Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. OpenSSH>
  3. Dev
Question about ssh-askpass
ueno at unixuser
Apr 21, 2000, 9:34 AM
Post #1 of 3 (525 views)
Permalink
Hello.

I'm new to the list, and I have some questions.

I'd like to use ssh as a subprocess, and I'm looking for a generic way
of passing passphrase. So far as I know, in SSH Communications'
implementation of SSH, ssh invokes ssh-askpass as well as
ssh-add does. Lacking of this is just because of security reason?

Are there any plans to use some kind of readymade option parsing
routine--such as getopt?

Thank you,
--
Daiki Ueno
Re: Question about ssh-askpass [ In reply to ]
djm at mindrot
Apr 29, 2000, 12:25 AM
Post #2 of 3 (506 views)
Permalink
On 22 Apr 2000, Daiki Ueno wrote:

> Hello.
>
> I'm new to the list, and I have some questions.
>
> I'd like to use ssh as a subprocess, and I'm looking for a generic way
> of passing passphrase. So far as I know, in SSH Communications'
> implementation of SSH, ssh invokes ssh-askpass as well as
> ssh-add does. Lacking of this is just because of security reason?
>
> Are there any plans to use some kind of readymade option parsing
> routine--such as getopt?

No. If passwords were passed in on the command line, then they would
show up to everyone else on the system in a "ps".

You could either use ssh-agent or create key files without
passphrases.

-d

--
| "Bombay is 250ms from New York in the new world order" - Alan Cox
| Damien Miller - http://www.mindrot.org/
| Email: djm@mindrot.org (home) -or- djm@ibs.com.au (work)
Re: Question about ssh-askpass [ In reply to ]
ueno at unixuser
May 6, 2000, 5:41 AM
Post #3 of 3 (509 views)
Permalink
>>>>> In <Pine.LNX.4.21.0004291824010.816-100000@mothra.mindrot.org>
>>>>> Damien Miller <djm@mindrot.org> wrote:

> > I'd like to use ssh as a subprocess, and I'm looking for a generic way
> > of passing passphrase. So far as I know, in SSH Communications'
> > implementation of SSH, ssh invokes ssh-askpass as well as
> > ssh-add does. Lacking of this is just because of security reason?
> >
> > Are there any plans to use some kind of readymade option parsing
> > routine--such as getopt?

> No. If passwords were passed in on the command line, then they would
> show up to everyone else on the system in a "ps".

I'm sorry for my illegible sentences above.
There are no tie-in between these two questions.

On the first question, create a new file contains following:

| #include <sys/ioctl.h>
| #include <unistd.h>
|
| int main (argc, argv)
| int argc;
| char *argv[];
| {
| ioctl (0, TIOCNOTTY, 0);
| close (0);
| execvp (argv[1], &argv[1]);
| return 0;
| }

and compile it:

% gcc -o test test.c

% ./test ssh ueno@suzuran ls

SSH Version 1.2.27 pops up ssh-askpass, but OpenSSH just exits with
"You have no controlling tty. Cannot read passphrase."

As far as I know, `call-process' (the Emacs synchronous subprocess
function) can also detach the child's controlling terminal.

So, with using vc.el with CVS_RSH=ssh, I could input passphrase via
ssh-askpass.

> You could either use ssh-agent or create key files without
> passphrases.

Of course, I know that.

Regards,
--
Daiki Ueno

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal