Branch: refs/heads/master Home: https://github.com/openSUSE/osc Commit: 870d861b61aeb07af8eb33b034819138a6b8d847 https://github.com/openSUSE/osc/commit/870d861b61aeb07af8eb33b034819138a6b8d... Author: Martin Wilck <mwilck@suse.com> Date: 2022-07-11 (Mon, 11 Jul 2022) Changed paths: M osc/conf.py Log Message: ----------- ssh: recognize gpg keys (yubikey usage) When using ssh keys from gpg, there are no private key files on disk. The public keys are available from "ssh-add -L". Conveniently, users store the public keys in some ".pub" file under ~/.ssh (see e.g. https://serverfault.com/questions/906871/force-the-use-of-a-gpg-key-as-an-ss...; this is also necessary to use IdentityFile= in ssh itself). Thus public key files can't be ignored any more in list_ssh_dir_keys(). "ssh-keygen -Y sign" works nicely with a public key file if the agent has access to the private key. Commit: a7e5e12c5ad5f165625fda047220c5e5545be363 https://github.com/openSUSE/osc/commit/a7e5e12c5ad5f165625fda047220c5e5545be... Author: Daniel Mach <daniel.mach@suse.com> Date: 2022-07-22 (Fri, 22 Jul 2022) Changed paths: M osc/conf.py Log Message: ----------- Allow users to prefer ssh key over password auth If `sshkey` config option is set, then osc prefers it over password auth. If `sshkey` config option is not set and the server supports both basic and signature auth, basic auth is used and ssh key is NOT auto-detected. Users who want to use ssh auth with ssh key auto-detection can now leave the `pass` config option empty to trigger ssh key auto-detection. The ssh-key autodetection picks the first key that matches: - key loaded to ssh-agent (`ssh-add -l`) that has a public key in ~/.ssh - ~/.ssh/{id_ed25519,id_rsa} It is also recommended to use Obfuscated or Plaintext credentials manager. Please be aware that storing passwords using these credentials managers is unsafe, because they're stored in plain text on disk. Example: [<apiurl>] user=<username> pass= # ssh key is auto-detected because `pass` is empty sshkey= credentials_mgr_class=osc.credentials.ObfuscatedConfigFileCredentialsManager Commit: f83e9a23d56809ff9680225366c25dac8f18bf9e https://github.com/openSUSE/osc/commit/f83e9a23d56809ff9680225366c25dac8f18b... Author: Daniel Mach <daniel.mach@suse.com> Date: 2022-07-25 (Mon, 25 Jul 2022) Changed paths: M osc/conf.py Log Message: ----------- Merge pull request #1074 from dmach/pr1049-v2 RFC: ssh: recognize gpg keys (yubikey usage) Compare: https://github.com/openSUSE/osc/compare/8f12f884c8bd...f83e9a23d568