[Swift-devel] askpass for command line ssh provider?
Jonathan Monette
jonmon at mcs.anl.gov
Mon Jan 16 10:31:21 CST 2012
I always thought the solution to the OTP situation was to set up a master channel. Inside a portal this is easy. The portal knows which sites are used and which sites require a OTP. The portal can then set up a master channel. For the situation for the agents, the portal can always create the agent itself after prompting for a password once can't it? In both scenarios the portal creates the mechanisms to limit the number of passwords that are required.
For Swift, I do not think that these solutions work since Swift needs to be more general(maybe creating agent approach but that won't work for OTP situations).
On Jan 16, 2012, at 10:07 AM, Michael Wilde wrote:
> Was: Re: [Swift-devel] command line ssh provider...
>
> After a bit more thought, it seems that enabling the ssh-cl provider to prompt for passwords is perhaps not a required feature.
>
> We will for example need to access many systems that needs a one time password.
>
> But its likely that such mechanisms need to be set up outside of Swift (or at least outside the main line of the provider), using agents or master channels, else the user would get multiple password prompts per endpoint.
>
> For now, we can do this outside of Swift proper (ie in the various portals, ideally via scripts that we package in swift/bin which can be used by both command line users and by portal code).
>
> Later we can consider if its reasonable to make the ssh-cl provider smart enough to invoke such channel or agent setup scripts automatically when needed.
>
> - Mike
>
>
>
> ----- Original Message -----
>> From: "Mihael Hategan" <hategan at mcs.anl.gov>
>> To: "Michael Wilde" <wilde at mcs.anl.gov>
>> Cc: "Ben Clifford" <benc at hawaga.org.uk>, "Swift Devel" <swift-devel at ci.uchicago.edu>
>> Sent: Friday, January 13, 2012 6:09:18 PM
>> Subject: Re: [Swift-devel] command line ssh provider...
>> On Fri, 2012-01-13 at 18:00 -0600, Michael Wilde wrote:
>>> Another good test is to access eg surveyor, and intrepid using an
>>> OTP via ssh-cl.
>>
>> A word of caution there: if the ssh client asks for the password on
>> the
>> command line (instead of through ssh-askpass or some other gui),
>> things
>> won't work very well. It might be possible to add some detection for
>> that in the provider, but that's not a high priority given that there
>> is
>> a workaround (askpass).
>
> --
> Michael Wilde
> Computation Institute, University of Chicago
> Mathematics and Computer Science Division
> Argonne National Laboratory
>
> _______________________________________________
> Swift-devel mailing list
> Swift-devel at ci.uchicago.edu
> https://lists.ci.uchicago.edu/cgi-bin/mailman/listinfo/swift-devel
More information about the Swift-devel
mailing list