SSH Command Line Password Support

Damien Miller djm at
Fri Aug 29 03:55:11 EST 2008

On Thu, 28 Aug 2008, Jim Knoble wrote:

> Disclaimer:  I'm the creator of x11-ssh-askpass
> <>.
> I believe the best way to handle this is with an ssh_config file option
> (which can then also be used on the command line).  ssh-add(1) and
> ssh-agent(1) also use SSH_ASKPASS and should use a command-line option,
> since they don't read ssh_config files.
> This allows for the greatest combination of flexibility and backward
> compatibility.  For example:
>     ssh -oUseSshAskpass=auto
>     ssh -oUseSshAskpass=yes
>     ssh -oUseSshAskpass=no
>     "auto": the current method, and the default.
>     "yes": ignore the presence or absence of a controlling terminal
>     and a DISPLAY variable, and just use SSH_ASKPASS if it's set.
>     "no": ignore SSH_ASKPASS; always prompt the terminal for a
>     passphrase or confirmation (if no terminal, fail?).
>     "ssh-agent"    => UseSshAskpass=auto
>     "ssh-agent -p" => UseSshAskpass=yes
>     "ssh-agent -P" => UseSshAskpass=no
>     "ssh-add"      => UseSshAskpass=auto
>     "ssh-add -p"   => UseSshAskpass=yes
>     "ssh-add -P"   => UseSshAskpass=no
> Folks who expect the current way of doing things don't have to change
> anything.  Folks who want something different can use the command-line
> or ssh_config options.  Folks who want something fancy can use
> "UseSshAskpass=yes", create wrapper scripts for ssh-add(1) and
> ssh-agent(1), and set SSH_ASKPASS to a script which determines what to
> do, as Alan Barrett suggests.  

Could you please attach this to ?

I think it might need a little more specification of what each option does
under various circumstances (tty/no-tty, DISPLAY/no-DISPLAY, etc.), but
it is already a lot more likeable that the suggestions already there.


More information about the openssh-unix-dev mailing list