How to get "Enter passphrase" on command line rather than GUI pop-up?

Chris Green cl at isbd.net
Tue Jan 2 20:37:16 AEDT 2024 

On Tue, Jan 02, 2024 at 03:52:29PM +1100, Damien Miller wrote:
> On Mon, 1 Jan 2024, Christian Weisgerber wrote:
> 
> > Chris Green:
> > 
> > > Setting SSH_ASKPASS_REQUIRE=never in the environment on my xubuntu
> > > 23.10 system doesn't seem to work.  I have set it:-
> > > 
> > >     chris$ env | grep SSH
> > >     SSH_AUTH_SOCK=/run/user/1000/keyring/ssh
> > >     SSH_ASKPASS_REQUIRE=never
> > 
> > What component is actually calling ssh-askpass?
> > 
> > Setting SSH_ASKPASS_REQUIRE=never has no effect for me either, but
> > that's because...
> > 
> > Jan  1 21:26:12 lorvorc ssh-agent[76961]: error: Fssh_notify_start:
> > exec(/usr/local/bin/ssh-askpass): No such file or directory
> > 
> > ... ssh-askpass is called by a previously started ssh-agent that
> > doesn't know about the new environment variable.  The fact that
> > you have SSH_AUTH_SOCK set suggests that authentication requests
> > are also forwarded to an agent in your setup.
> 
> yeah, some desktop enviornments implicitly start an agent. Often this
> isn't actually ssh-agent, but something else that speaks the agent
> protocol. Either way, they are a pain to configure because the
> configuration is usually hidden from the user and often difficult to
> disable.
> 
> Generally I find it easier to override them.
> 
My xubuntu is actually running ssh-agent:-

    chris       2549    1543  0 Jan01 ?        00:00:00 /usr/bin/ssh-agent -D -a /run/user/1000/keyring/.ssh

It's started by gnome-keyring-daemon which is handy because it uses my
login password to unlock my default passphrase, thus I don't need to
enter a passphrase explicitly when running my GUI desktop.

It's only because I want to use a *different* key/passphrase pair for
some systems that I have hit this issue of ssh-agent using a GUI
pop-up to ask for a passphrase.

Do SSH_ASKPASS and SSH_ASKPASS_REQUIRE affect ssh-agent directly?
There's nothing in the man page indicating this.

There must be *something* in the environment that affects this because
I'm seeing two different ways of asking for the passphrase on the same
screen.  The only difference is that one is a simple terminal window
running on my system and the other is one where I have used ssh to
connect to a remote system and then ssh again back to the 'home'
system.  The local system window gets the GUI pop-up the 'two ssh'
window asks for the passphrase in the terminal.

I can even 'ssh localhost' and then the ssh to the remote asks for the
passphrase in the terminal window as I want it!  This does seem a
rather OTT workaround though! :-)

-- 
Chris Green

More information about the openssh-unix-dev mailing list