http://bugzilla.mindrot.org/show_bug.cgi?id=69
Summary: Generalize SSH_ASKPASS
Product: Portable OpenSSH
Version: -current
Platform: All
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P2
Component: ssh
AssignedTo: openssh-unix-dev at mindrot.org
ReportedBy: bbum at codefab.com
Two generalizations to SSH_ASKPASS (explanation follows).
(1) Do not require a DISPLAY environment variable for SSH_ASKPASS to work. It
is not necessary on non-X windowing systems (such as OS X).
(2) Allow SSH_ASKPASS type functionality to be available even when run with
stdin (or whatever) connected to a valid TTY.
---
Why?
Under OS X, I no longer use public key authentication to allow for passwordless
(or one time per ssh-agent) authentication into remote machines. This is done
for a number of reasons; fewer trust relationships is always good and some uses
of SSH under OS X simply do not give the opportunity to ask for a password
unless done through an external program.
Further more, I have developed a small app-- SSHPassKey
(http://www.codefab.com/unsupported/SSHPassKey_v1.1-1-README.html) that uses the
KeyChain functionality built into OS X to store the passwords for particular
sites. In effect, SSHPassKey acts as a replacement for ssh-agent, following
the security semantics the user has configured (in my case, my Keychain locks
itself automatically anytime the machine sleeps or after two hours).
SSHPassKey works wonderfully via SSH_ASKPASS but, of course, does not work at
the command line (where there is and sometimes should be a valid TTY) and it
requires the DISPLAY environment variable to be set to something, which can
occasionally confuse X aware apps -- like xemacs -- into thinking they should
use an X server when they shouldn't.
Thanks.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
