Re: [PATCH v6 3/9] ssh signing: retrieve a default key from ssh-agent

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 29.07.21 21:09, Josh Steadmon wrote:
On 2021.07.29 10:59, Fabian Stelzer wrote:
On 29.07.21 00:48, Jonathan Tan wrote:
if user.signingkey is not set and a ssh signature is requested we call
ssh-add -L and use the first key we get

[snip]

Could the commit message have a better explanation of why we need this?
(Also, I would think that the command being run needs to be configurable
instead of being just the first "ssh-add" in $PATH, and the parsing of
the output should be more rigorous. But this is moot if we don't need
this feature in the first place.)


How about:
If user.signingkey ist not set and a ssh signature is requested we call
ssh-add -L und use the first key we get. This enables us to activate commit
signing globally for all users on a shared server when ssh-agent forwarding
is already in use without the need to touch an individual users gitconfig.

Maybe a general gpg.ssh.signingKeyDefaultCommand that we call and use the
first returned line as key would be useful and achieve the same goal without
having this default for everyone.
On the other hand i like having less configuration / good defaults for
individual users. But I'm coming from a corporate environment, not an open
source project.

Doesn't this run the risk of using the wrong key (and potentially
exposing someone's identity)? On my work machine, my corporate SSH key
is not actually the first key in my SSH agent.

Rather than making this behavior the default, could it instead be
enabled only if the signing key is set to "use-ssh-agent" or something
similar?


If we introduce a signingKeyDefaultComand we don't need the "use-ssh-agent" flag.

If user.signingkey is set it is used no matter what. A private key needs to be available either in the specified file or via ssh agent.

If it is not set then an automatic way to get a default key would be great.
So if we set signingKeyDefaultCommand to "ssh-add" (or a script returning a key) then the first available key could be used. If this variable is unset and no user.signingkey is specified we fail and tell the user to set a signingkey.

If this variable is set to "ssh-add" by default or unset and needs to be
set explicitly set to have an automatic default key can be decided.



[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux