Password from open filedescriptor
Hank Leininger
openssh-unix-dev at progressive-comp.com
Tue Apr 23 02:24:01 EST 2002
On 2002-04-22, Edward Avis <epa98 at doc.ic.ac.uk> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> On Mon, 22 Apr 2002, Peter Astrand wrote:
> > ssh-agent, as far as I know, only handles keys for public key
> > authentication. I need to use the "password" authentication method.
> > ssh-agent does not handle this, right?
> It would be cool if you could store your password in a file encrypted
> with your public key. Then when ssh runs it prompts for a passphrase
> to read the private key, uses that to decrypt the password and sends it
> to the remote server. That way you could use a single keypair and
You could do essentially this if you had either the less-cumbersome
SSH_ASKPASS setup or the read-from-fd patch, and you used a helper wrapper
around gnupg to ask for a passphrase (and a dest host/account?) and spit
out the right password. No caching by ssh-agent, though (you would want
something like gnupg-agent).
On the subject of dodgy one-off password hacks, I whipped something up last
week that adds a 'Password' config option, so you can hardcode passwords in
~/.ssh/config and/or pass '-oPassword=foo' on the command line. Yes, these
are both bad ideas. Patch here:
http://www.theaimsgroup.com/~hlein/haqs/#openssh-passopt
(I won't add this to the other openssh patches I maintain, because using it
really is a bad idea in general.)
--
Hank Leininger <hlein at progressive-comp.com>
More information about the openssh-unix-dev
mailing list