PasswordCommand option for ssh client?

Damien Miller djm at mindrot.org
Thu Jun 24 12:57:56 AEST 2021


On Tue, 22 Jun 2021, asymptosis wrote:

> Hey all,
> 
> While I generally prefer keypair authentication, I am sometimes stuck with the
> need to access a variety of hosts which only permit password authentication.
> At the moment, I copy-paste my password from `pass`.
> 
> I wondered if it could be doable to add a new option to ssh_config, analogous
> to the various XYZCommand options available for sshd_config?
> 
> (Hopefully I'm not overlooking something: I'm on 8.6p1 here, and I don't see
> anything in `man ssh` or `man ssh_config` which matches what I am looking
> for.)
> 
> For my ~/.ssh/config, I'm imagining a stanza like so:
> 
> Host A.B.C.D
> PasswordCommand pass show A.B.C.D
> 
> So long as I have gpg-agent running, I would then be able to log into these
> hosts in a fairly seamless way. It would also help with keeping track of which
> password is relevant to which hosts.

btw, it's probably possible to abuse SSH_ASKPASS_PROMPT=require to
do this.

-d


More information about the openssh-unix-dev mailing list