Suppressing reverse port-forward connection errors

[Damien Miller]

On Fri, 5 Dec 2025, Joe K wrote:

> Since the info request message has several configurations
> (with/without name or instruction, 0/1/>1 prompts), perhaps the ideal
> UX for each depends on whether or not an askpass tool is to be used.
> In a terminal, the current behavior of showing the name/instruction
> once, then following up with each prompt is correct. A graphical
> askpass tool might only be able to show one prompt/input at a time,
> and since the instruction could be relevant for each prompt, we might
> want to prepend the instruction string to each prompt string before
> they are displayed. But unconditionally prepending the instruction to
> the prompt would be awkward in a terminal if there are multiple
> prompts.
> 
> The case of instruction + no prompt is unique; currently openssh will
> not invoke askpass at all unless there is at least one prompt, which
> means in some gui-only ssh frontends (e.g. vscode remote workspace)
> the only way to see the instructions is if the frontend provides a way
> to view the ssh logs, and if you know to look for them. Maybe this
> case could be handled by a non-text-input askpass prompt like the ones
> used with some of the multiplexing commands?

yeah, this is the notify_start() / notify_complete() API in readpass.c
if you want to take a look.

-d