[Bug 3439] New: identify password prompts

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Wed Jun 1 13:54:30 AEST 2022


            Bug ID: 3439
           Summary: identify password prompts
           Product: Portable OpenSSH
           Version: v9.0p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: Miscellaneous
          Assignee: unassigned-bugs at mindrot.org
          Reporter: tar.ancalime.numenor at gmail.com

Dear developers.

Since a while, I have more and more systems where I use ProxyJump and
have to either use a passphrase (and cannot use a pubkey) and/or enter
a 2FA-OTP.

I have no idea who prints the respective prompts, I'd assume the normal
passphrase prompt is printed by OpenSSH client, but the OTP prompt by
the remote server?
At least I have some OTP prompts where I get some valuable information
about which OTP is requested, and others where I just see "Your OTP:".

In any case, with multiple ProxyJump hops respectively, when doing scp,
with multiple source servers, things can get quite messy.

Then one get's multiple prompts that may be identical and has to think
"where" one is.

Would it be possible to add an option, that ssh/scp/sftp prefix these
For example with the respecitve hostname and, if OpenSSH can differ
between what is a normal passphrase request and a OTP, the "type" of
information that is queried?

The default of such option could be "no", so and people could just
selectively enable it when needed.

Thanks in advance, if it should be possible to have this implemented.

You are receiving this mail because:
You are watching the assignee of the bug.

More information about the openssh-bugs mailing list