SFTP Support

classic Classic list List threaded Threaded
30 messages Options
12
Reply | Threaded
Open this post in threaded view
|

SFTP Support

Greg Hellings
The attached patch will introduce support for SFTPSource transports in
the SWORD engine, allowing a user to access remote repositories over
SFTP (which is enabled by default when a user enables SSH).

--Greg

_______________________________________________
sword-devel mailing list: [hidden email]
http://www.crosswire.org/mailman/listinfo/sword-devel
Instructions to unsubscribe/change your settings at above page

sftp_sword_support.patch (2K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: SFTP Support

David "Judah's Shadow" Blue
Greg Hellings <[hidden email]> wrote:
The attached patch will introduce support for SFTPSource transports in
the SWORD engine, allowing a user to access remote repositories over
SFTP (which is enabled by default when a user enables SSH).

--Greg



sword-devel mailing list: [hidden email]
http://www.crosswire.org/mailman/listinfo/sword-devel
Instructions to unsubscribe/change your settings at above page

That would be really helpful especially wrt hostile areas if you are discerning with what repos you trust.
--
Sent from my Android phone with K-9 Mail. Please excuse my brevity.
_______________________________________________
sword-devel mailing list: [hidden email]
http://www.crosswire.org/mailman/listinfo/sword-devel
Instructions to unsubscribe/change your settings at above page
Reply | Threaded
Open this post in threaded view
|

Re: SFTP Support

Peter von Kaehne
On 04/12/12 05:28, David "Judah's Shadow" Blue wrote:
Greg Hellings [hidden email] wrote:
The attached patch will introduce support for SFTPSource transports in
the SWORD engine, allowing a user to access remote repositories over
SFTP (which is enabled by default when a user enables SSH).

This is a brilliant idea, Greg, particularly for having access to private modules on the road.

1) It applies and compiles cleanly
2) installmgr continues to function with the standard protocolls.

Unfortunately when trying to use it I get the (username edited) debug message attached below from installmgr. What I had done is I added a line to my InstallMgr.conf:

SFTPSource=Home|backup|/home/<username>/.sword|||

"backup" is resolved in my /etc/hosts file to my NAS which is accessible via ssh. /home/<username>/.sword is the path from /

Am I doing something wrong or is there something malfunctioning? I tried also <username>@backup as servername
---------------------------------------------------------------------------

netCopy: backup, mods.d.tar.gz, /home/peter//.sword/InstallMgr/backup/mods.d.tar.gz, f,
***** using CURLOPT_FTP_USE_EPRT

***** About to perform curl easy action.

***** destPath: /home/<username>//.sword/InstallMgr/backup/mods.d.tar.gz

***** sourceURL: sftp://backup/home/<username>/.sword/mods.d.tar.gz

CURLFTPTransport: TEXT: Protocol sftp not supported or disabled in libcurl

CURLFTPTransport: TEXT: Unsupported protocol

***** Finished performing curl easy action.

netCopy: failed to get file sftp://backup/home/<username>/.sword/mods.d.tar.gz
netCopy: backup, mods.d, /home/<username>//.sword/InstallMgr/backup/mods.d, t, .conf
NetTransport: getting dir sftp://backup/home/<username>/.sword/mods.d/

***** using CURLOPT_FTP_USE_EPRT

***** About to perform curl easy action.

***** destPath: 

***** sourceURL: sftp://backup/home/<username>/.sword/mods.d/

CURLFTPTransport: TEXT: Protocol sftp not supported or disabled in libcurl

CURLFTPTransport: TEXT: Unsupported protocol

***** Finished performing curl easy action.

FTPURLGetDir: failed to get dir sftp://backup/home/<username>/.sword/mods.d/

NetTransport: failed to read dir sftp://backup/home/<username>/.sword/mods.d/


Error Refreshing Remote Source

-------------------------



_______________________________________________
sword-devel mailing list: [hidden email]
http://www.crosswire.org/mailman/listinfo/sword-devel
Instructions to unsubscribe/change your settings at above page
Reply | Threaded
Open this post in threaded view
|

Re: SFTP Support

Greg Hellings
In reply to this post by David "Judah's Shadow" Blue
It also has the added benefit of being one of the easiest ways for
people to expose their personal repositories to their other devices -
e.g. mobile or simply other remote systems. For myself, I know, SFTP
is the easiest type of remote file access to expose.

