Just two very simple questions:
1.) Is there a way to restrict the SSH key for git annex by supplying a command= ? Even better, is it also possible to supply a directory in which the repository is? (I do not want chroot - too complicated but a soft check would be sufficient for me).
2.) Can I tell git and git-ssh which pubkey to use WITHOUT changing system-/user wide config (e.g.., .ssh/*)? If it is indeed not possible, what's the best way to do it in Windows?
Thanks!
Yes, use git-annex-shell.
The best way to do this is to use a dummy hostname in the git url for the remote. Then in .ssh/config, you can add a Host stanza that sets the real Hostname and also specifies the IdentityFile to use for that host.
Incidentially, the git-annex webapp takes care of both of these things for you automatically when setting up a remote on a ssh server.
Hey Joey,
Cool, that's great! Thanks!
As for the client side. I assume you probably don't know too much about the git setup on Windows ... but maybe (or someone else has an idea
1.) The ssh client config for git is "c:\Program Files (x86)\Git\etc\ssh\ssh_config" which is very unhandy since it's system wide! If it would at least be in the user profile ... (as mentioned, within the ".git" directory of the repository would be the best)
2.) Even if I create a "Host" and use "IdentityFile", ssh still queries the agent! This is absolutely unwanted and slows down things! I have a particular key "git-annex.key" and only this should be tried - no agent. The reason why the agent is especially problematic for me is that I use a special agent which "locks" itself after some inactivity and requires to re-enter the passwords.
Thank you!
Re the ssh config on Windows, my windows VM has a per-user .ssh/config inside c:\Documents and Settings\$user. This is where the assistant stores configurations so I know it works.
The soution to ssh still trying to use the agent is probably to set "IdentitiesOnly yes" in the stanza for a host. This is what the assistant does, anyway.
Hi Joey,
Sorry that I bother so much with this. Thank you so much for your answer. At least with the command line it works now. I had it in %USERPROFILE%/.ssh/ssh_config (where I think it's supposed to be) rather than %USERPROFILE%/.ssh/config. In this file I have a stanza "Host annex" with Hostname, Port and IdentityFile set. When I call "ssh annex" from the command line everything works. It seems that it also works when I use e.g. "git annex sync" from the command line.
However, if I use the webapp, the daemon.log is full of:
Is it possible that the assistant ignores the ssh config or does something differently?
Thanks again!
After some debugging I found another weird thing which is I think the reason. If I execute git annex get file.jpg
everything works. But if I do
it fails, claiming it can't connect to host "annex". I found that there are 3
git.exe installed. When I choose
it works again. When I use "which git" in cygwin, it also points me to the "cmd/git.exe" version. So I think this is a bug and git annex assistant should call the executeable in "cmd" rather than "bin". Why are there three versions of git.exe at all (one more is in directory libexec/git-core)?
Thanks Joey,
The problem is more that git-annex assistant takes the wrong (which is in "bin" rather than "cmd"). I think this is a bug. Because this way the connection does not work in git-annex assistant the same way it does not work with the version in "bin" ...
I think when git-annex assistant just calls the git.exe from path (which should be cmd/git.exe) then it should work.
Regards Niki
git-annex only ever runs git from PATH; I never hardcode paths to programs.
You can verify this by running it with the --debug flag to see the exact commands it runs.
Hi Joey,
Thanks for taking care about all these Windows troubles (Windows and POSIX is unfortunately a big mess).
I finally found the issue now and maybe the bug is related to msysgit. I guess you don't know too much about it so I will report to the msysgit folks.
However, there is still an (easy to fix) "bug" related to git-annex I think. I shortly describe the issue and a possible fix:
1.) As mentioned above, from the 3 git.exe, only the one in "cmd" should be called! It seems to be a wrapper for the "bin"-version. If the git.exe from "bin" is called something with the environment is wrong (e.g., ssh_config can not be found)
2.) cmd/git.exe is in %PATH% so usually no problem
3.) However, git-annex-autostart.vbs is in "bin" folder. Therefore, when called from there PWD is the "bin" folder and when calling "git.exe" without absolute path, this overwrites %PATH% because it's the current directory (of course, such behavior does not appear on UNIX).
4.) Now the git-annex assistant daemon always calls the wrong git.exe resulting in a broken config
Short term fix for users: Create a shortcut to git-annex-autostart.vbs and change the working directory to anything else
Long term fix for git-annex option 1: Do a chdir in the vbs file before calling git. This is not so good because where to?
Long term fix for git-annex option 2: Just place the vbs files in the parent directory (where "Git Bash.vbs" is). This looks like the cleanest solution to me.
Thank you for taking the time to figure that out!
I agree on moving the .vbs files. I have done so. (Well, you have to run the git-annex-uninstall.exe to remove the old ones, but that shouldn't matter.) Testing of an autobuild would be appreciated.
I seem to have forgotten to follow up here, but I think I fixed this problem some time ago, in 5afc8b28e03f4d242fa81a9a93384714d12d4e5c.