Manual intervention needed to set up code import over empty-password SSH
Bug #726834 reported by
Max Bowsher
This bug affects 3 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Launchpad code imports |
Fix Released
|
High
|
Colin Watson |
Bug Description
This is a pretty obscure corner case, but lifeless asked me to file a bug in https:/
In some fairly rare cases, seemingly limited to BSD OSes, anonymous CVS access is provided over SSH with an empty password. In such a situation, it is necessary to ask the LOSAs to accept the SSH host key into the ~importd/
Technically the same situation could exist for non-CVS code imports, but svn and git provide non-SSH anonymous serving options that are considerably less flaky than cvs pserver, so the issue is unlikely to ever arise.
Related branches
~cjwatson/lp-codeimport:cvs-no-host-key-check
- Tom Wardill (community): Approve
-
Diff: 70 lines (+12/-1)5 files modifiedcharm/lp-codeimport/reactive/lp-codeimport.py (+1/-1)
charm/lp-codeimport/scripts/ssh-no-host-key (+2/-0)
charm/lp-codeimport/templates/codeimport-lazr.conf.j2 (+1/-0)
lib/lp/services/config/schema-lazr.conf (+5/-0)
scripts/code-import-worker.py (+3/-0)
tags: | added: canonical-losa-lp |
Changed in launchpad: | |
status: | New → Triaged |
importance: | Undecided → High |
tags: | added: code-import |
tags: | added: easy |
description: | updated |
description: | updated |
affects: | launchpad → lp-codeimport |
Changed in lp-codeimport: | |
status: | Triaged → In Progress |
assignee: | nobody → Colin Watson (cjwatson) |
Changed in lp-codeimport: | |
status: | In Progress → Fix Committed |
summary: |
- LOSA intervention needed to set up code import over empty-password SSH + Manual intervention needed to set up code import over empty-password SSH |
Changed in lp-codeimport: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
It might be enough to run things like this:
ssh -o 'StrictHostKeyC hecking no' -l _anoncvs anoncvs.mirbsd.org
It’s almost certainly possible to create a script like this:
#!/bin/sh hecking no' "$@"
exec /usr/bin/ssh -o 'StrictHostKeyC
… and put it either into the $PATH as ssh, or export CVS_RSH= /path/to/ this/script in order to get the checking done automatically, unless the keys do change.