Safety of users is what initially prompted someone to ask on IRC about
SFTP/SCP availability (SCP is more difficult as, from what I've read,
it does not provide a straightforward mechanism for giving directory
listings whereas SFTP returns the same listing format as FTP).

Also, this permits entities to expose private repositories to either
internal users or testers. I work on-and-off with a group at Wycliffe
that is required to adhere to strict legal standards with regards to
some of the modules they produce. They have been asking for a way to
securely expose file repositories to members - FTP is not an option
because their IT department will not punch FTP holes in their
firewall, and HTTP/HTTPS authentication is much more tedious to setup.
So when a user asked about SSH-based access and I saw it was trivial
with libcurl I went ahead and implemented it.

If someone with commit privileges to those files could land the patch
or if I could get access to land it, I'd be appreciative.

--Greg

On Mon, Dec 3, 2012 at 11:28 PM, David "Judah's Shadow" Blue
<[hidden email]> wrote:

> Greg Hellings <[hidden email]> wrote:
>>
>> The attached patch will introduce support for SFTPSource transports in
>> the SWORD engine, allowing a user to access remote repositories over
>> SFTP (which is enabled by default when a user enables SSH).
>>
>> --Greg
>>
>> ________________________________
>>
>> sword-devel mailing list: [hidden email]
>> http://www.crosswire.org/mailman/listinfo/sword-devel
>> Instructions to unsubscribe/change your settings at above page
>
>
> That would be really helpful especially wrt hostile areas if you are
> discerning with what repos you trust.
> --
> Sent from my Android phone with K-9 Mail. Please excuse my brevity.
>
> _______________________________________________
> sword-devel mailing list: [hidden email]
> http://www.crosswire.org/mailman/listinfo/sword-devel
> Instructions to unsubscribe/change your settings at above page

_______________________________________________
sword-devel mailing list: [hidden email]
http://www.crosswire.org/mailman/listinfo/sword-devel
Instructions to unsubscribe/change your settings at above page
Reply | Threaded
Open this post in threaded view
|

Re: SFTP Support

David Haslam
Once the patch has been applied, please would you write this up in the developers' wiki.

Thanks.

David
Reply | Threaded
Open this post in threaded view
|

Re: SFTP Support

Greg Hellings
In reply to this post by Peter von Kaehne
Peter,

I see two problems:

1) You need to specify Username and Password in your InstallMgr.conf
file. This is clearly NOT ideal, as the values are stored in plain
text. Alternatively, you can have key-based authentication and just
include the username - but you have to have your keys stored in
~/.ssh/id_dsa and ~/.ssh/id_dsa.pub. These values can be changed, but
doing so was beyond the scope of my initial plan as it would require
additional fields in InstallMgr.conf. For me, that is a bit of an
issue because I use RSA keys, but the problem can be resolved by just
symlinking between id_rsa and id_dsa and their .pub files.

If this becomes a viable option, we might want to consider a
modification to InstallMgr.conf which permits public-key
authentication methods to be specified.

2) Your "CURLFTPTransport: TEXT: Protocol sftp not supported or
disabled in libcurl" debugging output line indicates that, even if you
provide your username/password combination then it wouldn't work as
your build of libcurl was not linked against libssl/libssh. Either you
built it yourself and didn't have the development files for those
libraries installed or your distro does not include those as
build-time dependencies and you should file a packaging bug with your
distribution. In Fedora, the command "ldd /usr/lib64/libcurl.so"
reveals links to libssl.so.10, libssl3.so and libssh2.so.1. I'm
guessing the equivalent ldd for you would show at least libssh2
missing from your libcurl build.

