ssh-askpass should be able to distinguish between a prompt for confirmation and a prompt for an actual passphrase
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Fri Feb 25 15:41:00 EST 2011
On 02/24/2011 11:11 PM, Peter Stuge wrote:
> Strictly focus follows mouse here on my desktop, with the exception
> of x11-ssh-askpass.
I use focus-follows-mouse as well (or, technically "sloppy focus" if the
wikipedia article [0] vocab is correct). but when new windows open
(e.g. if i type "xterm" from a running xterm), the new window gets
focus, even though the pointer hasn't moved.
Is this not the case for you? if so, what window manager/desktop
environment do you use? I'm using openbox, fwiw.
>> but that it wouldn't "grab the keyboard"
>
> I'm not sure that this works the way I would like. (For me.)
could you try applying the patch here for gnome-ssh-askpass2.c:
https://bugzilla.mindrot.org/attachment.cgi?id=2003
and then launch it from a terminal emulator with:
env SSH_ASKPASS_CONFIRMATION_ONLY=true gnome-ssh-askpass2 'test test'
does that cause the problem you're expecting to see?
>> Then two prompts come up concurrently. If they're both trying to grab
>> the keyboard, one of them (at least) must lose, which is considered a
>> "cancel" by every ssh-askpass implementation i've seen.
>
> Is the solution to proxy askpass invocations through a serializer?
hm, that might be one approach. Another approach could be to change
ssh-askpass behavior to wait patiently for its turn to grab the X
keyboard, instead of failing after four seconds of trying to grab.
Neither of these seem ideal to me, though, and neither of them addresses
the confusion that arises from prompting for a password when all that is
really needed is a yes/no confirmation.
Do you agree at least that it would be good for ssh-askpass to know that
a given prompt is a confirmation prompt instead of an actual password
prompt? does the SSH_ASKPASS_CONFIRMATION_ONLY environment variable
seem reasonable as a mechanism to signal that?
We can decouple decisions about specific ssh-askpass behavior from the
question of the signalling approach.
--dkg
[0] https://secure.wikimedia.org/wikipedia/en/wiki/Focus_(computing)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20110224/0735eecf/attachment-0001.bin>
More information about the openssh-unix-dev
mailing list