I would like to use ssh-add to unlock a key with a password provided
through a web interface.
It seems even though ssh-add calls read_passphrase with RP_ALLOW_STDIN
at ssh-add.c:173, stdin is not used as a last resort without a valid
terminal or display. Is it an intended behaviour ? And if so, what are
the security implications of using popen() to write the password to
ssh-add (not using echo password|ssh-add of course).
I used this patch solves the issue :
diff -Nru openssh-5.6p1/readpass.c openssh-5.6p1-b/readpass.c
--- openssh-5.6p1/readpass.c 2006-08-05 04:39:40.000000000 +0200
+++ openssh-5.6p1-b/readpass.c 2011-01-18 09:52:34.000000000 +0100
@@ -123,6 +123,7 @@
if (!isatty(STDIN_FILENO)) {
debug("read_passphrase: stdin is not a tty");
use_askpass = 1;
+ rppflags |= RPP_STDIN;
}
} else {
rppflags |= RPP_REQUIRE_TTY;
Thanks
Jean-Yves Faye
Jean-Yves FAYE wrote:> I would like to use ssh-add to unlock a key with a password provided > through a web interface. > > It seems even though ssh-add calls read_passphrase with RP_ALLOW_STDIN > at ssh-add.c:173, stdin is not used as a last resort without a valid > terminal or display. Is it an intended behaviour ? And if so, what are > the security implications of using popen() to write the password to > ssh-add (not using echo password|ssh-add of course). > > > I used this patch solves the issue :Maybe you could provide an SSH_ASKPASS instead, and avoid patching. //Peter
Le 18/01/2011 10:35, Peter Stuge a ?crit :> Jean-Yves FAYE wrote: >> I would like to use ssh-add to unlock a key with a password provided >> through a web interface. >> >> It seems even though ssh-add calls read_passphrase with RP_ALLOW_STDIN >> at ssh-add.c:173, stdin is not used as a last resort without a valid >> terminal or display. Is it an intended behaviour ? And if so, what are >> the security implications of using popen() to write the password to >> ssh-add (not using echo password|ssh-add of course). >> >> >> I used this patch solves the issue : > > Maybe you could provide an SSH_ASKPASS instead, and avoid patching. > >That was one of my alternatives, with some twists and a less straightforward way than pipe to stdin, without using disk. Another alternative i thought of was to decipher the key within the php script and provide it to ssh-agent, but it may be difficult to implement. I was mostly wondering if it was the intended behavior, given the RP_ALLOW_STDIN flag. Jean-Yves Faye