See if getting a properly built libcurl resolves (2) and then we can
see if there are debugging output complaints about (1) that we can
resolve in a secure manner for you without further changes to SWORD -
although I presume we will need to implement such changes if SFTP is
to be supported properly.

--Greg

On Tue, Dec 4, 2012 at 4:13 AM, Peter von Kaehne <[hidden email]> wrote:

> On 04/12/12 05:28, David "Judah's Shadow" Blue wrote:
>
> Greg Hellings <[hidden email]> wrote:
>>
>> The attached patch will introduce support for SFTPSource transports in
>> the SWORD engine, allowing a user to access remote repositories over
>> SFTP (which is enabled by default when a user enables SSH).
>
>
> This is a brilliant idea, Greg, particularly for having access to private
> modules on the road.
>
> 1) It applies and compiles cleanly
> 2) installmgr continues to function with the standard protocolls.
>
> Unfortunately when trying to use it I get the (username edited) debug
> message attached below from installmgr. What I had done is I added a line to
> my InstallMgr.conf:
>
> SFTPSource=Home|backup|/home/<username>/.sword|||
>
> "backup" is resolved in my /etc/hosts file to my NAS which is accessible via
> ssh. /home/<username>/.sword is the path from /
>
> Am I doing something wrong or is there something malfunctioning? I tried
> also <username>@backup as servername
> ---------------------------------------------------------------------------
>
> netCopy: backup, mods.d.tar.gz,
> /home/peter//.sword/InstallMgr/backup/mods.d.tar.gz, f,
> ***** using CURLOPT_FTP_USE_EPRT
>
> ***** About to perform curl easy action.
>
> ***** destPath: /home/<username>//.sword/InstallMgr/backup/mods.d.tar.gz
>
> ***** sourceURL: sftp://backup/home/<username>/.sword/mods.d.tar.gz
>
> CURLFTPTransport: TEXT: Protocol sftp not supported or disabled in libcurl
>
> CURLFTPTransport: TEXT: Unsupported protocol
>
> ***** Finished performing curl easy action.
>
> netCopy: failed to get file
> sftp://backup/home/<username>/.sword/mods.d.tar.gz
> netCopy: backup, mods.d, /home/<username>//.sword/InstallMgr/backup/mods.d,
> t, .conf
> NetTransport: getting dir sftp://backup/home/<username>/.sword/mods.d/
>
> ***** using CURLOPT_FTP_USE_EPRT
>
> ***** About to perform curl easy action.
>
> ***** destPath:
>
> ***** sourceURL: sftp://backup/home/<username>/.sword/mods.d/
>
> CURLFTPTransport: TEXT: Protocol sftp not supported or disabled in libcurl
>
> CURLFTPTransport: TEXT: Unsupported protocol
>
> ***** Finished performing curl easy action.
>
> FTPURLGetDir: failed to get dir sftp://backup/home/<username>/.sword/mods.d/
>
> NetTransport: failed to read dir
> sftp://backup/home/<username>/.sword/mods.d/
>
>
> Error Refreshing Remote Source
>
> -------------------------
>
>
>
> _______________________________________________
> sword-devel mailing list: [hidden email]
> http://www.crosswire.org/mailman/listinfo/sword-devel
> Instructions to unsubscribe/change your settings at above page

_______________________________________________
sword-devel mailing list: [hidden email]
http://www.crosswire.org/mailman/listinfo/sword-devel
Instructions to unsubscribe/change your settings at above page
Reply | Threaded
Open this post in threaded view
|

Re: SFTP Support

Peter von Kaehne
On 04/12/12 16:43, Greg Hellings wrote:
>  or your distro does not include those as
> build-time dependencies and you should file a packaging bug with your
> distribution.

Indeed. But not a bug, but a conscious decision!

https://bugs.launchpad.net/ubuntu/+source/curl/+bug/175891

This is so annoying.

In essence it does not work on Ubuntu (and maybe Debian) and it will not
work in future - unless one builts their own libcurl.

