[David Huggins-Daines <dhd at plcom.on.ca>] Bug#52414: ssh-add uses ssh-askpass, but ssh doesn't

[Brian Wellington]

On 13 Dec 1999, Philip Hands wrote:

> Markus Friedl <markus.friedl at informatik.uni-erlangen.de> writes:
> 
> > On Fri, Dec 10, 1999 at 05:13:20PM +0000, Philip Hands wrote:
> > > OpenSSH's 'ssh' program doesn't seem to mimic the non-free SSH's behaviour
> > > of calling ssh-askpass when it's not possible to read the pass{phrase,word}
> > > from a terminal.
> > 
> > hm, this is not a bug in openssh.  i don't want ssh (setuid root)
> > exec a X11 program.
> 
> That's a very good point.
> 
> David, perhaps you should just use ssh-agent.
> 
> I'm closing this bug --- Feel free to persuade me otherwise.

Hi.  I just noticed this behavior, so I thought I'd check the mailing list
to see if anyone else had commented on it.

Having ssh call ssh-askpass is useful for applications that want to tunnel
over ssh.  An example is the graphical interface to the sftp program I
wrote.  Since there's no controlling terminal, openssh just doesn't work,
when the standard ssh does, since it calls ssh-askpass.

I don't see why the setuidness of ssh is a problem.  There's no reason the
privileges couldn't be dropped before calling exec-ing ssh-askpass.  There
are already places where ssh drops privileges.

Requiring the use of ssh-agent in this case is unacceptable.

Brian