bzr unable to ask password for access over bzr+ssh:// or sftp:// when plink.exe used as SSH client

On 4/19/07, Alexander Belchenko <email address hidden> wrote:
> Public bug reported:
>
> As a rule I use SSH authentication via Open SSH key. I use pageant.exe +plink.exe on win32.
> Today I forgot to load my key to pageant and try to push to bzr+ssh:// location.
> bzr unable to ask my password. On client side I use bzr.exe 0.15 @ win32, on server side I have bzr 0.14 installed @ FreeBSD.

This looks like perhaps the Windows ssh client is trying to read the
passphrase from stdin (connected to bzr) rather than from the tty.

--
Martin

Martin Pool пишет:
> On 4/19/07, Alexander Belchenko <email address hidden> wrote:
>> Public bug reported:
>>
>> As a rule I use SSH authentication via Open SSH key. I use pageant.exe +plink.exe on win32.
>> Today I forgot to load my key to pageant and try to push to bzr+ssh:// location.
>> bzr unable to ask my password. On client side I use bzr.exe 0.15 @ win32, on server side I have bzr 0.14 installed @ FreeBSD.
>
> This looks like perhaps the Windows ssh client is trying to read the
> passphrase from stdin (connected to bzr) rather than from the tty.

I'm also think the same.

[µ]

With sftp:// and plink.exe I have a really big traceback.

bzr arguments: [u'--no-plugins', u'push', u'sftp://bialix@host/~/repo/selftest.win32']
encoding stdout as sys.stdout encoding 'cp866'
ssh implementation is Putty's plink.
Traceback (most recent call last):
  File "C:\Temp\selftest.win32\bzrlib\commands.py", line 638, in run_bzr_catch_errors
    return run_bzr(argv)
  File "C:\Temp\selftest.win32\bzrlib\commands.py", line 600, in run_bzr
    ret = run(*run_argv)
  File "C:\Temp\selftest.win32\bzrlib\commands.py", line 296, in run_argv_aliases
    return self.run(**all_cmd_args)
  File "C:\Temp\selftest.win32\bzrlib\builtins.py", line 707, in run
    to_transport = transport.get_transport(location)
  File "C:\Temp\selftest.win32\bzrlib\transport\__init__.py", line 1050, in get_transport
    t, last_err = _try_transport_factories(base, factory_list)
  File "C:\Temp\selftest.win32\bzrlib\transport\__init__.py", line 1108, in _try_transport_factories
    return factory(base), None
  File "C:\Temp\selftest.win32\bzrlib\transport\__init__.py", line 109, in _loader
    return klass(base)
  File "C:\Temp\selftest.win32\bzrlib\transport\sftp.py", line 224, in __init__
    self._sftp_connect()
  File "C:\Temp\selftest.win32\bzrlib\transport\sftp.py", line 835, in _sftp_connect
    self._password)
  File "C:\Temp\selftest.win32\bzrlib\transport\sftp.py", line 1202, in _sftp_connect
    sftp = _sftp_connect_uncached(host, port, username, password)
  File "C:\Temp\selftest.win32\bzrlib\transport\sftp.py", line 1208, in _sftp_connect_uncached
    sftp = vendor.connect_sftp(username, password, host, port)
  File "C:\Temp\selftest.win32\bzrlib\transport\ssh.py", line 343, in connect_sftp
    return SFTPClient(sock)
  File "C:\Python25\lib\site-packages\paramiko\sftp_client.py", line 87, in __init__
    server_version = self._send_version()
  File "C:\Python25\lib\site-packages\paramiko\sftp.py", line 108, in _send_version
    t, data = self._read_packet()
  File "C:\Python25\lib\site-packages\paramiko\sftp.py", line 183, in _read_packet
    raise SFTPError('Garbage packet received')
SFTPError: Garbage packet received

return code 3

So it's a really problem in code that talk to plink.exe.

I'll look into it. It seems the same problem was with SVN + plink.

Another problem occurs when I first time connects to server:

C:\work\MyCode\intelhex\trunk>bzr push sftp://<email address hidden>/~bialix/intelhex/trunk
The server's host key is not cached in the registry. You
have no guarantee that the server is the computer you
think it is.
The server's rsa2 key fingerprint is:
ssh-rsa 1024 9d:38:3a:63:b1:d5:6f:c4:44:67:53:49:2e:ee:fc:89
If you trust this host, enter "y" to add the key to
PuTTY's cache and carry on connecting.
If you want to carry on connecting just once, without
adding the key to the cache, enter "n".
If you do not trust this host, press Return to abandon the
connection.
Store key in cache? (y/n) Connection abandoned.
bzr: ERROR: Unable to connect to SSH host bazaar.launchpad.net; EOF during negotiation

is this the same as bug 107155?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Martin Pool пишет:
> is this the same as bug 107155?

No, I think it's different.

[µ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGxAnNzYr338mxwCURApeuAJ9ZHBycn+4mxdDBhJb9lGi6yNMMWgCePts3
Le8dnJVEZnAG4ZzPwE2dzNM=
=l4dP
-----END PGP SIGNATURE-----

I think this is a different bug, but arguably it is a bug in plink, not in bzr.

It sounds like the specific issue is that plink is unable to talk to the user when run as a subprocess.

Now, I thought there was a way to tell plink to run a program to ask for a password, rather than asking on stdin. (At least, I know that TortoiseSVN has figured out a way to bring up a dialog for you password.)

So we might look into that, instead of trying to figure out how to parse stdin for a password sometimes, and other times we are only parsing it for our actual data flow.