Peter

_______________________________________________
sword-devel mailing list: [hidden email]
http://www.crosswire.org/mailman/listinfo/sword-devel
Instructions to unsubscribe/change your settings at above page
Reply | Threaded
Open this post in threaded view
|

Re: SFTP Support

Peter von Kaehne
On 04/12/12 17:04, Peter von Kaehne wrote:
> In essence it does not work on Ubuntu (and maybe Debian) and it will
> not work in future - unless one builts their own libcurl. Peter

I am trying this right now out. But it is a major undertaking to build -
takes a long time so far on a perfectly well specced laptop with c2d,
4gb ram, a nice ssd.

I presume, if this gets properly added, it requires a buildtime check
for presence of libssh and libcurl ability to use it. Otherwise we are
in a world of pain with bug reports for which there is no reason.

Peter

_______________________________________________
sword-devel mailing list: [hidden email]
http://www.crosswire.org/mailman/listinfo/sword-devel
Instructions to unsubscribe/change your settings at above page
Reply | Threaded
Open this post in threaded view
|

Re: SFTP Support

Greg Hellings
In reply to this post by Peter von Kaehne

I would still call that a bug. :)

Alternatively, have you installed the libcurl-ssl-dev package? That might have what you need. But I wouldn't hold my breath.

--Greg

On Dec 4, 2012 11:06 AM, "Peter von Kaehne" <[hidden email]> wrote:
On 04/12/12 16:43, Greg Hellings wrote:
>  or your distro does not include those as
> build-time dependencies and you should file a packaging bug with your
> distribution.

Indeed. But not a bug, but a conscious decision!

https://bugs.launchpad.net/ubuntu/+source/curl/+bug/175891

This is so annoying.

In essence it does not work on Ubuntu (and maybe Debian) and it will not
work in future - unless one builts their own libcurl.

Peter

_______________________________________________
sword-devel mailing list: [hidden email]
http://www.crosswire.org/mailman/listinfo/sword-devel
Instructions to unsubscribe/change your settings at above page

_______________________________________________
sword-devel mailing list: [hidden email]
http://www.crosswire.org/mailman/listinfo/sword-devel
Instructions to unsubscribe/change your settings at above page
Reply | Threaded
Open this post in threaded view
|

Re: SFTP Support

Greg Hellings
In reply to this post by Peter von Kaehne

You shouldn't need to compile anything more than libcurl, which I thought to be a relatively small library.

--Greg

On Dec 4, 2012 1:29 PM, "Peter von Kaehne" <[hidden email]> wrote:
On 04/12/12 17:04, Peter von Kaehne wrote:
> In essence it does not work on Ubuntu (and maybe Debian) and it will
> not work in future - unless one builts their own libcurl. Peter

I am trying this right now out. But it is a major undertaking to build -
takes a long time so far on a perfectly well specced laptop with c2d,
4gb ram, a nice ssd.

I presume, if this gets properly added, it requires a buildtime check
for presence of libssh and libcurl ability to use it. Otherwise we are
in a world of pain with bug reports for which there is no reason.

Peter

_______________________________________________
sword-devel mailing list: [hidden email]
http://www.crosswire.org/mailman/listinfo/sword-devel
Instructions to unsubscribe/change your settings at above page

_______________________________________________
sword-devel mailing list: [hidden email]
http://www.crosswire.org/mailman/listinfo/sword-devel
Instructions to unsubscribe/change your settings at above page
Reply | Threaded
Open this post in threaded view
|

Re: SFTP Support

Greg Hellings
From the other thread, Troy writes:
"I have been following the discussion on the SFTP patch and hadn't
seen it come to a conclusion yet regarding what might be necessary to
detect SSL support in cURL. I don't feel I've been negligent with
this."

I guess we had a chicken/egg type problem because I was waiting to
hear back from Peter on his success and you on what you thought of it
before going further.

