[David Huggins-Daines <dhd at plcom.on.ca>] Bug#52414: ssh-add uses ssh-askpass, but ssh doesn't
Brian Wellington
bwelling at xbill.org
Fri Jan 14 08:36:50 EST 2000
On 13 Dec 1999, Philip Hands wrote:
> Markus Friedl <markus.friedl at informatik.uni-erlangen.de> writes:
>
> > On Fri, Dec 10, 1999 at 05:13:20PM +0000, Philip Hands wrote:
> > > OpenSSH's 'ssh' program doesn't seem to mimic the non-free SSH's behaviour
> > > of calling ssh-askpass when it's not possible to read the pass{phrase,word}
> > > from a terminal.
> >
> > hm, this is not a bug in openssh. i don't want ssh (setuid root)
> > exec a X11 program.
>
> That's a very good point.
>
> David, perhaps you should just use ssh-agent.
>
> I'm closing this bug --- Feel free to persuade me otherwise.
Hi. I just noticed this behavior, so I thought I'd check the mailing list
to see if anyone else had commented on it.
Having ssh call ssh-askpass is useful for applications that want to tunnel
over ssh. An example is the graphical interface to the sftp program I
wrote. Since there's no controlling terminal, openssh just doesn't work,
when the standard ssh does, since it calls ssh-askpass.
I don't see why the setuidness of ssh is a problem. There's no reason the
privileges couldn't be dropped before calling exec-ing ssh-askpass. There
are already places where ssh drops privileges.
Requiring the use of ssh-agent in this case is unacceptable.
Brian
More information about the openssh-unix-dev
mailing list