Update OpenSSH in MozillaBuild
Categories
(Firefox Build System :: MozillaBuild, task)
Tracking
(Not tracked)
People
(Reporter: vlad, Assigned: mhentges)
References
(Regressed 1 open bug)
Details
Attachments
(1 file)
Comment 1•9 years ago
|
||
Comment 2•9 years ago
|
||
Updated•9 years ago
|
Updated•7 years ago
|
Comment 3•6 years ago
|
||
Comment 4•6 years ago
|
||
Comment 5•6 years ago
|
||
Comment 6•6 years ago
|
||
Comment 7•6 years ago
|
||
Comment 8•6 years ago
|
||
Comment 9•4 years ago
|
||
Any update on this?
Comment 10•4 years ago
|
||
(In reply to Adam Gashlin (he/him) [:agashlin] from comment #3)
One reason an update is desirable is to support the new OpenSSH private key
format (generated via ssh-keygen -o), which was introduced in OpenSSH 6.5
and uses a much more secure key derivation mechanism. See [1], which is
titled "The default OpenSSH key encryption is worse than plaintext".[1] https://latacora.singles/2018/08/03/the-default-openssh.html
I've recently generated a new key in Git Bash on Windows, which was in this newer format. And I was getting a rather misleading "Bad passphrase" error when trying to use it within MozillaBuild.
Comment 12•4 years ago
|
||
Can we add C:/Windows/Sysnative/OpenSSH
to the path so that it can be opt-in (since it's only available when enabled as comment #8 says)?
Comment 13•3 years ago
|
||
Note: OpenSSH in the current MozillaBuild package is so old I can't connect to my Fedora 34 system
Comment 14•3 years ago
|
||
(In reply to Kagami :saschanaz from comment #12)
Can we add
C:/Windows/Sysnative/OpenSSH
to the path so that it can be opt-in (since it's only available when enabled as comment #8 says)?
If you are using 64-bit Python, we also need to add C:/Windows/System32/OpenSSH
to the path so that hg can see (because SysNative is only visible to 32-bit executables).
(In reply to Randell Jesup [:jesup] (needinfo me) from comment #13)
Note: OpenSSH in the current MozillaBuild package is so old I can't connect to my Fedora 34 system
You should switch to the SSH provided by Windows by adding /c/Windows/SysNative/OpenSSH and /c/Windows/System32/OpenSSH to your path and removing the ssh binaries in msys. I've been using it for ages and it works great. You may need
Assignee | ||
Comment 15•3 years ago
|
||
This will likely be solved by embracing the SSH provided by Windows itself, rather than shipping a copy.
Assignee | ||
Updated•3 years ago
|
Assignee | ||
Comment 16•3 years ago
|
||
Rather than shipping OpenSSH and manually managing its agent, lean on
Windows' built-in SSH tooling which was released as part of
Windows 10 1809.
Accordingly, since Windows' OpenSSH doesn't read MSYS2's
/etc/ssh_config
, remove it. This should be ok for two reasons:
- Now, we're going to always be using an up-to-date SSH version.
- Modern SSH versions have sufficiently-good defaults.
Note that this means that, for older Windows Server instances, they'll
need to manually install OpenSSH if they need ssh
.
Updated•3 years ago
|
Comment 17•3 years ago
|
||
Pushed by mhentges@mozilla.com:
https://hg.mozilla.org/mozilla-build/rev/0340612f40b2
Use Windows builtin OpenSSH by default r=glandium
Updated•2 years ago
|
Description
•