Closed rgs1 closed 11 years ago
Great! Thank you! I posted several comments. I think they would improve the patch, what do you think? For security measure, some FTP client (e.g., wget) checks the permission of .netrc file (which contains username/password for FTP sites) is correct or not. Maybe we should do this here? I'm open to this discussion.
Updated the branch (I re-wrote history to keep it clean) with the suggested changes. Thanks for the fast review!
Looks good. Merged and pushed. Thank you!
This avoids the need to provide the password for your private key interactively.
It can be used via --passwd-key-file or passwd-key-file in the given config file. The first line in the file (without \n) will be treated as the passwd. There isn't any validation and all lines after the first one (if any) are ignored.
The security model behind this is a bit simplistic so I am open to better ideas. Basically your password file should be root:root (400) and you should drop root and run as an unprivileged user.
If the file exists and a line can be read then a callback will be set for the SSL ctxt and it'll feed the passwd when the private key is read (if password is needed).