[Bug 69] Generalize SSH_ASKPASS
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Sat Aug 30 02:34:40 EST 2008
https://bugzilla.mindrot.org/show_bug.cgi?id=69
rumen <openssh at roumenpetrov.info> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |openssh at roumenpetrov.info
--- Comment #9 from rumen <openssh at roumenpetrov.info> 2008-08-30 02:34:35 ---
The problem with "Command Line Password Support" is discussed again in
the mail list and in this thread
"http://marc.info/?l=openssh-unix-dev&m=122002002422109&w=2" is
reported that password authentication never work with proposed
workaround : to set DISPLAY and SSK_ASSPASS environment variables. Also
this impact batch sftp transfers too.
If public key authentication is allowed the known work-around is to add
key to agent and to use it. This is because ssh-add call
read_passphrase(...) with RP_ALLOW_STDIN flag set and if stdin is not
tty SSK_ASSPASS program is called.
For the password authentication and other since read_passphrase(...) is
called without any flags set the work-around is to disable temporary
read or write access to /dev/tty. In this case function will try to use
SSK_ASSPASS program.
Instead to use application command line arguments or environment
variables as flag what about variable SSK_ASSPASS_ALWAYS with same
meaning as SSK_ASSPASS. May I propose following modification to
funnction read_passphrase :
...
rppflags = (flags & RP_ECHO) ? RPP_ECHO_ON : RPP_ECHO_OFF;
if (askpass = getenv("SSK_ASSPASS_ALWAYS")) /*new line*/
use_askpass = 1; /*new line*/
else if (flags & RP_USE_ASKPASS) /*modified line*/
...
if (use_askpass && (askpass || getenv("DISPLAY"))) { /*modified line*/
if (!askpass) /*new line*/
if (getenv(SSH_ASKPASS_ENV))
....
At moment I don't have time to prepare patch and to test. May be next
week.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list