Repo sync asking multiple times for passphrase?

[Greg Spencer]

Lately whenever I've used "repo sync", it makes me type in my passphrase for the ssh key twice (at the same time!) and the second one comes out cleartext on my terminal. Anyone have an idea why it's asking twice?

-Greg.

[Anush Elangovan(அனுஷ்)]

+dianders who submitted a recent change to repo

> --
> Chromium OS Developers mailing list: chromiu...@chromium.org
> View archives, change email options, or unsubscribe:
> http://groups.google.com/a/chromium.org/group/chromium-os-dev?hl=en
>

[David James]

On Fri, Oct 29, 2010 at 4:24 PM, Greg Spencer <gspe...@chromium.org> wrote:

Lately whenever I've used "repo sync", it makes me type in my passphrase for the ssh key twice (at the same time!) and the second one comes out cleartext on my terminal. Anyone have an idea why it's asking twice?

A few questions:

  1. Did you try setting up your ssh-agent with your password prior to running 'repo sync'? That's what I do, and it works well. (repo never prompts me for a password.)

  2. Are you using 'repo sync -j' ? If so, what happens if you don't use the -j option?

Cheers,

David

[Doug Anderson]

I don't think this is related to my change, but always good to make sure...  

Greg: can you give more details?  Specifically:

1. When did this problem start?
2. Does the problem happen every time you do a repo sync, or just sometimes?
3. Before you had this problem, did it ever ask you for your password when you did a repo sync?  ...on my machine (using keychain as described in getting started guide), I never get asked on repo sync.  I always only get asked upon first login.
4. Did you change your .ssh/config and redo repo init with the "git@" change that I suggested in email (it shouldn't matter, but it's good to know for sure when trying to track down the issue)?
5. Are there any other errors / warnings printed when you do a repo sync?

Thanks!

-Doug

---

2010/10/29 Anush Elangovan(அனுஷ்) <an...@chromium.org>

[Puneet Kumar]

Anush,

I had a similar problem last week that you helped me debug.  I think it had to do with the URLs in the manifests file - it was using ssh instead of http or it was the wrong port/server or some such thing.  Fixing the URL fixed the problem.

Puneet

[Anush Elangovan(அனுஷ்)]

In your case the running a "git config -l" in the .repo/manifests
directory had a pointer to ssh://chromiumos-git instead of
ssh://gitrw.chromium.org:9222

Greg - that would be good command to run in the repo that is
triggering the prompt. You can run "repo sync" with --trace to see
exactly what git command is being run underneath when the prompt
appears.

[Greg Spencer]

OK, here's the output of git config -l:

--

user.name=Greg Spencer

user.email=gspe...@chromium.org

color.ui=auto

core.repositoryformatversion=0

core.filemode=true

remote.cros.url=http://git.chromium.org/git/crosutils.git

remote.cros.review=codereview.chromium.org

remote.cros.projectname=crosutils

remote.cros.fetch=+refs/heads/*:refs/remotes/cros/*

--

 1. Did you try setting up your ssh-agent with your password prior to running 'repo sync'? That's what I do, and it works well. (repo never prompts me for a password.)

I do have ssh-agent set up - it runs as part of my .bash_profile, and has been working fine until now.

 

 2. Are you using 'repo sync -j' ? If so, what happens if you don't use the -j option?

I'm not using 'repo sync -j', just simply "repo sync".

-Greg.

[Nikita Kostylev]

Everytime I get "repo sync" asking for passphrase twice these commands help

eval `ssh-agent`
ssh-add ~/.ssh/chromium

Probably ssh-agent is not configured right for me. From .bashrc

###BEGIN SSH-AGENT ENVIRONMENT SETUP###                                          

# determine if ssh-agent is running properly                                     

 ssh-add -l > /dev/null 2>&1

 if [ $? != 0 ]; then

  export SSH_AGENT_FILE=$HOME/.ssh/agent-stuff.$HOSTNAME

   # Copy the existing agent stuff into the environment                          

  . $SSH_AGENT_FILE

 fi

 # again determine if ssh-agent is running properly                              

 ssh-add -l > /dev/null 2>&1

 if [ $? != 0 ]; then

     # start ssh-agent, and put stuff into the environment                       

   ssh-agent | /bin/grep -v "^echo Agent pid" > $SSH_AGENT_FILE

    . $SSH_AGENT_FILE

  # add your keys to ssh-agent                                                   

  ssh-add

  

  # make sure the chromium key is added

  ssh-add $HOME/.ssh/chromium

 fi

###END SSH-AGENT ENVIRONMENT SETUP ###

--

Chromium OS Developers mailing list: chromiu...@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-os-dev?hl=en

--
Nikita

[Doug Anderson]

Nikita / Greg,

Interesting.  The instructions I have suggest that you should use either ssh-agent or keychain.  I am using keychain and never have problems.  My .bashrc simply contains:

eval `keychain ~/.ssh/chromium`

. ~/.keychain/${HOSTNAME}-sh

I don't have anything about ssh-agent in my .bashrc and never have.  I think keychain worries about all that for me.  Maybe trying that would help you?

-Doug

---

[Greg Spencer]

I'm not sure you need to eval that, you just need to run keychain and source the output file (it doesn't write anything to stdout).

My ssh-agent setup was leftover from working on google3 stuff...

-Greg.

[Greg Spencer]

It looks like the "right" command for keychain is:

eval `keychain --eval ~/.ssh/chromium`

That even gets it down to one line. :)

Note that you probably have to install keychain first with "sudo apt-get install keychain".

Keychain is just a helper for ssh-agent, it doesn't do much more than manage the environment variables.

-Greg.