ~/.ssh/config, and that's
the expected default behaviour.
"""
Any identity specific config will still ignore the global config, but that
seems fine to me.
Specifying a config file to ssh makes it impossible to also read the global
config. Which is daft, but that's what ssh does. So I've removed ~/.ssh as
a place to look for configs, on the principle that not specifying any
config will read both the global ssh_config and ~/.ssh/config, and that's
the expected default behaviour.
Any identity specific config will still ignore the global config, but that
seems fine to me.
ssh-ident, where it was supposed to be to begin with, move from future
... after the file docstring (otherwise pydoc doesn't generate / show
the documentation correctly), and update the README with pydoc ssh-ident
> README.