From what I have seen and read on libcurl - which has not yet been
complete - seems to indicate that there is no build-time way to know
if the library has SSH support enabled. This seems incredible to me,
so I'm going to press on with getting a firm answer to that. At
runtime the library handles transports that it doesn't support and
transports it was optionally compiled without identically - by issuing
a general statement to the user that no such transport is available.
Peter's initial response includes that line in the output of
installmgr: "CURLFTPTransport: TEXT: Protocol sftp not supported or
disabled in libcurl".

I'm presuming SWORD already has handling for such an error? Obviously
installmgr prints the error to stdout/stderr. But it seems like that's
the only real way to determine. If we wanted to, we could probably try
to run a test at configure-time for that, but I know I would freak out
if I was configuring a library to build and received a message from my
firewall that it was trying to connect out to the network.

I suppose, if there's no indication at build-time, that there will be
no way for us to know if support is available other than this error.

--Greg

On Tue, Dec 4, 2012 at 1:45 PM, Greg Hellings <[hidden email]> wrote:

> You shouldn't need to compile anything more than libcurl, which I thought to
> be a relatively small library.
>
> --Greg
>
> On Dec 4, 2012 1:29 PM, "Peter von Kaehne" <[hidden email]> wrote:
>>
>> On 04/12/12 17:04, Peter von Kaehne wrote:
>> > In essence it does not work on Ubuntu (and maybe Debian) and it will
>> > not work in future - unless one builts their own libcurl. Peter
>>
>> I am trying this right now out. But it is a major undertaking to build -
>> takes a long time so far on a perfectly well specced laptop with c2d,
>> 4gb ram, a nice ssd.
>>
>> I presume, if this gets properly added, it requires a buildtime check
>> for presence of libssh and libcurl ability to use it. Otherwise we are
>> in a world of pain with bug reports for which there is no reason.
>>
>> Peter
>>
>> _______________________________________________
>> sword-devel mailing list: [hidden email]
>> http://www.crosswire.org/mailman/listinfo/sword-devel
>> Instructions to unsubscribe/change your settings at above page

_______________________________________________
sword-devel mailing list: [hidden email]
http://www.crosswire.org/mailman/listinfo/sword-devel
Instructions to unsubscribe/change your settings at above page
Reply | Threaded
Open this post in threaded view
|

Re: SFTP Support

Peter von Kaehne
Hi Greg,

On Tue, 2012-12-18 at 07:47 -0600, Greg Hellings wrote:
> From the other thread, Troy writes:
> "I have been following the discussion on the SFTP patch and hadn't
> seen it come to a conclusion yet regarding what might be necessary to
> detect SSL support in cURL. I don't feel I've been negligent with
> this."
>
> I guess we had a chicken/egg type problem because I was waiting to
> hear back from Peter on his success and you on what you thought of it
> before going further.

Apologies. It still fails, but in a "better" way than before.

I have compiled libcurl on Ubuntu from source, enabling ssh and sftp.

I had no joy with putting a password anywhere where it made sense.

It clearly tries to connect with the help of a public key, but there
appears to be some confusion as I am getting error messages that my
user name and my key do not fit together.

I can ssh into the same server with a key no problem

Peter



CURLFTPTransport: TEXT: SSH authentication methods available:
publickey,password

CURLFTPTransport: TEXT: Using ssh public key
file /home/<username>/.ssh/<my_key>.pub

CURLFTPTransport: TEXT: Using ssh private key
file /home/<username>/.ssh/<my_key>

CURLFTPTransport report progress: totalSize: 0; xfered: 0

CURLFTPTransport: TEXT: SSH public key authentication failed:
Username/PublicKey combination invalid




_______________________________________________
sword-devel mailing list: [hidden email]
http://www.crosswire.org/mailman/listinfo/sword-devel
Instructions to unsubscribe/change your settings at above page
Reply | Threaded
Open this post in threaded view
|

Re: SFTP Support

Greg Hellings
On Tue, Dec 18, 2012 at 10:31 AM, Peter von Kaehne <[hidden email]> wrote:

> Hi Greg,
>
> On Tue, 2012-12-18 at 07:47 -0600, Greg Hellings wrote:
>> From the other thread, Troy writes:
>> "I have been following the discussion on the SFTP patch and hadn't
>> seen it come to a conclusion yet regarding what might be necessary to
>> detect SSL support in cURL. I don't feel I've been negligent with
>> this."
>>
>> I guess we had a chicken/egg type problem because I was waiting to
>> hear back from Peter on his success and you on what you thought of it
>> before going further.
>
> Apologies. It still fails, but in a "better" way than before.
>
> I have compiled libcurl on Ubuntu from source, enabling ssh and sftp.
>
> I had no joy with putting a password anywhere where it made sense.

