I've been giving SSH_ASKPASS a hard look, and it's not clear to
me how it's supposed to work. The documentation (ssh.1) seems
explicit enough:
SSH_ASKPASS
If ssh needs a passphrase, it will read the passphrase from the
current terminal if it was run from a terminal. If ssh does not
have a terminal associated with it but DISPLAY and SSH_ASKPASS
are set, it will execute the program specified by SSH_ASKPASS
and open an X11 window to read the passphrase. This is particu-
larly useful when calling ssh from a .Xsession or related
script. (Note that on some machines it may be necessary to
redirect the input from /dev/null to make this work.)
But my numerous efforts to trigger this behavior failed, so I
looked at the source. As far as I can see, the ssh code doesn't
allow for this to happen. The read_passphrase() function never
gets called by ssh with the RP_ALLOW_STDIN flag set, and the
only other way to get ssh_askpass() to get called is for
open(_PATH_TTY, O_RDWR) to fail. But /dev/tty is a+rw in the
normal case.
>From readpass.c:
char *
read_passphrase(const char *prompt, int flags)
{
char *askpass = NULL, *ret, buf[1024];
int rppflags, use_askpass = 0, ttyfd;
rppflags = (flags & RP_ECHO) ? RPP_ECHO_ON : RPP_ECHO_OFF;
if (flags & RP_ALLOW_STDIN) {
if (!isatty(STDIN_FILENO))
use_askpass = 1;
} else {
rppflags |= RPP_REQUIRE_TTY;
ttyfd = open(_PATH_TTY, O_RDWR);
if (ttyfd >= 0)
close(ttyfd);
else
use_askpass = 1;
}
.. and thereafter, ssh_askpass() is called iff use_askpass is set.
But according to Mr. Friedl on this list, the documented use of
SSH_ASKPASS is usable from ssh:
> Subject: Re: Feature request
> From: Markus Friedl <markus () openbsd ! org>
> Date: 2004-03-14 18:48:43
> Message-ID: <20040314184842.GA29132 () folly>
>
> On Sun, Mar 14, 2004 at 06:48:35PM +0100, Peter Stuge wrote:
> > On Sun, Mar 14, 2004 at 05:55:13PM +0100, Martin Kluge wrote:
> > > So would you accept a patch to add a new command line option
> > > (suggestion: -d) to specify a password directly on the command
line?
> >
> > This has been requested before but declined because it promotes
insecure
> > behavior. (Your system may be isolated, but all aren't and
it's usually
> > possible to see any arguments of all processes in the system.)
>
> yes, but you can abuse SSH_ASKPASS for this.
I've been staring at this until my eyes cross, and checked
around on other platforms to see if maybe /dev/tty permissions
are different on other *nixes .. please, is this a bug in the
documentation, a bug in the code, or my own misunderstanding?
-- TTK