I think we should disable or remove plink.exe support from bzrlib, because:

a) we have working implementation based on paramiko and I don't think it's awfully slow, so benefits of using plink.exe is not clear for me
b) Dmitry still not working on this bug
c) This bug create bad taste about bzr@win32 ssh/sftp support for newbie

As temporary workaround for this bug I disable auto-detection of plink as SSH vendor. Support for plink is still in bzrlib, but if user want to use it, he should specify it directly via BZR_SSH environment variable (set BZR_SSH=plink).
Change merged as bzr.dev revno 2999.

Sorry for silence, I was busy on my other projects. I was tried to solve the problem but all solutions were over complicated. For example run 'plink.exe -v' and monitor all its input and outputs to catch possible password prompts. But then I've realized that I was tried to solve a wrong problem. Now I think the right problem is not try to redirect all plink's dialogs (for that, I believe, no reliable solution exists) but just print the right error in case of the problem. The attached patch demonstrate the new solution, for the real patch error message need to be updated and some docs added. What do you think about the fix?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dmitry Vasiliev пишет:
| Sorry for silence, I was busy on my other projects. I was tried to solve
| the problem but all solutions were over complicated. For example run
| 'plink.exe -v' and monitor all its input and outputs to catch possible
| password prompts. But then I've realized that I was tried to solve a
| wrong problem. Now I think the right problem is not try to redirect all
| plink's dialogs (for that, I believe, no reliable solution exists) but
| just print the right error in case of the problem. The attached patch
| demonstrate the new solution, for the real patch error message need to
| be updated and some docs added. What do you think about the fix?
|
| ** Attachment added: "Sample solution"
| http://launchpadlibrarian.net/11760547/plink.diff

I'm not quite understand why '-a' option is required?
The crucial part for us is '-batch' flag IIUC.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHp4itzYr338mxwCURAukPAKCJmcViclF77dvG0YRtETdll8gDbgCeMCZh
oia0mKxOrUv2mmbvpYpYJP0=
=2VuP
-----END PGP SIGNATURE-----

'-a' disables agent forwarding and originally copied from OpenSSH vendor where agent forwarding is disabled for security reason, I believe. The patch adds '-batch' option which disables all interactive prompts and just abandon connection in case of a error.

Dmitry Vasiliev пишет:
> '-a' disables agent forwarding and originally copied from OpenSSH vendor
> where agent forwarding is disabled for security reason, I believe.

So pageant will not work with this option? It's not good, IMO.
pageant is very good SSH agent. I dislike the idea to type my password
everytime.

> The
> patch adds '-batch' option which disables all interactive prompts and
> just abandon connection in case of a error.

I think this is crucial part of your patch. +1

Alexander Belchenko wrote:
> Dmitry Vasiliev пишет:
>> '-a' disables agent forwarding and originally copied from OpenSSH vendor
>> where agent forwarding is disabled for security reason, I believe.
>
> So pageant will not work with this option? It's not good, IMO.
> pageant is very good SSH agent.

No. This option disables forwarding of the authentication agent's
connection to the remote machine. Search for 'ssh agent forwarding' for
details.

> I dislike the idea to type my password everytime.

Actually with '-batch' option you never will be prompted for password. :-)

>> The
>> patch adds '-batch' option which disables all interactive prompts and
>> just abandon connection in case of a error.
>
> I think this is crucial part of your patch. +1

Cool. Should some docs will be added, for example 'ssh' topic with
description of Plink's setup for automated connections?

--
Dmitry Vasiliev (dima at hlabs.spb.ru)
   http://hlabs.spb.ru

Dmitry Vasiliev пишет:
> Alexander Belchenko wrote:
>> Dmitry Vasiliev пишет:
>>> '-a' disables agent forwarding and originally copied from OpenSSH vendor
>>> where agent forwarding is disabled for security reason, I believe.
>> So pageant will not work with this option? It's not good, IMO.
>> pageant is very good SSH agent.
>
> No. This option disables forwarding of the authentication agent's
> connection to the remote machine. Search for 'ssh agent forwarding' for
> details.

I found the article: http://mvp.unixwiz.net/techtips/ssh-agent-forwarding.html
IIUC, -a option is acceptable for bzr.

>
>> I dislike the idea to type my password everytime.
>
> Actually with '-batch' option you never will be prompted for password.
> :-)

I mean to type it in the URL: bzr+ssh://user:<email address hidden>/...

>>> The
>>> patch adds '-batch' option which disables all interactive prompts and
>>> just abandon connection in case of a error.
>> I think this is crucial part of your patch. +1
>
> Cool. Should some docs will be added, for example 'ssh' topic with
> description of Plink's setup for automated connections?

More docs is good, so if you have some time please do.
But it's better to `bzr send` your patch to the ML for review
so you can have more comments from other people.

Alexander Belchenko wrote:
> Dmitry Vasiliev пишет:
>> Alexander Belchenko wrote:
>>> I dislike the idea to type my password everytime.
>> Actually with '-batch' option you never will be prompted for password.
>> :-)
> I mean to type it in the URL: bzr+ssh://user:<email address hidden>/...

Ah, not acceptable at all for security reasons, so I even don't think
about this possibility.

>> Cool. Should some docs will be added, for example 'ssh' topic with
>> description of Plink's setup for automated connections?
>
> More docs is good, so if you have some time please do.
> But it's better to `bzr send` your patch to the ML for review
> so you can have more comments from other people.

Ok. Just want some pre-review.

--
Dmitry Vasiliev (dima at hlabs.spb.ru)
   http://hlabs.spb.ru

merged as bzr.dev revno.3232