Your line in InstallMgr.conf should look like this if you want to use
password authentication:
SFTPSource=Home|domain.com|/home/username/.sword|username|password|20121203172011

>
> It clearly tries to connect with the help of a public key, but there
> appears to be some confusion as I am getting error messages that my
> user name and my key do not fit together.

It probably isn't picking up the username from your conf file
properly. It likely is defaulting to user 'anonymous' or somesuch in
that case (or maybe the current user on your local machine, which is
what OpenSSH defaults to - this often trips me up because I use 'greg'
on all my personal machines but I'm usually 'ghellings' at work or on
public systems). You can modify the line above by taking out the
'password' field and leaving the space between those two pipes blank.
That should do the public key auth if you provide it the password
entry at least.

--Greg

>
> I can ssh into the same server with a key no problem
>
> Peter
>
>
>
> CURLFTPTransport: TEXT: SSH authentication methods available:
> publickey,password
>
> CURLFTPTransport: TEXT: Using ssh public key
> file /home/<username>/.ssh/<my_key>.pub
>
> CURLFTPTransport: TEXT: Using ssh private key
> file /home/<username>/.ssh/<my_key>
>
> CURLFTPTransport report progress: totalSize: 0; xfered: 0
>
> CURLFTPTransport: TEXT: SSH public key authentication failed:
> Username/PublicKey combination invalid
>
>
>
>
> _______________________________________________
> sword-devel mailing list: [hidden email]
> http://www.crosswire.org/mailman/listinfo/sword-devel
> Instructions to unsubscribe/change your settings at above page

_______________________________________________
sword-devel mailing list: [hidden email]
http://www.crosswire.org/mailman/listinfo/sword-devel
Instructions to unsubscribe/change your settings at above page
Reply | Threaded
Open this post in threaded view
|

Re: SFTP Support

Peter von Kaehne
On Tue, 2012-12-18 at 10:40 -0600, Greg Hellings wrote:

> SFTPSource=Home|domain.com|/home/username/.sword|username|password|20121203172011

Ok, this works perfectly

I also tried downloading a module via Xiphos - which works fine too.

So, in summary - if Debian and Ubuntu would allow ssh on libcurl sftp
could be used. I am not going to pin my current home made curl install,
but will probably allow it to be overtaken by updates, but it is
certainly a good addition for those with ssh.

Peter


_______________________________________________
sword-devel mailing list: [hidden email]
http://www.crosswire.org/mailman/listinfo/sword-devel
Instructions to unsubscribe/change your settings at above page
Reply | Threaded
Open this post in threaded view
|

Re: SFTP Support

David Haslam
A summary of SFTP module installation would be a useful addition to the wiki.

Please would one of you condense the details and post a suitable section the most relevant wiki page.

Thanks.

David
Reply | Threaded
Open this post in threaded view
|

Re: SFTP Support

Greg Hellings

If this gets approved and submitted, then yes. Otherwise, there is no point.

--Greg

On Dec 19, 2012 4:12 AM, "David Haslam" <[hidden email]> wrote:
A summary of SFTP module installation would be a useful addition to the wiki.

Please would one of you condense the details and post a suitable section the
most relevant wiki page.

/Thanks/.

David



--
View this message in context: http://sword-dev.350566.n4.nabble.com/SFTP-Support-tp4651358p4651440.html
Sent from the SWORD Dev mailing list archive at Nabble.com.

