Question on SSH_ASKPASS
Jim Knoble
jmknoble at pobox.com
Thu Dec 24 17:05:29 EST 2009
On 2009-12-23 17:40, Jan Alphenaar wrote:
: setsid ssh -T jan@<dest_host> "/<DEFANGED_script_dir>/<DEFANGED_script>"
:
: does work as expected, it launches the remote script.
:
: I know ssh should support this out of the box, so I want to get rid of
: setsid.
Hi, Jan.
You are correct in that using 'setsid' works as expected. The reason
is here, to quote the ssh(1) man page:
If ssh needs a passphrase, it will read the passphrase from the
current terminal if it was run from a terminal. If ssh does not
have a terminal associated with it but DISPLAY and SSH_ASKPASS are
set, it will execute the program specified by SSH_ASKPASS and open
an X11 window to read the passphrase. This is particularly useful
when calling ssh from a .xsession or related script. (Note that
on some machines it may be necessary to redirect the input from
/dev/null to make this work.)
The problem is that, on many (most?) systems, to disassociate ssh from
its controlling terminal, you need to put it into a new "session".
Redirecting stdin from /dev/null ('ssh ... </dev/null') is not enough.
The setsid command you are using is pretty much the only way to do that;
it's pretty much a wrapper around the setsid(2) system call, which then
execs the command given on the command line (probably via execvp(3)).
This is a feature of POSIX (see
http://www.opengroup.org/onlinepubs/009695399/functions/setsid.html ).
Hope this helps.
--jim
--
jim knoble | jmknoble at pobox.com | http://www.pobox.com/~jmknoble/
(GnuPG key ID: C6F31FFA >>>>>> http://www.pobox.com/~jmknoble/keys/ )
(GnuPG fingerprint: 99D8:1D89:8C66:08B5:5C34::5527:A543:8C33:C6F3:1FFA)
More information about the openssh-unix-dev
mailing list