Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add startup check to ensure ssh to Github works #56

Closed
2 tasks
sorenlouv opened this issue Mar 13, 2018 · 0 comments
Closed
2 tasks

Add startup check to ensure ssh to Github works #56

sorenlouv opened this issue Mar 13, 2018 · 0 comments

Comments

@sorenlouv
Copy link
Owner

sorenlouv commented Mar 13, 2018
edited
Loading

backport relies on ssh access to Github. There are a couple of scenarios where the git commands will fail due to issues with ssh. Instead of handling these midway in the backporting process, the user should be told upfront about configuration issues, and how to fix them.

Issues that backport should warn about:

  • github.com is not in "known_hosts" file.
    If the user has never accessed github over ssh, Github's IP-address will not be trusted, and will prompt the user. Instead of handling the prompt inside backport the user should abort backport and run something like ssh -T [email protected] which will bring up the prompt.

    ssh-keygen -H -F github.com can be used to detect if github.com is added to "known_hosts".

  • ssh key is protected with a passphrase, and has not been added to ssh-agent
    If the user has a passphrase on their ssh key, and are not using ssh-agent, backport will choke on this prompt:
    Enter passphrase for key '/Users/sqren/.ssh/id_rsa':

    Instead of trying to handle the prompt, and the back/forth input exchange (I really don't want to touch the user's passphrase) we should abort backport and tell the user how to add their ssh key to ssh-agent. Possible by linking to Github's excellent docs: https://help.github.com/articles/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent/#adding-your-ssh-key-to-the-ssh-agent

    I still don't know how to detect if the user has a key with a passphrase, that has not been added to ssh-agent. It's possible to detect whether the user has added a key to ssh-agent with ssh-add -l.

Update
It might be possible to check for both cases by simply trying to SSH to Github:

ssh -oBatchMode=yes -T [email protected]

Caveats: this has a noticeable delay, and shouldn't be done on every startup.

  • Only check the very first time backport is executed (would require state to be stored somewhere)
  • Only check whenever a repo is setup (cloned). Doesn't require additional state, and happens very rarely.

Debugging workflow

List all keys

ssh-add -l

Remove all keys from ssh-agent:

ssh-add -D

Add key to ssh agent:

ssh-add -K ~/.ssh/id_rsa

Verify ssh-agent

ssh -oBatchMode=yes -T [email protected]

credential.helper

# disable
git config --unset credential.helper

# enable
git config credential.helper store
This was referenced Mar 13, 2018
Closed
Closed
@sorenlouv sorenlouv changed the title Add startup check to ensure ssh to Github is available Add startup check to ensure ssh to Github works Mar 13, 2018
@sorenlouv sorenlouv mentioned this issue Apr 11, 2018
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sorenlouv