Popup SSH unknown host prompt on git push

[seiyab]

PR Description

This fixes #4057. Lazygit got unresponsive on SSH unknown host prompt before this change.

Please check if the PR fulfills these requirements

• Cheatsheets are up-to-date (run go generate ./...)
• Code has been formatted (see here)
• Tests have been added/updated (see here for the integration test guide)
• Text is internationalised (see here)
• If a new UserConfig entry was added, make sure it can be hot-reloaded (see here)
• Docs have been updated if necessary
• You've read through your own file changes for silly mistakes etc

[seiyab]

I worry that it's not a credential technically. Tell me if there's better approach.

[seiyab]

Referred to push_with_credential_prompt.

[stefanhaller]

Thanks; I tested this and it works well.

However, I'm unsure if the user interface is good enough. We don't show any information about which host we are trying to connect to, what its fingerprint is etc. I worry that this is inviting people to simply type "yes" without further checking. (Now honestly, that's probably what most people do at the console prompt too, but still. We need to take security seriously.)

You could argue that the information is visible in the command log in the lower right corner, but not everybody has that panel open by default (I don't).

I think the ideal user interface would be a panel that contains all the information that is shown for the command-line prompt, and then a text field for typing "yes/no" below it. Unfortunately we don't have such a widget, and it would be a bit of work to build it, I'm afraid.

I can see two options around this:

• have two popups, the first one showing only the information, and the second one allowing to type "yes/no". It's probably also tricky to implement this given the current framework.
• simply answer "no" always, and show a popup telling users to verify the host on the command line, maybe with a link to this page. This would be quite similar to the behavior on master, except with a slightly better message; I'm unsure if it's worth doing the work just for that.

[seiyab]

Thank you for your review. Your worry makes sense. The former option looks somewhat too hard to me. The latter one is inconvenient but somewhat better than current behavior, hanging. I'll take the latter later if it's acceptable to you. As another approach, denying "yes" and requiring finferprint to resume might be good choice for security. But probably it's also difficult to me (not sure at all yet).
Adding context, the unknown host prompt is not rare to me because I frequently start new containers and work in it.

[stefanhaller]

The latter one is inconvenient but somewhat better than current behavior, hanging.

Is the difference so big really? I mean, it's not hanging in the sense that lazygit is unresponsive and needs to be killed from another terminal, is it? That would be bad. But you can still just press q to quit, right? You'll have to do that anyway when we auto-answer "no", so to me the only difference is a better error popup. But implementing that in the current framework might also not be trivial (I haven't looked yet), so I'm not sure it's worth the effort just for that.

Adding context, the unknown host prompt is not rare to me because I frequently start new containers and work in it.

Interesting, that's useful to know. I wonder though if there's a way to populate your containers up front with a known_hosts file that has your hosting provider's public keys, so that you don't have this problem.

[seiyab]

it's not hanging

I was confused. Actually lazygit itself doesn't hang. I agree that it might not be worth the effort.

there's a way to populate your containers up front with a known_hosts file

Yes there is. I consider to add known public keys. Thank you.

I close this PR since it doesn't look valuable enough. Maybe it will progress when:

• we will come up with a simple & useful approach
• or lazygit framework will have an useful pattern to implement it