Richard Hansen wrote:> How does the ssh-askpass process invoked by ssh-agent present the > confirmation prompt on the correct tty or display?I guess it can decide what it wants to do. x11-ssh-askpass prompts wherever ssh-agent was started. ssh-agent is apparently often started in the wrong context, because "ssh-add -c" confirmation doesn't work for a lot of people. :\ //Peter
On a recent Ubuntu Budgie desktop 20.04.3 long-term-support install, I had to disable the gnome-keyring-ssh thingy that started ssh-agent as a parent of my X11 session, because it was unexpectedly supplying passphrases to my keys without asking me. (Still don't quite know how it knew the passphrases...). The agent was started early enough in the session and weirdly enough as a child of gnome-keyring, I don't know whether it even had access to $DISPLAY or a controlling terminal. If that's common across Ubuntu flavors, then I wouldn't be surprised if a large number of folks have ssh-agents that don't have the right context for 'ssh-add -c'. -- jmk> On Sep 11, 2021, at 10:05, Peter Stuge <peter at stuge.se> wrote: > > [...] > ssh-agent is apparently often started in the wrong context, > because "ssh-add -c" confirmation doesn't work for a lot of people. :\
On Sat, 11 Sep 2021 17:01, Peter Stuge said:> x11-ssh-askpass prompts wherever ssh-agent was started.That is exactly what gpg-agent does for his ssh-agent functionality. Works for many people but fails as soon as you use an X-server to login to your work box (in my case a laptop). Thus you either need to restart (ssh|gpg)-agent or you send the current set of envvars always to the agent. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 227 bytes Desc: not available URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20210913/2dbd6994/attachment.asc>