_______________________________________________
sword-devel mailing list: [hidden email]
http://www.crosswire.org/mailman/listinfo/sword-devel
Instructions to unsubscribe/change your settings at above page

_______________________________________________
sword-devel mailing list: [hidden email]
http://www.crosswire.org/mailman/listinfo/sword-devel
Instructions to unsubscribe/change your settings at above page
Reply | Threaded
Open this post in threaded view
|

Re: SFTP Support

Andrew T.
With respect to using username/password combinations in InstallMgr.conf can it not be made such that InstallMgr.con uses an environment variable (which can be set and unset to use password), an ssh key (such as a public key as in key exchange based logins), or some other method such as having the .conf encrypted?

I likewise agree, storing passwords in a flat text file is a bad idea, which should really be a thing we've moved beyond.

~A

On Wednesday, December 19, 2012, Greg Hellings wrote:

If this gets approved and submitted, then yes. Otherwise, there is no point.

--Greg

On Dec 19, 2012 4:12 AM, "David Haslam" <<a href="javascript:_e({}, &#39;cvml&#39;, &#39;dfhmch@googlemail.com&#39;);" target="_blank">dfhmch@...> wrote:
A summary of SFTP module installation would be a useful addition to the wiki.

Please would one of you condense the details and post a suitable section the
most relevant wiki page.

/Thanks/.

David



--
View this message in context: http://sword-dev.350566.n4.nabble.com/SFTP-Support-tp4651358p4651440.html
Sent from the SWORD Dev mailing list archive at Nabble.com.

_______________________________________________
sword-devel mailing list: <a href="javascript:_e({}, &#39;cvml&#39;, &#39;sword-devel@crosswire.org&#39;);" target="_blank">sword-devel@...
http://www.crosswire.org/mailman/listinfo/sword-devel
Instructions to unsubscribe/change your settings at above page

_______________________________________________
sword-devel mailing list: [hidden email]
http://www.crosswire.org/mailman/listinfo/sword-devel
Instructions to unsubscribe/change your settings at above page
Reply | Threaded
Open this post in threaded view
|

Re: SFTP Support

Troy A. Griffitts
In reply to this post by Greg Hellings
So guys.  What's the status on this one?  Last I heard, we might want to add libcurl ssh detection to prevent a flurry of support emails.  Should I commit as-is, or would you like more time to experiment with and add detection?

Troy

On 12/19/2012 05:07 AM, Greg Hellings wrote:

If this gets approved and submitted, then yes. Otherwise, there is no point.

--Greg

On Dec 19, 2012 4:12 AM, "David Haslam" <[hidden email]> wrote:
A summary of SFTP module installation would be a useful addition to the wiki.

Please would one of you condense the details and post a suitable section the
most relevant wiki page.

/Thanks/.

David



--
View this message in context: http://sword-dev.350566.n4.nabble.com/SFTP-Support-tp4651358p4651440.html
Sent from the SWORD Dev mailing list archive at Nabble.com.

_______________________________________________
sword-devel mailing list: [hidden email]
http://www.crosswire.org/mailman/listinfo/sword-devel
Instructions to unsubscribe/change your settings at above page


_______________________________________________
sword-devel mailing list: [hidden email]
http://www.crosswire.org/mailman/listinfo/sword-devel
Instructions to unsubscribe/change your settings at above page


_______________________________________________
sword-devel mailing list: [hidden email]
http://www.crosswire.org/mailman/listinfo/sword-devel
Instructions to unsubscribe/change your settings at above page
Reply | Threaded
Open this post in threaded view
|

Re: SFTP Support

Greg Hellings
Troy,

I've trawled through the curl header files and have found no mechanism
to determine if SSH is enabled for a build with it already enabled.
The libcurl docs I've read have said, regarding the ambiguous message
Peter received (stating that support is "either" disabled or
unavailable) that there is no way to determine if this message results
from libcurl not supporting a protocol or from it being disabled at
libcurl's compile time.

