You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Tried to run codexctl install rm2_xxxxx.swu. It asked me for the IP, whether I wanted to use a password, and then the path to an SSH secret key file.
The problem is, there is no file on the computer which contains the secret key - my SSH keys are stored in a Yubikey. This means that I have to physically insert the right Yubikey in order to SSH into anything, but it also means that if somebody breaks into or steals the computer, they can't get my SSH secret keys.
This means I cannot use codexctl to upgrade my tablets.
Please update codexctl to support talking to an SSH agent.
If it helps, the authentication "flow" I've used in the past when writing SSH clients (in other languages) is this:
If an SSH_AUTH_SOCK environment variable exists, try to use the agent first. (This environment variable contains the path to a UNIX socket where an SSH agent should be listening.) The documentation suggests that paramiko.Agent() knows this internally. If no agent is available, it will return "no error" and get_keys() will return an empty list. Here is a simple example.
If we didn't authenticate yet ... if the user specified a -i option, treat its value as the filename for an SSH secret key file. (I always use -i for this because it's kind of the standard - the ssh, scp, and sftp programs all use -i to point to a secret key file.)
If we didn't authenticate yet, THEN start asking the user for a password.
The text was updated successfully, but these errors were encountered:
Tried to run
codexctl install rm2_xxxxx.swu. It asked me for the IP, whether I wanted to use a password, and then the path to an SSH secret key file.The problem is, there is no file on the computer which contains the secret key - my SSH keys are stored in a Yubikey. This means that I have to physically insert the right Yubikey in order to SSH into anything, but it also means that if somebody breaks into or steals the computer, they can't get my SSH secret keys.
This means I cannot use
codexctlto upgrade my tablets.Please update
codexctlto support talking to an SSH agent.If it helps, the authentication "flow" I've used in the past when writing SSH clients (in other languages) is this:
If an
SSH_AUTH_SOCKenvironment variable exists, try to use the agent first. (This environment variable contains the path to a UNIX socket where an SSH agent should be listening.) The documentation suggests thatparamiko.Agent()knows this internally. If no agent is available, it will return "no error" andget_keys()will return an empty list. Here is a simple example.If we didn't authenticate yet ... if the user specified a
-ioption, treat its value as the filename for an SSH secret key file. (I always use-ifor this because it's kind of the standard - thessh,scp, andsftpprograms all use-ito point to a secret key file.)If we didn't authenticate yet, THEN start asking the user for a password.
The text was updated successfully, but these errors were encountered: