ssh-add with stdin and read_passphrase
Jean-Yves FAYE
jean-yves.faye at c-s.fr
Tue Jan 18 20:27:41 EST 2011
I would like to use ssh-add to unlock a key with a password provided
through a web interface.
It seems even though ssh-add calls read_passphrase with RP_ALLOW_STDIN
at ssh-add.c:173, stdin is not used as a last resort without a valid
terminal or display. Is it an intended behaviour ? And if so, what are
the security implications of using popen() to write the password to
ssh-add (not using echo password|ssh-add of course).
I used this patch solves the issue :
diff -Nru openssh-5.6p1/readpass.c openssh-5.6p1-b/readpass.c
--- openssh-5.6p1/readpass.c 2006-08-05 04:39:40.000000000 +0200
+++ openssh-5.6p1-b/readpass.c 2011-01-18 09:52:34.000000000 +0100
@@ -123,6 +123,7 @@
if (!isatty(STDIN_FILENO)) {
debug("read_passphrase: stdin is not a tty");
use_askpass = 1;
+ rppflags |= RPP_STDIN;
}
} else {
rppflags |= RPP_REQUIRE_TTY;
Thanks
Jean-Yves Faye
More information about the openssh-unix-dev
mailing list