[Bug 81] New: ssh cannot use ssh-askspass & passphrases as documented

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Sat Jan 26 05:06:47 EST 2002 

http://bugzilla.mindrot.org/show_bug.cgi?id=81

           Summary: ssh cannot use ssh-askspass & passphrases as documented
           Product: Portable OpenSSH
           Version: 3.0.2p1
          Platform: Sparc
        OS/Version: SunOS
            Status: NEW
          Severity: normal
          Priority: P2
         Component: ssh
        AssignedTo: openssh-unix-dev at mindrot.org
        ReportedBy: dean.r.smart at mail.sprint.com


When using scp|ssh in nohup|cron|batch in a non interactive mode, sshconnect1.c 
and sshconnect2.c do not have the ability to call read_passphrase in such a 
manner to cause ssh-askpass to be utilized as documented in the man pages.

The calls are as follows for the released code:

# grep 'read_passphrase(' sshconnect[12].c-original

sshconnect1.c-original: passphrase = read_passphrase(buf, 0);
sshconnect1.c-original: response = read_passphrase(prompt, 0);
sshconnect1.c-original: password = read_passphrase(prompt, 0);

sshconnect2.c-original: password = read_passphrase(prompt, 0);
sshconnect2.c-original: passphrase = read_passphrase(prompt, 0);
sshconnect2.c-original: response = read_passphrase(prompt, echo ? RP_ECHO : 0);

(white space adjusted above)

Note that the second arguments are all set to zero. To make ssh work as 
documented one call in each of the two sshconnect[12].c source files must be 
altered to have the enabling second argument as below:

# grep 'read_passphrase(' sshconnect[12].c

sshconnect1.c: passphrase = read_passphrase(buf, RP_ALLOW_STDIN);
sshconnect1.c: response = read_passphrase(prompt, 0);
sshconnect1.c: password = read_passphrase(prompt, 0);

sshconnect2.c:  password = read_passphrase(prompt, 0);
sshconnect2.c:  passphrase = read_passphrase(prompt, RP_ALLOW_STDIN);
sshconnect2.c:  response = read_passphrase(prompt, echo ? RP_ECHO : 0);

With this one single change to each of the sshconnect[12].c source files, ssh 
will work as documented. Note the RP_ALLOW_STDIN constant. This has been tested 
with protocols 1 and 2.

Note how the call is structured with ssh-add.c

# grep 'read_passphrase(' ssh-add.c
  pass = read_passphrase(msg, RP_ALLOW_STDIN);

(I am using a self-decrypting binary* for ssh-askpass which authenticates the 
calling self-decrypting binary* which calls scp and ssh. This authentification 
is done via a number of environmental variables. After scp completes, these 
authentificating environmetal variables are immediately unset. So this is quite 
secure and ssh-askpass will not yield the passphrase to any non autheticated 
invoking process. The use of ssh-agent and ssh-add are quite unsuitable for my 
requirements, and would otherwise not be secure. These measures may seem 
excessive but are neccesary to overcome the security risks involved in more 
basic cron'd ssh-askpass implementations. I do-not/can-not assume a trust 
relationship with root on the any systems where my applications are run.)

* - these two self-decrypting binaries can be the same binary
  - FreeEss is being used to create the self decrypting binaries



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the openssh-unix-dev mailing list