ssh-askpass should be able to distinguish between a prompt for confirmation and a prompt for an actual passphrase

[Daniel Kahn Gillmor]

I just opened a bug report about this, but i thought i'd bring it to the
group if anyone has any concerns about the idea:

https://bugzilla.mindrot.org/show_bug.cgi?id=1871

currently, ssh-askpass is used in some situations to actually ask the
user for a passphrase.

in other situations, it is used to prompt for simple confirmation (e.g.
ControlMaster=ask, ssh-add -c).

Providing the exact same UI for both scenarios is not only surprising
for new users; it is also potentially problematic.

For example, grabbing the X11 keyboard is a pretty invasive operation
(and it is warranted, to avoid other X processes snooping on the
passphrase).  A prompt for confirmation doesn't need to grab the
keyboard, though.

I'm proposing to extend the ssh-askpass interface with an environment
variable SSH_ASKPASS_CONFIRMATION_ONLY.  If this environment variable
is set, the ssh-askpass can choose to display a
simpler/non-kbd-grabbing UI.  ssh, ssh-add, and ssh-agent would need to
know to set or clear that environment variable depending on the type of
prompt.

Another approach would be to define a command line argument, but
existing ssh-agent implementations appear to treat multiple arguments
differently (e.g. gnome-ssh-askpass concatenates them all into the
string prompt; jim knoble's x11-ssh-askpass accepts old-school
X11-style arguments).  So an environment variable seems cleaner.

This would be an optional UI enhancement -- ssh-askpass implementations
that don't know about it or don't care would't need to make any
changes.

Any thoughts?

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20110224/1b37f4e8/attachment.bin>