Bk association-specific SSH keypairs?

harlan · August 22, 2020, 6:18am

Is there a (hopefully simple) way to tie an SSH keypair to an arbitrary (remote) repo instance?

If I am doing bk operations on a repo on machine A that needs to push/pull/diff whatever with a related repo on machine B, I’d like to be able to specify an ssh keypair that would be used for these bk-specific communications.

How might I accomplish this?

wscott · August 22, 2020, 9:02am

You can set BK_RSH='ssh -i keyfile' in the environment and I am pretty sure that will do it.

harlan · August 22, 2020, 9:26am

Thanks, Wayne - I knew about that one and we might be able to make it work. My concern about this method is that we’d have to change the variable each time we wanted to switch to a different host. If we could find a way to have bk select the keyfile based on the target host, that might be a lot easier. I’ll say that I don’t know what the right answer is here…

wscott · August 22, 2020, 9:28am

That you can do with the $HOME/.ssh/config file. You set a different IdentityFile for each host.

harlan · August 22, 2020, 9:32am

The identityfile for bk needs to be different from the one used by the user in this case.

It may be that we need to do a much deeper study of the way we’re going to use this to see if we can “make it go” with the ~/.ssh/config file. But what you describe might still be the best way to go.

wscott · August 22, 2020, 9:34am

you can combine the 2 ideas and use BK_RSH='ssh -F my-bk-config'

harlan · August 22, 2020, 9:43am

neat - can I get access to the other command-line arguments some how to know what host bk is trying to contact?

wscott · August 22, 2020, 9:45am

the ssh config file can control most ssh command line options on a per-host basis.

harlan · August 22, 2020, 9:50am

yes, and in this case the chain of events is:

$ BK_RSH=“ssh -F my-bk-config”
…
$ bk whatever

and when bk evaluates BK_RSH, assuming my-bk-config is sourced in a way that it is exec’t by the shell, then my-bk-config will need to be able to determine the target host (we can probably tell if it’s the local host, if it’s a parent, or if a different host was given on the command line) and choose the correct key that way.

wscott · August 22, 2020, 9:54am

The other way you can do this is with fake hostnames. Add this to $HOME/.ssh/config

Host dev
    HostName myserver.domain.com
    IdentityFile /home/harlan/.ssh/id-ssh-bk

Then do a bk clone ssh://dev/myrepo

When ssh sees the hostname ‘dev’ it will use the special config block.

harlan · August 22, 2020, 9:56am

I’ll give that a shot - thanks a bunch!