bugzilla-daemon at mindrot.org
2003-Feb-18 14:15 UTC
[Bug 496] add a timeout function to ssh-agent
http://bugzilla.mindrot.org/show_bug.cgi?id=496 ------- Additional Comments From markus at openbsd.org 2003-02-19 01:15 ------- that's not too hard with the current code, and you could use the 'passwd' lock feature for something similar: specify timeout x and enter passwd on agent startup. after x seconds of activity the agent will 'autolock'. use ssh-add -X to unlock the agent. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Feb-18 16:13 UTC
[Bug 496] add a timeout function to ssh-agent
http://bugzilla.mindrot.org/show_bug.cgi?id=496 ------- Additional Comments From hauser at acm.org 2003-02-19 03:13 ------- Just trying to understand assuming a 15 minutes timeout: so as per http://bugzilla.mindrot.org/show_bug.cgi?id=481, I do i) setenv SSH_ASKPASS tbd ii) eval `ssh-agent -c -t 900` #I don't see a passwd option here? iii) ssh-add -x #now a password is set iv) ssh-add identity-files v) ssh-add -X #unlock - probably immediately or only after 15 minutes? Questions: 1) wouldn't step iii) lock immediately and not only after 15 minutes? 2) what do you recommend under cygwin/win2k for the SSH_ASKPASS? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Feb-18 16:49 UTC
[Bug 496] add a timeout function to ssh-agent
http://bugzilla.mindrot.org/show_bug.cgi?id=496 ------- Additional Comments From markus at openbsd.org 2003-02-19 03:49 ------- skip (iii). agent should ask in step (ii) (v) after 15 minutes. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Feb-18 17:53 UTC
[Bug 496] add a timeout function to ssh-agent
http://bugzilla.mindrot.org/show_bug.cgi?id=496
------- Additional Comments From hauser at acm.org 2003-02-19 04:53 -------
o.k.,
1) So does this mean that the description of ssh-agent -t option could
be amended as follows:<<
With this option, a password will be asked at start-up. Once the
lifetime is reached <em>ssh-add -X</em> allows you to run for
another
"lifetime" again.>>
Patch http://bugzilla.mindrot.org/attachment.cgi?id=231&action=edit in
http://bugzilla.mindrot.org/show_bug.cgi?id=481
2) I am using cygwin's openssh 3.5p1-3 and couldn't test it...
rhauser at PC:/<3>rhauser/Desktop> eval `ssh-agent -c -t 900`
ssh-agent: unknown option -- t
Usage: ssh-agent [options] [command [args ...]]
Options:
-c Generate C-shell commands on stdout.
-s Generate Bourne shell commands on stdout.
-k Kill the current agent.
-d Debug mode.
-a socket Bind agent socket to given name.
3) Any recommendations on SSH_ASKPASS for win2k/cygwin?
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Feb-18 18:31 UTC
[Bug 496] add a timeout function to ssh-agent
http://bugzilla.mindrot.org/show_bug.cgi?id=496 ------- Additional Comments From jmknoble at pobox.com 2003-02-19 05:31 -------> Any recommendations on SSH_ASKPASS for win2k/cygwin?Have you tried x11-ssh-askpass with XFree86 on cygwin? I've not received any feedback about whether it works there or not. http://www.pobox.com/~jmknoble/software/x11-ssh-askpass/ ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Feb-18 21:08 UTC
[Bug 496] add a timeout function to ssh-agent
http://bugzilla.mindrot.org/show_bug.cgi?id=496 ------- Additional Comments From hauser at acm.org 2003-02-19 08:08 ------- Thanks for the hint - I also found some source code in cygwin (http://cygwin.com/cgi-bin2/package-cat.cgi?file=openssh/openssh-3.5p1-3-src&grep=ssh-askpass), but no binary. Do you have a binary of it? So far, I hoped not to have to compile programs for cygwin myself. Further questions: 1) Is there no way to get a password into ssh-agent short of major environments such as X, Gtk, gnome and alike ? 2) anybody aware of a binary other than the japanese http://www.mail-archive.com/cygwin-xfree at cygwin.com/msg02925.html (--> http://www.ganaware.jp/S/win-ssh-askpass/) ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Feb-18 22:08 UTC
[Bug 496] add a timeout function to ssh-agent
http://bugzilla.mindrot.org/show_bug.cgi?id=496 ------- Additional Comments From jmknoble at pobox.com 2003-02-19 09:08 -------> Do you have a binary of it?No, i don't; i don't have a Cygwin environment to build or test on.> 1) Is there no way to get a password into ssh-agent short of > major environments such as X, Gtk, gnome and alike ?Yes. x11-ssh-askpass uses a fairly simple "protocol" to get the passphrase to ssh-add. From the man page: If exactly one non-option argument is provided on the command line, it is displayed in the dialog instead of the default label. If the argument contains newline characters ('\n'), each line of text is displayed on a separate line in the dialog. ssh-add uses pipe(2)+fork(2)+dup(2)+exec(3) to run the ssh-askpass program with its standard output connected back to a file descriptor in ssh-add. When the passphrase is accepted (in the case of x11-ssh-askpass, when the 'OK' button is clicked, or when [Enter] is pressed), the passphrase is printed on on the standard output, followed by a newline ('\n'). If the passphrase dialog is cancelled, ssh-askpass prints nothing (not even a newline) and exits (thus closing stdout). I don't see why you couldn't write an ssh-askpass program that, for example, started in a command window under Win32. For that matter, it's probably not that difficult for an experienced Win32 programmer (which i am not) to write a Win32-native ssh-askpass. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Feb-20 21:35 UTC
[Bug 496] add a timeout function to ssh-agent
http://bugzilla.mindrot.org/show_bug.cgi?id=496 ------- Additional Comments From hauser at acm.org 2003-02-21 08:35 ------- BTW, the japanes binaries are here http://matsu-www.is.titech.ac.jp/~sohda/cygwin/dist/packages/win-ssh-askpass/ And as per http://bugzilla.mindrot.org/show_bug.cgi?id=496#c4, cygwin apparently doesn't offer the -t option yet (see http://sources.redhat.com/ml/cygwin/2003-02/msg01491.html). ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.