OpenSSH linkable library
Brian Hamon
brhamon at cisco.com
Wed Sep 19 09:56:59 EST 2001
You are correct, my statement about passwords not working was inaccurate.
Passwords work perfectly when stdin and stdout are redirected.
Unfortunately, the behavior you get is something an automaton usually does
not want -- interactivity. This is an easily avoidable problem if the
automaton utilizes RSA authentication instead of passwords.
Using pipes and running ssh as a coprocess, in some cases, is an effective
alternative to using a linkable library. Someone else suggested running a
restricted shell on the remote host. That is a preferable solution in cases
where the remote host has a script language, but some hosts running
SSH-protocol-version-1.5-compliant daemons do not provide script languages.
At 06:26 PM 9/18/2001, Damien Miller wrote:
>On Tue, 18 Sep 2001, Brian Hamon wrote:
>
> > One technique that will work is to run ssh as a coprocess, with stdin and
> > stdout piped into your main process (similar to popen). The most important
> > consequence is that the password prompt will not work correctly (it uses
> > the pty directly, rather than stdin/stdout). Password authentication is
> > therefore not usable without adding unsavory patches to the OpenSSH source
> > code. This limitation is reasonable; however, since an automaton should
> > really be using RSA authentication anyway.
>
>This isn't true - OpenSSH reads pass{words,phrases} directly from the TTY
>(if present) and will thus bypass stdio redirection. This is how sftp and
>scp work.
>
>-d
>
>--
>| Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor man's
>| http://www.mindrot.org / distributed filesystem'' - Dan Geer
More information about the openssh-unix-dev
mailing list