Re: Distributed bulk builds really need passwordless SSH ?

[Lloyd Parkes <lloyd%must-have-coffee.gen.nz@localhost>]

You are supposed to configure ssh to use keys for passwordless access. 
You can password protect the keys if you want and then load them into an 
ssh-agent for ready access by ssh.

The problem with passwords is that the bulk build can/will run for days 
(or weeks) and nobody can sit there typing in passwords for every ssh 
connection.

Ngā mihi,
Lloyd

On 06/12/2025 00:04, Andrew Randrianasulu wrote:
> Hello!
>
> Following recent sparc binary packages disappearance I wondered about 
> how distributed pkgsrc builds can be done. According to documentation:
>
> https://www.netbsd.org/docs/pkgsrc/bulk.html
>
> ====
>
>
>       Note
>
> The |pbulk.sh| script supports running unprivileged bulk build and 
> helps configuring distributed bulk builds. Distributed bulk builds 
> support either building in worker chroots (each node is a path to a 
> different chroot) that replicate the target system, including the 
> pbulk prefix, or remote machines (each node is an IP address that must 
> be accessible over SSH without a password).
>
> ====
>
> This sounds .. a bit dangerous, considering all those ssh bruteforce 
> bots living around ...
>
> Is there chance someone mods this script so it will accept list of 
> nodes and their passwords?
>
> Or may be for exotic qemu builds just restrict accepting ssh 
> connections from few configured IPs ?