SshCredentials API implementation

[Therzok]

So, this revolves around implementing SSH interactive only, right?

[nulltoken]

Being not a Ssh expert, @carlosmn would you please jump in on this one please?

/cc @ethomson

[ethomson]

I'm not sure. It seems like it would still be very useful to bind up git_cred_ssh_key_new and git_cred_ssh_key_from_agent, wouldn't it?

(I can see punting on git_cred_ssh_custom_new and waiting until somebody needs that, but creating an SSH connection from an ssh-agent session seems pretty useful.)

[carlosmn]

Is this about talking about what we need or about implementing it?

For user/pass, it's exactly the same as what we already have. ssh/libssh2 also has a method called 'keyboard-interactive' which allows you to invert the control flow and have the library call you as long as you don't input the right password. I guess we can implement that too.

For keypairs, we would need something similar to what we do in C, a type whose constructor takes in a username, the paths of a keypair and a passphrase for said keypair, and make that function we call internally call git_cred_ssh_key(). The trick here is that you only sometimes need the path for the keypair. For an openssl-backed libssh2 you only need to pass in one of them and it will autoguess the other one. I do not know what happens for a WinCNG-backed version. But it's never wrong to pass in/ask for both.

Let's not implement git_cred_ssh_custom_new, because seriously.

The agent bit would be useful if you actually have an agent, which would be true on the unices but probably less so on Windows.

There is an extra complication on Windows, which is that people there seem to like using PuTTY for ssh, but libssh2 only deals with openssh-style keys, so I don't know if we can interact with that (the thing to do with git proper is to set your GIT_SSH to putty, but that's not something we can do).

[carlosmn]

The one big missing thing is reading the user's ssh config and acting on it, but there's only so many yaks we can shave.

[Therzok]

I'm getting at the bottom of this. Even though it will be disabled for most users (since we're not building with libssh2), I really need it on MonoDevelop. Will push a branch soon for review.

[carlosmn]

@Therzok FYI we just merged something which adds a credential type USERNAME which is used to ask for the username you intend to use so we can ask the host about the authentication methods it supports.

[rhuijben]

@carlosmn Libssh2 contains some code to support the PuTTY pageant agent on Windows.

[carlosmn]

libgit2sharp has support for ssh "certs" and credentials; the shipped libgit2 doesn't due to us not being willing to ship crypto third-party crypto libraries but that's a different issue.