Community
Participate
Working Groups
Build ID: 3.4.1 M20080911-1700 I have a ssh-agent running on my desktop so that I don't have to provide my passphrase when logging onto to remote hosts. It would be great if the ssh/RSE supported ssh-agent based authorization so that I don't have to provide passphrase whenever eclipse is restarted
What kind of ssh-agent do you use? Pageant which is related to putty? The problem is, that in Eclipse / RSE we use the Java SSH library (JSch), which I think does not support agent-based authentication. Note that for RSE 3.1 we plan to adopt Equinox Secure Storage, so saving your password inside Eclipse/RSE should be safe (and encrypted with your Windows logon credentials).
I am using openssh based ssh-agent on linux platform. I don't have a ssh-agent setup for my windows m/c.
See also bug 179924 for a similar discussion to support ssh-agent for CVS extssh. The problems, basically, are: * Various ssh agents are tightly coupled to their commandline counterparts (openSSH commandline / pageant for puTTY). The way they communicate with the agent is not specified as API, and not easily accessible from Java. One way out of this would be to use drive the external commandline tools (openssh, plink) instead of using the pure Java JSch interface for SSH communications. This would also fix bug 210227. The other option is to add the required communication facilities (UNIX domain sockets, win32 messages). If anybody is willing to contribute code along these lines, please file a new enhancement request with your specific suggestion, or contribute via bug 179924. The core TM/RSE committer team currently doesn't have resources to work on this. For TM/RSE, I think the better "workaround" is to stay with the JSch library and use passphrase caching / Equinox Secure Storage to make sure that the passphrase needs to be entered only once per session. If you agree, please file an enhancement request requesting exactly this. I'm thus closing this WONTFIX with a dependency on bug 179924 to reconsider in case bug 179924 gets addressed by the Platform.
I checked, and the passphrase is apparently always cached inside JSch - the key remains open once it was opened with the passphrase. So, after entering the passphrase just once (e.g. for CVS), it'll be used consistently across the Eclipse session including TM Terminal and RSE. One side-effect of this is that when changing any Preferences related to key management (such as the names of keys to use, or the passphrase encrypting them), this has no effect on the open session -- it'll continue re-using the key that it has opened already until Eclipse is quit and restarted. That being said, I think that the need for using an ssh-agent is minimal, and could be made totally unneeded if Equinox Secure Storage can be used to cache the passphrase.
See also bug 261740 comment 5
Saving passphrase in Equinox security storage should work for me and ssh-agent will not be needed.
FYI, in case you are interested in an Eclipse-integrated Terminal, this is possible with the upcoming TM 3.2 (Helios) release. See https://bugs.eclipse.org/bugs/show_bug.cgi?id=314827 for details. At the moment, this only works for Terminals but not RSE (remote file) connections, but I would like to solicit opinions about the feature.