[darcs-users] ssh path

Yitzchak Gale gale at sefer.org
Thu Nov 22 12:42:21 UTC 2007 

Currently, there is only very limited and buggy
support in Darcs for SSH through a non-standard port.

Limited - because you can only do it by setting
an environment variable, SSH_PORT. Obviously,
you cannot have this set the same way for all
repositories. So you have to use messy shell
hackery, outside of darcs, to get things to work
right.

Buggy - this currently does not work at all on
Windows with the standard Darcs. Some of
the SSH-ish commands supplied by PuTTY
have different option names than the ones
supplied by OpenSSH on other platforms.

You can work around this with a hack by wrapping
the PuTTY commands in something that changes
the option names. But it should be fixed.

And of course, the shell hackery isn't as easily
available on Windows.

In any case, it has become urgent for this feature
to work correctly and conveniently on all platforms.
Unfortunately, on today's Internet any server with
the standard SSH port open gets continuously
hammered by hundreds of botnet zombies that
try to find username/password combinations by
brute force. Disabling password authentication
does not help - the zombies still hammer you.
So you just can't use the standard port anymore.

It would be nice to be able make the port number part
of the server address somehow, but that syntax
is already far too heavily overloaded. Although
there is a standard place to specify it in a URL.

The --ssh-cm option sets precedence for using
darcs options to specify ssh configuration details.
That would work as the next-best thing, since
you can set it on a per-repository basis via
the defaults file.

Finally - although SSH is still widely used and
widely supported, it is officially viewed as
deprecated by the IETF. Like other VCSs,
we should start migrating towards WebDAV
over an encrypted channel.

So, in summary, I am recommending the following,
in decreasing order of urgency:

1. VERY URGENT - Fix SSH port support on
   Windows. Either in darcs itself, or by providing
   wrappers for the PuTTY commands.

2. Urgent - Add an --ssh-port option to darcs
   commands that use SSH, or parse the port
   number in URLs, or both.

3. Important - Add WebDAV support to darcs.

Thanks,
Yitz

More information about the darcs-users mailing list