Add DSAAuthentication to synced_folders/rsync & add PubkeyAuthentication #12759
Conversation
|
|
|
Not sure if adding PubkeyAuthentication to all ssh clients is ok or if I need to do something special for solaris or other oses. Also I'm expecting tests to fail atm, wanted to get this out first. |
mmlb
force-pushed
the
fix-ssh-and-rsync-when-pubkeyauthentication=no
branch
from
c626649 to
5c48cd5
Compare
|
ping @mitchellh @briancain @chrisroberts (according to git-blame&git-log) |
mmlb
force-pushed
the
fix-ssh-and-rsync-when-pubkeyauthentication=no
branch
from
5c48cd5 to
1031faf
Compare
|
Hi @mmlb! I've just merged in #13048, which modified 120 MDX files and added a new workflow that would be good to have run on this PR. Since this is from a fork, I'm not sure I have permissions to rebase on |
I kept having `rsync` prompt for vagrant users' password, but `ssh` never did. I tracked it down to my default ssh config having PubkeyAuthentication=no by default. The `ssh` builtin doesn't get stuck because it provides `DSAAuthentication=yes` by default which is treated as an alias to PubkeyAuthentication since openssh-2.5.1p1. Fixes hashicorp#8183
And mark DSAAuthentication as deprecated. PubkeyAuthentication was introduced in OpenSSH 2.5.1p1 (2001-02-19) as a replacement for DSAAuthentication, current documentation does not mention DSAAuthentication which makes debugging issues harder than necessary.
mmlb
force-pushed
the
fix-ssh-and-rsync-when-pubkeyauthentication=no
branch
from
1031faf to
21146f7
Compare
|
Hi @ashleemboyer I've rebased ontop of latest main and pushed, PTAL. I'd appreciate getting this over the wall and done! |
|
Also fyi @ashleemboyer it looks like those mdx link-checker checks are making assumptions that the PRs are always originating from this repo and not from forks. I've been notified that they failed on my fork/branch :( . |
|
I do not agree to license this change under the current vagrant license there for I am closing this PR. |
This adds the DSAAuthentication=yes option to rsync's rsh command when appropriate, just like done in ssh. This should fix #8183.
I've also added support for PubkeyAuthentication as its been around for 20 years now and replaces DSAAuthentication. This is most beneficial when trying to debug ssh connection issues and searching for DSAAuthentication turns up very little information.