[Bug 69] New: Generalize SSH_ASKPASS

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Wed Jan 16 16:17:01 EST 2002 

http://bugzilla.mindrot.org/show_bug.cgi?id=69

           Summary: Generalize SSH_ASKPASS
           Product: Portable OpenSSH
           Version: -current
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: ssh
        AssignedTo: openssh-unix-dev at mindrot.org
        ReportedBy: bbum at codefab.com


Two generalizations to SSH_ASKPASS (explanation follows).

(1) Do not require a DISPLAY environment variable for SSH_ASKPASS to work.  It is not necessary on non-X windowing systems (such as OS X).

(2) Allow SSH_ASKPASS type functionality to be available even when run with stdin (or whatever) connected to a valid TTY.

---

Why?

	Under OS X, I no longer use public key authentication to allow for passwordless (or one time per ssh-agent) authentication into remote machines.   This is done for a number of reasons;  fewer trust relationships is always good and some uses of SSH under OS X simply do not give the opportunity to ask for a password unless done through an external program.

	Further more, I have developed a small app-- SSHPassKey (http://www.codefab.com/unsupported/SSHPassKey_v1.1-1-README.html) that uses the KeyChain functionality built into OS X to store the passwords for particular sites.   In effect, SSHPassKey acts as a replacement for ssh-agent, following the security semantics the user has configured (in my case, my Keychain locks itself automatically anytime the machine sleeps or after two hours).

	SSHPassKey works wonderfully via SSH_ASKPASS but, of course, does not work at the command line (where there is and sometimes should be a valid TTY) and it requires the DISPLAY environment variable to be set to something, which can occasionally confuse X aware apps -- like xemacs -- into thinking they should use an X server when they shouldn't.

	Thanks.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the openssh-unix-dev mailing list