#!/usr/bin/perl # ssh-otac-fifo # Copyright 2007 Paul Sery # License: GPL # # Background: if ssh-add caches a private key to ssh-agent using the confirm (-c) option, # then ssh-agent will wait for the key to be confirmed before allowing the key to be used # authenticate an ssh session. ssh-agent calls gnome-ssh-askpass2 if the GNOME... environmental # variable is set. The gnome-ssh-askpass2 displays a dialog and confirms use of the key if you # either click the OK button, or type "yes" and click the OK button. # # This script reads a one-time agent confirm string (password) from a fifo # and emails it to the designated user. You then enter the string in the # gnome-ssh-askpass2 dialog. If the string matches the one that gnome-ssh-askpass2 # generated (and wrote to the fifo), then gnome-ssh-askpass2 writes "yes" to stdout. # use warnings; use strict; my $recipient; my $debug; while ($#ARGV >= 0) { if ($ARGV[0] eq "-d") { $debug=1; print "Debug on\n"; } if ($ARGV[0] ne "-d") { $recipient=$ARGV[0]; print "Recipient: $recipient\n"; } shift @ARGV; } if (!$recipient) { print "No reciepient specified\n"; exit; } # Don't fork if debug variable set # (use fork to allow parent to create child process which act as a daemon) if ($debug) { main_loop($debug); } else { if (fork()) { exit 0; } else { main_loop($debug); } } sub main_loop { my ($debug)=shift; my $fifo="/tmp/ssh-otac.fifo"; $fifo = $ENV{'SSH_OTAC_FIFO'} if ( exists $ENV{'SSH_OTAC_FIFO'} ); print "[ssh-otac-fifo.pl] FIFO: $fifo\n" if $debug; unless (-p $fifo) { system("mkfifo -m 0666 $fifo"); } open(OUT,"< $fifo") or die "can't open $fifo: $!"; while (1) { while ( ) { chomp; print "[ssh-otac-fifo.pl] OTAC: $_\n" if $debug; exit if ($_ eq 'END'); put_otac($debug,$recipient,$_); } sleep 1; } close OUT; } sub put_otac { my ($debug)=shift; my ($recipient)=shift; my ($otac)=shift; $otac=(split /:/,$otac)[1]; if ($debug) { print "[ssh-otac-fifo.pl] OTAC: $otac\n"; } else { my $mail = "/bin/mail -s 'OTAC: $otac' $recipient"; open(MAIL, "|$mail") or die "Cannot open $mail: $!"; print MAIL "\t\t$otac\n"; close MAIL; } }