ssh-askpass should be able to distinguish between a prompt for confirmation and a prompt for an actual passphrase
Jameson Rollins
jrollins at finestructure.net
Fri Feb 25 09:04:36 EST 2011
On Thu, 24 Feb 2011 16:45:20 -0500, Daniel Kahn Gillmor <dkg at fifthhorseman.net> wrote:
> I just opened a bug report about this, but i thought i'd bring it to the
> group if anyone has any concerns about the idea:
>
> https://bugzilla.mindrot.org/show_bug.cgi?id=1871
>
> currently, ssh-askpass is used in some situations to actually ask the
> user for a passphrase.
>
> in other situations, it is used to prompt for simple confirmation (e.g.
> ControlMaster=ask, ssh-add -c).
>
> Providing the exact same UI for both scenarios is not only surprising
> for new users; it is also potentially problematic.
One of the particularly problematic aspects of using the same UI for
confirmation is that askpass prompts for password when simply asking for
confirmation. Furthermore, it seems to be sensitive to what is actually
typed in to that prompt. Obviously this doesn't make any sense when
it's actually just asking for a yes/no response.
I think Daniel's suggestion of using an environment variable to change
to UI to one that just asks for a yes/no response (and doesn't grab the
keyboard) is definitely the way to go.
Thanks for the suggestion, Daniel.
jamie.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20110224/b72fca30/attachment.bin>
More information about the openssh-unix-dev
mailing list