gui wrapper for ssh -X

Jim Knoble jmknoble at
Sat Mar 8 06:36:28 EST 2003

Circa 2003-03-07 18:44:17 +0000 dixit David Woodhouse:

: On Fri, 2003-03-07 at 17:12, Jim Knoble wrote:
: > Circa 2003-03-07 14:39:11 +0000 dixit David Woodhouse:
: > It's *really* not hard:
: > 
: >   env SSH_ASKPASS=/usr/local/libexec/x11-ssh-askpass \
: >   ssh -X user at machine 'command' </dev/null >/dev/null 2>&1
: Did you try this? On Linux, even with everything redirected to
: /dev/null, I need to detach from the controlling TTY in order to prevent
: it from _opening_ /dev/tty and trying to use that. 

Whoops, misread the code in readpass.c.  Redirecting stdin only works
for ssh-add and ssh-keygen, which set the RP_ALLOW_STDIN flag.

You're correct

: >From my patches to make Evolution handle getting to its IMAP server over
: ssh instead of making a direct connection...
: +#ifdef TIOCNOTTY
: +	/* Detach from the controlling tty if we have one. Otherwise, 
: +	   SSH might do something stupid like trying to use it instead 
: +	   of running $SSH_ASKPASS. Doh. */
: +	fd = open("/dev/tty", O_RDONLY);
: +	if (fd != -1) {
: +		ioctl(fd, TIOCNOTTY, NULL);
: +		close(fd);
: +	}
: +#endif /* TIOCNOTTY */

You may also be able to use setsid(2) to accomplish the same thing.
There also appears to be a setsid(1) command in the util-linux package:

  $ cat /etc/redhat-release
  Red Hat Linux release 6.2 (Zoot)
  $ which setsid
  $ rpm -qf `which setsid`
  $ ssh otherlinuxsystem
  $ cat /etc/redhat-release 
  Red Hat Linux release 8.0.93 (Phoebe)
  $ rpm -qf `which setsid`

This might be useful in a shell script.  On the Red Hat Linux 6.2 machine:

  (env SSH_ASKPASS=/usr/libexec/openssh/x11-ssh-askpass \
   setsid ssh -X localhost xedit &)

works.  Don't have setsid(1) available under OpenBSD to test.  The
setsid(2) man page under Red Hat Linux says the following:

         On error, -1 will be returned.  The only error  which  can
         happen  is EPERM. It is returned when the process group ID
         of any process equals the  PID  of  the  calling  process.
         Thus,  in  particular, setsid fails if the calling process
         is already a process group leader.
         A process group leader is a process with process group  ID
         equal  to  its  PID.  In order to be sure that setsid will
         succeed, fork and exit, and have the child do setsid().

: You also need to export a fake 'DISPLAY' environment variable, even
: if you're not actually running under X and don't want your askpass
: program to use X.

(If you're doing X11 forwarding with 'ssh -X', you ought to be running
under X and to already have a DISPLAY).

jim knoble  |  jmknoble at  |
(GnuPG fingerprint: 31C4:8AAC:F24E:A70C:4000::BBF4:289F:EAA8:1381:1491)
Stop the War on Freedom ... Start the War on Poverty!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 256 bytes
Desc: not available
Url : 

More information about the openssh-unix-dev mailing list