Daniel Kahn Gillmor
2011-Feb-24 21:45 UTC
ssh-askpass should be able to distinguish between a prompt for confirmation and a prompt for an actual passphrase
I just opened a bug report about this, but i thought i'd bring it to the group if anyone has any concerns about the idea: https://bugzilla.mindrot.org/show_bug.cgi?id=1871 currently, ssh-askpass is used in some situations to actually ask the user for a passphrase. in other situations, it is used to prompt for simple confirmation (e.g. ControlMaster=ask, ssh-add -c). Providing the exact same UI for both scenarios is not only surprising for new users; it is also potentially problematic. For example, grabbing the X11 keyboard is a pretty invasive operation (and it is warranted, to avoid other X processes snooping on the passphrase). A prompt for confirmation doesn't need to grab the keyboard, though. I'm proposing to extend the ssh-askpass interface with an environment variable SSH_ASKPASS_CONFIRMATION_ONLY. If this environment variable is set, the ssh-askpass can choose to display a simpler/non-kbd-grabbing UI. ssh, ssh-add, and ssh-agent would need to know to set or clear that environment variable depending on the type of prompt. Another approach would be to define a command line argument, but existing ssh-agent implementations appear to treat multiple arguments differently (e.g. gnome-ssh-askpass concatenates them all into the string prompt; jim knoble's x11-ssh-askpass accepts old-school X11-style arguments). So an environment variable seems cleaner. This would be an optional UI enhancement -- ssh-askpass implementations that don't know about it or don't care would't need to make any changes. Any thoughts? --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1030 bytes Desc: OpenPGP digital signature URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20110224/1b37f4e8/attachment.bin>
Jameson Rollins
2011-Feb-24 22:04 UTC
ssh-askpass should be able to distinguish between a prompt for confirmation and a prompt for an actual passphrase
On Thu, 24 Feb 2011 16:45:20 -0500, Daniel Kahn Gillmor <dkg at fifthhorseman.net> wrote:> I just opened a bug report about this, but i thought i'd bring it to the > group if anyone has any concerns about the idea: > > https://bugzilla.mindrot.org/show_bug.cgi?id=1871 > > currently, ssh-askpass is used in some situations to actually ask the > user for a passphrase. > > in other situations, it is used to prompt for simple confirmation (e.g. > ControlMaster=ask, ssh-add -c). > > Providing the exact same UI for both scenarios is not only surprising > for new users; it is also potentially problematic.One of the particularly problematic aspects of using the same UI for confirmation is that askpass prompts for password when simply asking for confirmation. Furthermore, it seems to be sensitive to what is actually typed in to that prompt. Obviously this doesn't make any sense when it's actually just asking for a yes/no response. I think Daniel's suggestion of using an environment variable to change to UI to one that just asks for a yes/no response (and doesn't grab the keyboard) is definitely the way to go. Thanks for the suggestion, Daniel. jamie. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 835 bytes Desc: not available URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20110224/b72fca30/attachment.bin>
Possibly Parallel Threads
- [Bug 1871] New: ssh-askpass should be able to distinguish between a prompt for confirmation and a prompt for an actual passphrase
- [Bug 1871] ssh-askpass should be able to distinguish between a prompt for confirmation and a prompt for an actual passphrase
- help wanted: update ssh-askpass programs for new U2F / prompt hints
- help wanted: update ssh-askpass programs for new U2F / prompt hints
- SSH-askpass - timeout possible?