[PATCH] PreferAskpass in ssh_config

yath at yath.eu.org yath at yath.eu.org
Tue Oct 5 07:46:54 EST 2004


On Mon, Oct 04, 2004 at 10:05:56AM -0500, Ben Lindstrom wrote:
> > > And this solves what real world problem?
> > No keyboard grab when being prompted for passwords (w/o key auth) or for
> > passphrases (when generating one with ssh-keygen), etc.
> ssh-keygen doesn't use ssh-agent.. So again I ask what are you talking
> about?

That's exactly the point. All programs use read_passphrase(), but only
ssh-add tells read_passphrase() to use ssh-askpass.

So if I *want*, e.g. ssh-keygen to use ssh-askpass, I simply set
$SSH_USE_ASKPASS to "prefer". ssh-askpass has nothing to do with
ssh-agent (just that it's only used in conjunction with ssh-add), so why
not use it for all other password prompts (if the user wants so)?

You *cannot* say "well, then do key auth" - I have to type at least the
password for logging in to the remote host (scp id_foo.pub) from the
tty, and maybe two times my (new) passphrase when generating a key pair.

So why shouldn't we give the user the possibility to use a more secure
mechanism to enter passwords? Just suppose focus-follows-mouse and an
IRC client.


Seba 'having seen mouse cursors moving w/o moving the mouse' stian.
-- 
signature intentionally left blank.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20041004/a077f67f/attachment.bin 


More information about the openssh-unix-dev mailing list