ssh-add: can SSH_ASKPASS program require input from stdin?
basher89
basher89 at proton.me
Sun Dec 14 11:02:38 AEDT 2025
Got the answer from stackexchange. Trick is to pass our controlling
terminal to the pwd_mnger input in pass.sh:
</dev/tty pwd_mnger get-key-password
On Saturday, December 13th, 2025 at 6:25 PM, Carson Gaspar <carson at taltos.org> wrote:
>
> Try something like the following (assuming your shell supports it - bash
> does):
>
> sshpass -P assphrase ssh-add <(pwd_mngr get-key)
>
> (I am fetching both key and passphrase from apps, so mine is more like
> sshpass -f <(getpassphrase_cmd) -P ...)
>
> On 12/13/2025 7:53 AM, basher89 via openssh-unix-dev wrote:
>
> > Hi,
> >
> > I have a requirement for an SSH_ASKPASS program that itself asks user
> > for a password on /dev/stdin. This is due to the fact both the priv
> > key and its password are accessed from a password manager. Usage
> > looks like:
> > $ pwd_mngr get-key | SSH_ASKPASS=3D"pass.sh" ssh-add -
> >
> > where pass.sh contains: "pwd_mngr get-key-password"
> >
> > Both calls to pwd_mngr prompt user for a password, that cannot be
> > worked around. Also the usage is in a non-graphical environment.
> >
> > Looks like pass.sh is unable to bind to stdin and is immediately closed.
> >
> > Is there a way to solve this, or am I dealing with an XY problem here?
> > _______________________________________________
> > openssh-unix-dev mailing list
> > openssh-unix-dev at mindrot.org
> > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
More information about the openssh-unix-dev
mailing list