Regarding SSH_ASKPASS

[ttk2 at ciar.org]

  I've been giving SSH_ASKPASS a hard look, and it's not clear to 
me how it's supposed to work.  The documentation (ssh.1) seems 
explicit enough:

 SSH_ASKPASS
   If ssh needs a passphrase, it will read the passphrase from the
   current terminal if it was run from a terminal.  If ssh does not
   have a terminal associated with it but DISPLAY and SSH_ASKPASS
   are set, it will execute the program specified by SSH_ASKPASS
   and open an X11 window to read the passphrase.  This is particu-
   larly useful when calling ssh from a .Xsession or related
   script.  (Note that on some machines it may be necessary to
   redirect the input from /dev/null to make this work.)

  But my numerous efforts to trigger this behavior failed, so I 
looked at the source.  As far as I can see, the ssh code doesn't 
allow for this to happen.  The read_passphrase() function never 
gets called by ssh with the RP_ALLOW_STDIN flag set, and the 
only other way to get ssh_askpass() to get called is for 
open(_PATH_TTY, O_RDWR) to fail.  But /dev/tty is a+rw in the 
normal case.

>From readpass.c:
char *
read_passphrase(const char *prompt, int flags)
{
        char *askpass = NULL, *ret, buf[1024];
        int rppflags, use_askpass = 0, ttyfd;

        rppflags = (flags & RP_ECHO) ? RPP_ECHO_ON : RPP_ECHO_OFF;
        if (flags & RP_ALLOW_STDIN) {
                if (!isatty(STDIN_FILENO))
                        use_askpass = 1;
        } else {
                rppflags |= RPP_REQUIRE_TTY;
                ttyfd = open(_PATH_TTY, O_RDWR);
                if (ttyfd >= 0)
                        close(ttyfd);
                else
                        use_askpass = 1;
        }

.. and thereafter, ssh_askpass() is called iff use_askpass is set. 
But according to Mr. Friedl on this list, the documented use of 
SSH_ASKPASS is usable from ssh:

> Subject:    Re: Feature request
> From:       Markus Friedl <markus () openbsd ! org>
> Date:       2004-03-14 18:48:43
> Message-ID: <20040314184842.GA29132 () folly>
> 
> On Sun, Mar 14, 2004 at 06:48:35PM +0100, Peter Stuge wrote:
> > On Sun, Mar 14, 2004 at 05:55:13PM +0100, Martin Kluge wrote:
> > > So would you accept a patch to add a new command line option
> > > (suggestion: -d) to specify a password directly on the command line?
> >
> > This has been requested before but declined because it promotes insecure
> > behavior. (Your system may be isolated, but all aren't and it's usually
> > possible to see any arguments of all processes in the system.)
> 
> yes, but you can abuse SSH_ASKPASS for this.

  I've been staring at this until my eyes cross, and checked 
around on other platforms to see if maybe /dev/tty permissions 
are different on other *nixes .. please, is this a bug in the 
documentation, a bug in the code, or my own misunderstanding?

  -- TTK