Hi everybody, I have asked a question a long time ago regarding SSH_ASKPASS, but with the latest version of OpenSSH I am not able to get the desired result. My goal is to launch a script on a remote server via SSH without having to type a password, because it is locally executed from a script. This should not be too complicated, but somehow I am not able to figure this out myself. I have configured the variables SSH_ASKPASS=<password_script> and DISPLAY=nodisplay. My password_script just contains echo "password", nothing else. Now if I execute this ssh command: ssh -T jan@<dest_host> "/<script_dir>/<script>" It still asks me for a password. This command though setsid ssh -T jan@<dest_host> "/<script_dir>/<script>" does work as expected, it launches the remote script. I know ssh should support this out of the box, so I want to get rid of setsid. Any help or directions are appreciated. Warm regards, Jan
On 24/12/2009, at 11:40 AM, "Jan Alphenaar" <jan.alphenaar at dotcolour.com> wrote:> Hi everybody, > > I have asked a question a long time ago regarding SSH_ASKPASS, but > with the > latest version of OpenSSH I am not able to get the desired result. > > My goal is to launch a script on a remote server via SSH without > having to > type a password, because it is locally executed from a script. This > should > not be too complicated, but somehow I am not able to figure this out > myself.Why aren't you using authorized_keys with a public/private keys. That's what it's there for. Among other reasons.> > > > I have configured the variables SSH_ASKPASS=<password_script> and > DISPLAY=nodisplay. My password_script just contains echo "password", > nothing > else. > > Now if I execute this ssh command: > > ssh -T jan@<dest_host> "/<script_dir>/<script>" > > It still asks me for a password. This command though > > setsid ssh -T jan@<dest_host> "/<script_dir>/<script>" > > does work as expected, it launches the remote script. > > I know ssh should support this out of the box, so I want to get rid of > setsid. > > Any help or directions are appreciated. > > Warm regards, > > Jan > > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
On 2009-12-23 17:40, Jan Alphenaar wrote:
: setsid ssh -T jan@<dest_host>
"/<DEFANGED_script_dir>/<DEFANGED_script>"
:
: does work as expected, it launches the remote script.
:
: I know ssh should support this out of the box, so I want to get rid of
: setsid.
Hi, Jan.
You are correct in that using 'setsid' works as expected. The reason
is here, to quote the ssh(1) man page:
If ssh needs a passphrase, it will read the passphrase from the
current terminal if it was run from a terminal. If ssh does not
have a terminal associated with it but DISPLAY and SSH_ASKPASS are
set, it will execute the program specified by SSH_ASKPASS and open
an X11 window to read the passphrase. This is particularly useful
when calling ssh from a .xsession or related script. (Note that
on some machines it may be necessary to redirect the input from
/dev/null to make this work.)
The problem is that, on many (most?) systems, to disassociate ssh from
its controlling terminal, you need to put it into a new "session".
Redirecting stdin from /dev/null ('ssh ... </dev/null') is not
enough.
The setsid command you are using is pretty much the only way to do that;
it's pretty much a wrapper around the setsid(2) system call, which then
execs the command given on the command line (probably via execvp(3)).
This is a feature of POSIX (see
http://www.opengroup.org/onlinepubs/009695399/functions/setsid.html ).
Hope this helps.
--jim
--
jim knoble | jmknoble at pobox.com | http://www.pobox.com/~jmknoble/
(GnuPG key ID: C6F31FFA >>>>>>
http://www.pobox.com/~jmknoble/keys/ )
(GnuPG fingerprint: 99D8:1D89:8C66:08B5:5C34::5527:A543:8C33:C6F3:1FFA)
Jan Alphenaar wrote:> Hi everybody, > > I have asked a question a long time ago regarding SSH_ASKPASS, but with the > latest version of OpenSSH I am not able to get the desired result. > > My goal is to launch a script on a remote server via SSH without having to > type a password, because it is locally executed from a script. This should > not be too complicated, but somehow I am not able to figure this out myself. > > > I have configured the variables SSH_ASKPASS=<password_script> and > DISPLAY=nodisplay. My password_script just contains echo "password", nothing > else. > > Now if I execute this ssh command: > > ssh -T jan@<dest_host> "/<script_dir>/<script>" > > It still asks me for a password. This command though > > setsid ssh -T jan@<dest_host> "/<script_dir>/<script>" > > does work as expected, it launches the remote script. > > I know ssh should support this out of the box, so I want to get rid of > setsid. > > Any help or directions are appreciated. > > Warm regards, > > JanLook like old request "(generalised-askpass) Generalize SSH_ASKPASS" https://bugzilla.mindrot.org/show_bug.cgi?id=69 Roumen -- Get X.509 certificates support in OpenSSH: http://roumenpetrov.info/openssh/