SSH_ASKPASS behavior change proposal

Lance E Sloan lsloan at umich.edu
Wed Jan 31 02:10:39 EST 2007


Quoting David Woodhouse <dwmw2 at infradead.org> (Tue 30 Jan 2007 09:12:23 
AM EST):

> On Thu, 2007-01-18 at 15:24 -0500, Lance E Sloan wrote:
>> I propose that the ssh command-line client be changed so that it will
>> use whatever program is specified in the SSH_ASKPASS environment
>> variable regardless of whether ssh has a terminal associated with it or
>> not.  In order for this to work, SSH_ASKPASS would need to contain the
>> full path to a program that prompts for a password, DISPLAY would also
>> need to be set, and some additional environment variable would need to
>> be set to instruct ssh to ignore the no-tty requirement.
>
> I'd like this. I currently have a horrid wrapper which deliberately
> disassociates from the ctty before executing /usr/bin/ssh, and it would
> be much nicer if SSH could be asked to use $SSH_ASKPASS unconditionally
> instead.

I'm glad you like my suggestion.  I suppose it's up to the OpenSSH 
development team to decide if they want to implement it.  If anybody is 
interested, I can forward a patch to the OpenSSH source code that makes 
it possible.  It's very short and simple, but one would have to compile 
ssh from source after applying the patch.

As it turns out, Iain Morgan replied to my proposal with the suggestion 
that I try session multiplexing.  I've tried that and I really like it 
a lot.  When I set up the multiplexing master session, I enter my 
password and following that, all other sessions to the same host, port, 
and username do not require authentication.

I've been able to run the multiplexing master session in the 
background, but that makes it difficult for me to see if the connection 
is still alive and working.  (I might lose the connection if I take my 
laptop elsewhere.)  So I've settled on running the master session in a 
terminal window of its own, in verbose mode.  I wanted to find an 
application (or Mac OS X Dashboard widget) that would let me create and 
monitor these master sessions, but I haven't found any.  Maybe I will 
eventually find time to make a Dashboard widget of my own.

-- 
Lance E Sloan, Application Developer
Evil is my middle name.  Some people think it's Eugene, though.
U-M ITCS ITCom Information Systems
http://www.itcom.itcs.umich.edu/


More information about the openssh-unix-dev mailing list