Activity log for bug #297398

Date Who What changed Old value New value Message
2008-11-12 22:27:13 Robert Collins bug added bug
2008-11-13 14:56:24 Diogo Matsubara launchpad: status New Incomplete
2008-11-13 14:56:24 Diogo Matsubara launchpad: statusexplanation Can you give an example on how this would work?
2008-11-14 00:51:49 Martin Pool description It would be nice to support password authentication for the sftp/bzr+ssh servers on bazaar.launchpad.net. It seems a cause of pain for new users, and we should be able to track door knocking attempts easily enough. It certainly shouldn't be any less secure than the web form which allows password authentication. -Rob affects launchpad -- GPG key available at: <http://www.robertcollins.net/keys.txt>. It would be nice to support password authentication for the sftp/bzr+ssh servers on bazaar.launchpad.net. It seems a cause of pain for new users, and we should be able to track door knocking attempts easily enough. It certainly shouldn't be any less secure than the web form which allows password authentication. -Rob
2008-11-14 00:51:49 Martin Pool title support passphrase authentication for bazaar support password/passphrase authentication for bazaar
2008-11-14 00:57:52 Martin Pool launchpad: status Incomplete Confirmed
2008-11-14 00:57:52 Martin Pool launchpad: bugtargetdisplayname Launchpad itself Launchpad Bazaar Integration
2008-11-14 00:57:52 Martin Pool launchpad: bugtargetname launchpad launchpad-bazaar
2008-11-14 00:57:52 Martin Pool launchpad: statusexplanation Can you give an example on how this would work? example: user runs 'bzr push lp:~johndoe/project/foo' user has no ssh private keys, or none registered with launchpad, or has configured their client to prefer password auth the ssh client negotiates with lp to do password authentication ssh client prompts the user for their password, and sends it across the encrypted channel launchpad checks the password against the database, just as when logging in over https if the password is correct, launchpad allows the user in Since the password is already used over https to _set_ the ssh pubkey, so in that regard the password is equally trusted. However, if there is eg a dns-spoofing attack, and the user connects to a server that's not really launchpad (cf bug 238869), and they don't have keys configured, they will end up giving their password to that site. However, doing key based authentication would be nearly as bad because it allows a mitm attack. A better way to solve this is to make sure users can authenticate the server. For some users it's much easier to type the password every time than to set up a key.
2008-11-14 00:57:52 Martin Pool launchpad: title Bug #297398 in Launchpad itself: "support password/passphrase authentication for bazaar" Bug #297398 in Launchpad Bazaar Integration: "support password/passphrase authentication for bazaar"
2009-02-05 05:45:26 Jonathan Lange launchpad-bazaar: status Confirmed Triaged
2009-02-05 05:45:26 Jonathan Lange launchpad-bazaar: importance Undecided Low
2009-02-05 05:45:26 Jonathan Lange launchpad-bazaar: statusexplanation example: user runs 'bzr push lp:~johndoe/project/foo' user has no ssh private keys, or none registered with launchpad, or has configured their client to prefer password auth the ssh client negotiates with lp to do password authentication ssh client prompts the user for their password, and sends it across the encrypted channel launchpad checks the password against the database, just as when logging in over https if the password is correct, launchpad allows the user in Since the password is already used over https to _set_ the ssh pubkey, so in that regard the password is equally trusted. However, if there is eg a dns-spoofing attack, and the user connects to a server that's not really launchpad (cf bug 238869), and they don't have keys configured, they will end up giving their password to that site. However, doing key based authentication would be nearly as bad because it allows a mitm attack. A better way to solve this is to make sure users can authenticate the server. For some users it's much easier to type the password every time than to set up a key. Very tempted to mark this as wontfix. Requires adding support for password authentication to the SSH server, and adding a new internal RPC method for validating the password.
2010-02-28 22:22:25 Tim Penhey launchpad-code: importance Low Wishlist
2011-01-14 22:42:15 Robert Collins summary support password/passphrase authentication for bazaar using ssh keys to connect to bazaar.launchpad.net confuses uses a great deal
2011-01-14 22:42:19 Robert Collins launchpad: importance Wishlist Low
2011-01-14 22:44:11 Robert Collins description It would be nice to support password authentication for the sftp/bzr+ssh servers on bazaar.launchpad.net. It seems a cause of pain for new users, and we should be able to track door knocking attempts easily enough. It certainly shouldn't be any less secure than the web form which allows password authentication. -Rob Users often have trouble understanding ssh public/private keys, their relationship to bzr, how they work and how to set them up. It seems a particular source of pain for new users. One way to solve this would be an oauth-like, or oauth-based authentication mechanism for bzr. (Perhaps by running against https://bazaar.launchpad.net).
2011-01-14 22:44:19 Robert Collins summary using ssh keys to connect to bazaar.launchpad.net confuses uses a great deal using ssh keys to connect to bazaar.launchpad.net confuses users a great deal
2011-01-14 22:44:26 Robert Collins tags lp-code confusing-ui lp-code
2011-09-28 03:23:59 Martin Pool description Users often have trouble understanding ssh public/private keys, their relationship to bzr, how they work and how to set them up. It seems a particular source of pain for new users. One way to solve this would be an oauth-like, or oauth-based authentication mechanism for bzr. (Perhaps by running against https://bazaar.launchpad.net). Users often have trouble understanding ssh public/private keys, their relationship to bzr, how they work and how to set them up. It seems a particular source of pain for new users. One way to solve this would be an oauth-like, or oauth-based authentication mechanism for bzr. (Perhaps by running against https://bazaar.launchpad.net). See https://dev.launchpad.net/LEP/SSH_OAuth for more discussion.
2012-08-30 03:00:21 Edward Donovan bug added subscriber Edward Donovan