search

lucasmotta / dploy

⛔️ currently unmaintained ⛔️
http://lucasmotta.github.io/dploy/
MIT License
990 stars 90 forks source link

sftp using public key #18

Closed jgoodall closed 10 years ago

jgoodall commented 10 years ago

I am not real keen on putting my password in a config file, but I should be able to use public key encryption with SFTP. That doesnt seem to be working. If I specify a password using scheme: sftp, the dploy works, but if I remove the password, it says connecting and then eventually ends.

It looks like ssh2 module supports it.

Is using public key not supported, or am I missing the right way to do it?

felds commented 10 years ago

:+1: for this functionality

lucasmotta commented 10 years ago

Yes, the public key is not yet supported, but it should be fairly simple to add it. The current behaviour of the SFTP scheme is to receive a simple password, just like the FTP.

What do you guys suggest? Create a SSH scheme, where in the password field DPLOY will expect a path? Or keep using SFTP, but add one extra parameter (i.e. privateKey)?

jgoodall commented 10 years ago

I think there might be two approaches:

  1. be explicit

scheme: ‘ssh' keyPath: ‘path/to/key.pub’

  1. implicit - if the scheme is sftp, use username/password if the password is defined, if not, use a public key from standard places (i.e. ~/.ssh/id_rsa.pub, etc).

(#2 is actually how I expected it to work)

On Nov 20, 2013, at 2:41 PM, Lucas Motta notifications@github.com<mailto:notifications@github.com> wrote:

Yes, the public key is not yet supported, but it should be fairly simple to add it. The current behaviour of the SFTP scheme is to receive a simple password, just like the FTP.

What do you guys suggest? Create a SSH scheme, where in the password field DPLOY will expect a path?

— Reply to this email directly or view it on GitHubhttps://github.com/LeanMeanFightingMachine/dploy/issues/18#issuecomment-28922348.

John Goodall | jgoodall@ornl.govmailto:jgoodall@ornl.gov | (865) 446-0611 Team Lead, Situation Awareness and Visual Analytics team Cyberspace Sciences & Information Intelligence Research group Oak Ridge National Laboratory

lucasmotta commented 10 years ago

So maybe still using the sftp scheme, but following those rules:

  1. Look for the password field
  2. Look for the keyPath field
  3. Look for standard places
  4. Alert and prompt you to set the path
jgoodall commented 10 years ago

Yes, that makes sense to me.

-john

On Nov 20, 2013, at 2:53 PM, Lucas Motta notifications@github.com<mailto:notifications@github.com> wrote:

So maybe still using the sftp scheme, but following those rules:

  1. Look for the password field
  2. Look for the keyPath field
  3. Look for standard places
  4. Alert and prompt you to set the path

— Reply to this email directly or view it on GitHubhttps://github.com/LeanMeanFightingMachine/dploy/issues/18#issuecomment-28924004.

John Goodall | jgoodall@ornl.govmailto:jgoodall@ornl.gov | (865) 446-0611 Team Lead, Situation Awareness and Visual Analytics team Cyberspace Sciences & Information Intelligence Research group Oak Ridge National Laboratory

felds commented 10 years ago

I have absolutely no ideia on how the ssh2 module is implemented, but the sftp cli takes the ~/.ssh/config into account when defining the host/user/pass of a domain.

i.e:

cli

sftp foo_domain

~/.ssh/config

Host foo_domain
    HostName dev.example.com
    User foo
    Port 9001
    IdentityFile ~/.ssh/id_foo

(But don't let this hold back the awesomeness. I'm just spitballing here.)

lucasmotta commented 10 years ago

I've started implementing this feature, but I just want to double check the paths that I should check for your public key? I've added ~/.ssh/id_rsa.pub, but is there more? And do you guys know if on windows is the same thing?

jgoodall commented 10 years ago

I believe the default locations are: ~/.ssh/identity.pub ~/.ssh/id_dsa.pub ~/.ssh/id_rsa.pub

See: http://man.cx/ssh-keygen

On Nov 22, 2013, at 9:16 AM, Lucas Motta notifications@github.com<mailto:notifications@github.com> wrote:

I've started implementing this feature, but I just want to double check the paths that I should check for your public key? I've added ~/.ssh/id_rsa.pub, but is there more? And do you guys know if on windows is the same thing?

— Reply to this email directly or view it on GitHubhttps://github.com/LeanMeanFightingMachine/dploy/issues/18#issuecomment-29075046.

John Goodall | jgoodall@ornl.govmailto:jgoodall@ornl.gov | (865) 446-0611 Team Lead, Situation Awareness and Visual Analytics team Cyberspace Sciences & Information Intelligence Research group Oak Ridge National Laboratory

lucasmotta commented 10 years ago

Would be great if you guys could test this as well. Instead of loading the default locations, you have to set the path manually - I think it gives the user a bit more control of where they want to load the key from.

Cheers!

jgoodall commented 10 years ago

Tested and confirm it works as expected.

On Nov 23, 2013, at 7:27 PM, Lucas Motta notifications@github.com<mailto:notifications@github.com> wrote:

Would be great if you guys could test this as well. Instead of loading the default locations, you have to set the path manually - I think it gives the user a bit more control of where they want to load the key from.

Cheers!

— Reply to this email directly or view it on GitHubhttps://github.com/LeanMeanFightingMachine/dploy/issues/18#issuecomment-29145528.

John Goodall | jgoodall@ornl.govmailto:jgoodall@ornl.gov | (865) 446-0611 Team Lead, Situation Awareness and Visual Analytics team Cyberspace Sciences & Information Intelligence Research group Oak Ridge National Laboratory