ssh-askpass should be able to distinguish between a prompt for confirmation and a prompt for an actual passphrase
Peter Stuge
peter at stuge.se
Fri Feb 25 15:55:01 EST 2011
Daniel Kahn Gillmor wrote:
> > Strictly focus follows mouse here on my desktop, with the exception
> > of x11-ssh-askpass.
>
> I use focus-follows-mouse as well (or, technically "sloppy focus" if the
> wikipedia article [0] vocab is correct). but when new windows open
> (e.g. if i type "xterm" from a running xterm), the new window gets
> focus, even though the pointer hasn't moved.
>
> Is this not the case for you?
No. The new window will only get focus if it opened under the
pointer.
> if so, what window manager/desktop environment do you use?
fvwm2
> >> but that it wouldn't "grab the keyboard"
> >
> > I'm not sure that this works the way I would like. (For me.)
>
> could you try applying the patch here for gnome-ssh-askpass2.c:
>
> https://bugzilla.mindrot.org/attachment.cgi?id=2003
>
> and then launch it from a terminal emulator with:
>
> env SSH_ASKPASS_CONFIRMATION_ONLY=true gnome-ssh-askpass2 'test test'
>
> does that cause the problem you're expecting to see?
Afraid I don't have/use gnome-ssh-askpass2 (any more) because
x11-ssh-askpass is significantly simpler prettier and last but not
least snappier.
> > Is the solution to proxy askpass invocations through a serializer?
>
> hm, that might be one approach. Another approach could be to change
> ssh-askpass behavior to wait patiently for its turn to grab the X
> keyboard, instead of failing after four seconds of trying to grab.
Nod.
> Neither of these seem ideal to me, though,
I think they're both very reasonable solutions to the scp -3 problem.
> and neither of them addresses the confusion that arises from
> prompting for a password when all that is really needed is a yes/no
> confirmation.
>
> Do you agree at least that it would be good for ssh-askpass to know
> that a given prompt is a confirmation prompt instead of an actual
> password prompt?
Sure, although I don't care about it for myself I agree it's stupid
to ask for a password when that is not what is needed.
However on my system with x11-ssh-askpass, that's not what happens.
I've added a private key using ssh-add -c. When ssh wants to use that
key, x11-ssh-askpass prompts me with:
Allow use of key .../id_rsa?
Key fingerprint 11:22:33:44..
[OK] [Cancel]
I can click OK, hit enter, or type yes and hit enter, to allow.
Anything else Cancels. This looks good to me, although I know it's
not the case you had problems with.
> does the SSH_ASKPASS_CONFIRMATION_ONLY environment variable
> seem reasonable as a mechanism to signal that?
I think so, if it is really needed. I'm actually happy with the
prompt I get, but I think I haven't tried your use case.
//Peter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20110225/f9a313f2/attachment.bin>
More information about the openssh-unix-dev
mailing list