Bazaar

Traceback if authentication.conf contains section without password

Bug #199440 reported by Alexander Belchenko
4
Affects Status Importance Assigned to Milestone
Bazaar
Fix Released
Low
Vincent Ladeuil
Bazaar 1.5

Bug Description

Here is example of authentication.conf:

[myproject]
user = root
host = myhost

I want to use this for bzr+ssh access with pageant SSH keys agent. SSH key is loaded to agent, so I decided to not write password to authentication.conf.

The I do: bzr push bzr+ssh://myhost/root/foo and get traceback. Here is part of .bzr.log:

0.234 encoding stdout as sys.stdout encoding 'cp866'
0.234 bzr arguments: [u'push', u'bzr+ssh://myhost/root/foo']
0.234 looking for plugins in C:\work\Bazaar\plugins-repo
0.531 looking for plugins in C:\Program Files\Bazaar\lib\library.zip\bzrlib\plugins
0.531 Looking for plugins in 'C:\\Program Files\\Bazaar\\lib\\library.zip\\bzrlib\\plugins'
0.609 Names in archive: ['__init__.pyc', 'launchpad/__init__.pyc', 'launchpad/account.pyc', 'launchpad/lp_indirect.pyc', 'launchpad/lp_registration.pyc', 'launchpad/test_account.pyc', 'launchpad/test_lp_indirect.pyc', 'launchpad/test_lp_service.pyc', 'launchpad/test_register.pyc']
0.609 Load plugin launchpad from zip 'C:\\Program Files\\Bazaar\\lib\\library.zip\\bzrlib\\plugins'
0.625 encoding stdout as sys.stdout encoding 'cp866'
2.578 falling back to default implementation
2.578 failed to load system host keys: [Errno 2] No such file or directory: 'C:\\/.ssh/known_hosts'
[ 536] 2008-03-07 12:36:16.015 INFO: Connected (version 1.99, client OpenSSH_3.8.1p1)
2.937 Traceback (most recent call last):
  File "bzrlib\commands.pyc", line 834, in run_bzr_catch_errors
  File "bzrlib\commands.pyc", line 790, in run_bzr
  File "bzrlib\commands.pyc", line 492, in run_argv_aliases
  File "bzrlib\builtins.pyc", line 727, in run
  File "bzrlib\bzrdir.pyc", line 688, in open_from_transport
  File "bzrlib\transport\__init__.pyc", line 1662, in do_catching_redirections
  File "bzrlib\bzrdir.pyc", line 665, in find_format
  File "bzrlib\bzrdir.pyc", line 1417, in find_format
  File "bzrlib\bzrdir.pyc", line 2402, in probe_transport
  File "bzrlib\smart\protocol.pyc", line 589, in query_version
  File "bzrlib\smart\protocol.pyc", line 477, in call
  File "bzrlib\smart\protocol.pyc", line 601, in _write_args
  File "bzrlib\smart\medium.pyc", line 270, in accept_bytes
  File "bzrlib\smart\medium.pyc", line 601, in _accept_bytes
  File "bzrlib\smart\medium.pyc", line 476, in _accept_bytes
  File "bzrlib\smart\medium.pyc", line 499, in _ensure_connection
  File "bzrlib\transport\ssh.pyc", line 319, in connect_ssh
  File "bzrlib\transport\ssh.pyc", line 307, in _connect
  File "bzrlib\transport\ssh.pyc", line 474, in _paramiko_auth
  File "bzrlib\config.pyc", line 1082, in get_user
  File "bzrlib\config.pyc", line 1055, in get_credentials
  File "bzrlib\util\configobj\configobj.pyc", line 532, in __getitem__
KeyError: 'password'

If I provide password in config all works OK.

Related branches

lp:~vila/bzr/199440-auth-ssh-user-no-pass (Merged)
Revision history for this message
Vincent Ladeuil (vila) wrote :

authentication.conf specification explicitly says that SSH agents *are* a better solution.

I will look more closely at your use case but I think you're trying to use authentication.conf out of its intended usage ;-)

Changed in bzr:
assignee: nobody → v-ladeuil
status: New → Confirmed
Revision history for this message
Alexander Belchenko (bialix) wrote : Re: [Bug 199440] Re: Traceback if authentication.conf contains section without password

Vincent Ladeuil пишет:
> authentication.conf specification explicitly says that SSH agents *are*
> a better solution.
>
> I will look more closely at your use case but I think you're trying to
> use authentication.conf out of its intended usage ;-)

I'm actually trying to avoid typing user name every time.
Is it intended usage or not?

Documentation on authentication.conf claims that only
user name is mandatory. And I understand that other options
is optional.

If yes, so why bzr did not fall back to password prompt then?

Revision history for this message
Vincent Ladeuil (vila) wrote :

>>>>> "bialix" == Alexander Belchenko <email address hidden> writes:

    bialix> Vincent Ladeuil пишет:
    >> authentication.conf specification explicitly says that SSH agents *are*
    >> a better solution.
    >>
    >> I will look more closely at your use case but I think you're trying to
    >> use authentication.conf out of its intended usage ;-)

    bialix> I'm actually trying to avoid typing user name every time.
    bialix> Is it intended usage or not?

It is (intended usage), but not for ssh (at least I didn't think
someone will use it for ssh).

You found a use case, we should handle it properly.

    bialix> Documentation on authentication.conf claims that only
    bialix> user name is mandatory. And I understand that other
    bialix> options is optional.

    bialix> If yes, so why bzr did not fall back to password prompt then?

That is a bug. I'll look into it (sorry for the confusion caused
by my previous comment, I intended to make clear that I *will*
look into fixing it).

Revision history for this message
Alexander Belchenko (bialix) wrote :

at least bzr should not produce traceback.

Changed in bzr:
importance: Undecided → Low
Revision history for this message
codeslinger (codeslinger) wrote :

as long as you are looking at this bug I would appreciate it if you would also look at the very closely related
Bug #183705 which 4 months later... no one has yet to respond to.

It's the same goal -- be able to use bzr without endless password prompts.

and basically the same problem... which is that contrary to any docs, usage of authentication.conf just plain and simply does not work. it is a broken system.

Revision history for this message
John A Meinel (jameinel) wrote :

I don't know what bug #183705 is, but here it gives me a "Forbidden" message. It is possible that it was marked as a security issue, which means that most of us have never seen the bug, thus why it is probably not responded to.

In general, we can't pass a password to an ssh subprocess (because of openssh security restrictions), so you have to either use ssh keys, or use the 'paramiko' ssh implementation if you want bzr to remember your password. (I would certainly recommend ssh keys as an appropriate way, rather than having a plaintext password stored anywhere on your disk.)

Vincent Ladeuil (vila)
Changed in bzr:
status: Confirmed → Fix Committed
Vincent Ladeuil (vila)
Changed in bzr:
milestone: none → 1.5
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.