Taking that together, unless someone on Debian can locate a variable
in curl header file indicating SSH_SUPPORT_DISABLED or something
equivalent then I would say there is no way to positively determine at
compile time if SFTP support should be included. So it would seem like
we can't do any better than this patch unless we actually attempt to
compile and run a sample file against libcurl that connects out to
SFTP. But I know relying on this is terrible for cross-compiling and
lots of build systems are setup to disallow network traffic, so this
method may not be very robust.

On a related note, I have a colleague who is actively pursuing
resolution of the outstanding Debian issues to enable libssh2 to be
admitted to Debian's "main" repository, which is the blocking bug
preventing the Debian-family of distros from having SFTP support in
libcurl. So hopefully that issue is resolved in that universe soon.

Unless new details come up, it seems we will either have to just leave
out SFTP support for being unable to determine its availability or let
libcurl fail in its own ways if it lacks it and blindly pass off
control to it. You'll have to make a determination of which one you
prefer.

There are other architectural changes to the way InstallMgr works that
could also be added to enhance the user experience - allowing them to
specify a public key instead of a password (libcurl defaults to
looking at ~/.ssh/id_rsa.pub when traversing SFTP which is a problem
for us DSA key users or anyone storing their key in a non-standard
location) and/or not storing passwords in plaintext in InstallMgr.conf
which are outside of the purview of this patch.

--Greg

On Sat, Dec 22, 2012 at 1:23 PM, Troy A. Griffitts <[hidden email]> wrote:

> So guys.  What's the status on this one?  Last I heard, we might want to add
> libcurl ssh detection to prevent a flurry of support emails.  Should I
> commit as-is, or would you like more time to experiment with and add
> detection?
>
> Troy
>
>
> On 12/19/2012 05:07 AM, Greg Hellings wrote:
>
> If this gets approved and submitted, then yes. Otherwise, there is no point.
>
> --Greg
>
> On Dec 19, 2012 4:12 AM, "David Haslam" <[hidden email]> wrote:
>>
>> A summary of SFTP module installation would be a useful addition to the
>> wiki.
>>
>> Please would one of you condense the details and post a suitable section
>> the
>> most relevant wiki page.
>>
>> /Thanks/.
>>
>> David
>>
>>
>>
>> --
>> View this message in context:
>> http://sword-dev.350566.n4.nabble.com/SFTP-Support-tp4651358p4651440.html
>> Sent from the SWORD Dev mailing list archive at Nabble.com.
>>
>> _______________________________________________
>> sword-devel mailing list: [hidden email]
>> http://www.crosswire.org/mailman/listinfo/sword-devel
>> Instructions to unsubscribe/change your settings at above page
>
>
>
> _______________________________________________
> sword-devel mailing list: [hidden email]
> http://www.crosswire.org/mailman/listinfo/sword-devel
> Instructions to unsubscribe/change your settings at above page
>
>
>
> _______________________________________________
> sword-devel mailing list: [hidden email]
> http://www.crosswire.org/mailman/listinfo/sword-devel
> Instructions to unsubscribe/change your settings at above page

_______________________________________________
sword-devel mailing list: [hidden email]
http://www.crosswire.org/mailman/listinfo/sword-devel
Instructions to unsubscribe/change your settings at above page
Reply | Threaded
Open this post in threaded view
|

Re: SFTP Support

Troy A. Griffitts
In reply to this post by Greg Hellings
Dear Greg,

Looking to apply this SFTP patch, could you give me some background as to why the check to ignore across all transports for '.' and '..'?

Thanks,

Troy



On 12/03/2012 04:06 PM, Greg Hellings wrote:
The attached patch will introduce support for SFTPSource transports in
the SWORD engine, allowing a user to access remote repositories over
SFTP (which is enabled by default when a user enables SSH).

--Greg


_______________________________________________
sword-devel mailing list: [hidden email]
http://www.crosswire.org/mailman/listinfo/sword-devel
Instructions to unsubscribe/change your settings at above page


_______________________________________________
sword-devel mailing list: [hidden email]
http://www.crosswire.org/mailman/listinfo/sword-devel
Instructions to unsubscribe/change your settings at above page
12