Sending envvars via ssh agent protocol
Jochen Bern
Jochen.Bern at binect.de
Sun Sep 12 22:46:26 AEST 2021
On 12.09.21 00:11, Jim Knoble wrote:
>> On Sep 11, 2021, at 10:05, Peter Stuge <peter at stuge.se> wrote:
>> ssh-agent is apparently often started in the wrong context,
>> because "ssh-add -c" confirmation doesn't work for a lot of people. :\
>
> On a recent Ubuntu [...] install, I had to disable the gnome-keyring-ssh
> thingy [...] because it was unexpectedly supplying passphrases to my keys
> without asking me. [...]
>
> If that's common across Ubuntu flavors, then I wouldn't be surprised if a
> large number of folks have ssh-agents that don't have the right context
> for 'ssh-add -c'.
I watched a user have a FAIL with "-c" just last week. He's using the
WSL2 of his Win10 machine, which IIUC is an Ubuntu as well, so maybe
that's his problem. I have to say that I associate that behaviour
primarily with GNOME's agent system, rather than a particular distrib,
though.
However, the one :-C case I did get to analyze to the bottom is my own
workplace machine, back then being set up with Fedora 31, KDE spin. The
problem *there* was that the default install would include
/usr/bin/ksshaskpass, but not set $SSH_ASKPASS to point to it, so
ssh-add would still try (the nonexisting)
/usr/libexec/openssh/ssh-askpass. Installing the openssh-askpass package
took care of that, but. :-/
(Yes, the installed executable is the GNOME version, but it refrains
from throwing in the agents. And the popup stands out better than the
theme-conforming KDE variant ...)
Regards,
--
Jochen Bern
Systemingenieur
Binect GmbH
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3449 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20210912/3bbcbe1f/attachment.p7s>
More information about the openssh-unix-dev
mailing list