[Bug 69] Generalize SSH_ASKPASS [LONG]

Matthew Drayton matthew at stairways.com.au
Wed Apr 9 13:03:14 EST 2003 

> Anyone who sees something we missed, please speak up.  I plan to begin
> work on patches against 3.7-current (i.e., OpenBSD CVS) end of this
> week.  The ssh-confirm part of x11-ssh-askpass[*] will follow.

In the process of developing a Mac OS X sftp client I have encountered
a few issues with SSH_ASKPASS. Specifically:

  * I have to parse the prompt string to:
    - localize my SSH_ASKPASS program.
    - extract user, host, etc to integrate with the Mac OS X keychain.
    - determine if the prompt requires a yes/no response.
  * The user cannot cancel the connection attempt.

The proposed SSH_CONFIRM protocol is a step in the right direction but
IMO it doesn't go far enough.

I think we can extend the existing SSH_ASKPASS without the need for a
separate SSH_CONFIRM and still be compatible with existing SSH_ASKPASS
programs.

At present a SSH_ASKPASS program is feed one argument: the prompt to
display to the user.

I propose we extend this:

  argv[1] = prompt
  argv[2] = flags
  argv[3] = identifier
  ...

where:

  prompt - prompt to display to the user.
  flags - indicates whether prompt requires a yes/no response, user
  input should be echoed, etc.
  identifer - unique identifier string for the passphrase. For example,
  org.openssh.password, org.openssh.passphrase.
  ... - identifier specific arguments.

Some examples:

* identifier = org.openssh.password

  argv[4] = user
  argv[5] = host
  argv[6] = attempt

* identifier = org.openssh.passphrase

  argv[4] = key
  argv[5] = attempt

* identifier = org.openssh.unknownhostkey

  argv[4] = host
  argv[5] = ip
  argv[6] = type
  argv[7] = fingerprint

Existing SSH_ASKPASS programs should continue to work because the prompt
argument ( argv[1] ) will be left unchanged.

New SSH_ASKPASS programs will be able to take advantage of the
additional arguments. There will be no need to parse the prompt to
extract information.

SSH_ASKPASS programs can determine if a yes/no response is required from
the flag argument ( argv[2] ). They can also determine if user input
should be echoed to the screen.

Matthew.
--
<http://www.interarchy.com/>  <ftp://ftp.interarchy.com/interarchy.hqx>

More information about the openssh-unix-dev mailing list