[Bug 69] Generalize SSH_ASKPASS

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Sat Aug 30 02:34:40 EST 2008


https://bugzilla.mindrot.org/show_bug.cgi?id=69


rumen <openssh at roumenpetrov.info> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |openssh at roumenpetrov.info




--- Comment #9 from rumen <openssh at roumenpetrov.info>  2008-08-30 02:34:35 ---
The problem with "Command Line Password Support" is discussed again in
the mail list and in this thread
"http://marc.info/?l=openssh-unix-dev&m=122002002422109&w=2" is
reported that password authentication never work with proposed
workaround : to set DISPLAY and SSK_ASSPASS environment variables. Also
this impact batch sftp transfers too.

If public key authentication is allowed the known work-around is to add
key to agent and to use it. This is because ssh-add call
read_passphrase(...) with RP_ALLOW_STDIN flag set and if stdin is not
tty SSK_ASSPASS program is called.

For the password authentication and other since read_passphrase(...) is
called without any flags set the work-around is to disable temporary
read or write access to /dev/tty. In this case function will try to use
SSK_ASSPASS program.

Instead to use application command line arguments or environment
variables as flag what about variable SSK_ASSPASS_ALWAYS with same
meaning as SSK_ASSPASS. May I propose following modification to
funnction read_passphrase :
...
rppflags = (flags & RP_ECHO) ? RPP_ECHO_ON : RPP_ECHO_OFF;
if (askpass = getenv("SSK_ASSPASS_ALWAYS")) /*new line*/
   use_askpass = 1;                         /*new line*/
else if (flags & RP_USE_ASKPASS)            /*modified line*/
...
if (use_askpass && (askpass || getenv("DISPLAY"))) {  /*modified line*/
    if (!askpass)                                     /*new line*/
    if (getenv(SSH_ASKPASS_ENV))
....
At moment I don't have time to prepare patch and to test. May be next
week.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list