[Bug 3644] New: Pass the number of attempt to SSH_ASKPASS
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Sun Dec 17 05:02:44 AEDT 2023
https://bugzilla.mindrot.org/show_bug.cgi?id=3644
Bug ID: 3644
Summary: Pass the number of attempt to SSH_ASKPASS
Product: Portable OpenSSH
Version: 9.4p1
Hardware: All
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: flafyarazi at gmail.com
I'm working on a script to make `ssh` request a passphrase from a
command of my choice instead of prompting me for a passphrase directly.
If the script doesn't find a passphrase through the command, it should
prompt me to input a passphrase.
Additionally, if the script got a passphrase from the command but the
passphrase was not correct, it should prompt me to input a passphrase
as well.
I've set
```
SSH_ASKPASS_REQUIRE=prefer
SSH_ASKPASS=<path to the following bash script>
```
bash script:
```
#!/usr/bin/env bash
key_name=$(echo "$1" | sed -n "s/.*\/\([^\/]*\)'.*/\1/p")
pass=$(get-passphrase-command "$key_name")
if [ $? -eq 0 ]; then
echo "$pass"
else
echo "Couldn't find passphrase from Bitwarden." >&2
read -s -p "$1" passphrase
echo "" >&2
echo "$passphrase"
fi
```
`ssh` will run this script every time it wants to request a passphrase.
If a passphrase returned by the script is not correct, `ssh` will run
the script 2 more times.
The script does exactly what I've described except prompt me for a
passphrase if it got an incorrect passphrase from the command. I can't
pass information from one attempt to another, so the script has no idea
if it failed already.
`ssh` passes the prompt it usually shows as the first argument(`$1`) to
SSH_ASKPASS.
To make my script possible, I propose also passing the number of
attempted passphrases so far to SSH_ASKPASS as the second
argument(`$2`).
This way I'll be able to detect it is the script's second attempt at
inputting a passphrase and not run the passphrase command again.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list