When SSH commands and other tools using SSH are automated, they expect RSA keys to be set up for automatic authentication. In some cases, this is not possible. We should have a way to pass passwords along to an SSH command without prompting the user.
<rdar://problem/30518544>
Created attachment 301534 [details] Patch
(In reply to comment #0) > When SSH commands and other tools using SSH are automated, they expect RSA > keys to be set up for automatic authentication. In some cases, this is not > possible. Can you elaborate why this is not possible?
Comment on attachment 301534 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=301534&action=review This is not the correct approach. > Tools/Scripts/command-with-password:29 > +set password [lindex $argv 0] > +set cmd [lrange $argv 1 end] It is not good security practice to pass a password as a command line argument. It makes the password observable to all users on the system.
Comment on attachment 301534 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=301534&action=review > Tools/Scripts/command-with-password:33 > + expect "Are you sure you want to continue connecting (yes/no)" { This makes the script specific to ssh and related tools, so the current name is too generic. Also, ideally we would use an ssh option to disable the check.
Just a quick note about the choice of an expect script here: The only other possible solution that I am aware of would be Fabric, and since I have not actually attempted to implement the Fabric version of this, I can't say definitively that Fabric would achieve our goals here. Even if Fabric is a possible solution, that would be a pretty large dependency, comparatively. We currently use Fabric on our bots, but it is not a required dependency locally.
The method for doing this has changed. This patch no longer applies.