[PATCH] PreferAskpass in ssh_config
yath at yath.eu.org
yath at yath.eu.org
Tue Oct 5 07:51:47 EST 2004
On Tue, Oct 05, 2004 at 07:20:59AM +1000, Damien Miller wrote:
> > ssh-keygen doesn't use ssh-agent.. So again I ask what are you talking
> > about?
> No, but ssh-keygen does use read_passphrase() and can therefore use
> SSH_ASKPASS. Try:
> ssh-keygen -f /tmp/xk -t rsa < /dev/null
Yes, this works only if read_passphrase() is unable to allocate a tty.
The /dev/null redirect is a hack.
SSH_USE_ASKPASS just changes the default behaviour ("try tty, else
ssh-askpass") to "try ssh-askpass if available, if not, read from tty".
$USER could say in his ~/.bashrc:
export SSH_ASKPASS=/usr/bin/ssh-askpass
export SSH_USE_ASKPASS=prefer
This provides a more secure way to enter passwords read by
read_passphrase(). And no need for redirecting stdin (and I don't really
want this on an interactive ssh session)
Sebastian
--
signature intentionally left blank.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20041004/957012b3/attachment.bin
More information about the openssh-unix-dev
mailing list