search for: rp_allow_stdin

I would like to use ssh-add to unlock a key with a password provided through a web interface. It seems even though ssh-add calls read_passphrase with RP_ALLOW_STDIN at ssh-add.c:173, stdin is not used as a last resort without a valid terminal or display. Is it an intended behaviour ? And if so, what are the security implications of using popen() to write the password to ssh-add (not using echo password|ssh-add of course). I used this patch solves the issue :...

...t the second arguments are all set to zero. To make ssh work as documented one call in each of the two sshconnect[12].c source files must be altered to have the enabling second argument as below: # grep 'read_passphrase(' sshconnect[12].c sshconnect1.c: passphrase = read_passphrase(buf, RP_ALLOW_STDIN); sshconnect1.c: response = read_passphrase(prompt, 0); sshconnect1.c: password = read_passphrase(prompt, 0); sshconnect2.c: password = read_passphrase(prompt, 0); sshconnect2.c: passphrase = read_passphrase(prompt, RP_ALLOW_STDIN); sshconnect2.c: response = read_passphrase(prompt, echo ? RP_EC...

...NULL)) == 0) return prv; if (r != SSH_ERR_KEY_WRONG_PASSPHRASE) fatal("Load key \"%s\": %s", filename, ssh_err(r)); @@ -283,7 +284,7 @@ load_identity(char *filename) pass = xstrdup(identity_passphrase); else pass = read_passphrase("Enter passphrase: ", RP_ALLOW_STDIN); - r = sshkey_load_private(filename, pass, &prv, NULL); + r = sshkey_load_private_type(KEY_UNSPEC, filename, pass, &prv, NULL); explicit_bzero(pass, strlen(pass)); free(pass); if (r != 0) @@ -855,7 +856,7 @@ fingerprint_private(const char *path) fatal("%s: %s", path, str...

I tried replacing readpassphrase() for v2.9.9p2 on Sol8 with a different version that just calls getpassphrase(). It appears to solve the echo problem when the user tries to login in interactive mode and needs to change their password. Can anyone else try this with v2.9.9p2 on Solaris? Be sure to add: #define HAVE_GETPASSPHRASE ... to config.h when compiling (since it's not a configurable

...with gcc 2.95.3, configured --with-pam. The user can login fine when the password is not expired. Once the password is expired the user is connected and told the password has expired and is asked to change it. The user is prompted for the old password, this is then entered (without echoing, - the RP_ALLOW_STDIN code change has been applied) as soon as carriage-return is hit the used it disconnected. The error appears to be with the chauthtok function call. Building the same code functions correctly on Solaris 8. I have had to return the box to work (albeit with a non expiry changing Openssh) so will take...

...dress/correct this issue: --- auth-pam.c.orig 2016-02-13 09:44:14.656582235 -0800 +++ auth-pam.c 2016-02-13 09:46:14.583824370 -0800 @@ -982,6 +982,8 @@ reply[i].resp = read_passphrase(PAM_MSG_MEMBER(msg, i, msg), RP_ALLOW_STDIN); + if (reply[i].resp == NULL) + goto fail; reply[i].resp_retcode = PAM_SUCCESS; break; case PAM_PROMPT_ECHO_ON: =====================================================================...

...necessary to redirect the input from /dev/null to make this work.) But my numerous efforts to trigger this behavior failed, so I looked at the source. As far as I can see, the ssh code doesn't allow for this to happen. The read_passphrase() function never gets called by ssh with the RP_ALLOW_STDIN flag set, and the only other way to get ssh_askpass() to get called is for open(_PATH_TTY, O_RDWR) to fail. But /dev/tty is a+rw in the normal case. >From readpass.c: char * read_passphrase(const char *prompt, int flags) { char *askpass = NULL, *ret, buf[1024]; int rppflags,...

...pass; Key *prv; - prv = key_load_private(filename, "", NULL); + prv = key_load_private(filename, "", NULL, 0); if (prv == NULL) { if (identity_passphrase) pass = xstrdup(identity_passphrase); else pass = read_passphrase("Enter passphrase: ", RP_ALLOW_STDIN); - prv = key_load_private(filename, pass, NULL); + prv = key_load_private(filename, pass, NULL, 0); memset(pass, 0, strlen(pass)); xfree(pass); } @@ -560,7 +560,7 @@ exit(1); } /* Try to load the file with empty passphrase. */ - private = key_load_private(identity_file, "&quo...

...> --with-pam. > > The user can login fine when the password is not expired. Once the password > is expired the user is connected and told the password has expired and is > asked to change it. The user is prompted for the old password, this is then > entered (without echoing, - the RP_ALLOW_STDIN code change has been applied) > as soon as carriage-return is hit the used it disconnected. > The error appears to be with the chauthtok function call. Does sshd dump core? What's the stack trace? That'd help a lot - knowing what the calling routine was (before it got into PAM-land...

...haven't found a way to do so :) poll() works fine, writing to the terminal doesn't rase TTOU immediately (yeah, how did read() trigger a TTOU ???) As a relief, I guess I'll restrict the readpassphrase to only restart limited amount of times (and prevent the lockout), and also pass the RP_ALLOW_STDIN in "sshconnect2.c:userauth_passwd()", to allow ssh to actually work. P.S. cygwin also has an issue, when a native window application runs 'ssh' inside it, in that case the password can not be read from anywhere, and the whole thing just hangs... P.P.S. please in...

...ERR_KEY_WRONG_PASSPHRASE) ??? ??? ?fatal("Load key \"%s\": %s", filename, ssh_err(r)); @@ -326,7 +328,7 @@ load_identity(const char *filename, char **commentp) ??? ??? ?pass = xstrdup(identity_passphrase); ??? ?else ??? ??? ?pass = read_passphrase("Enter passphrase: ", RP_ALLOW_STDIN); -?? ?r = sshkey_load_private(filename, pass, &prv, commentp); +?? ?r = sshkey_load_private(filename, pass, &prv, commentp, vault_infop); ??? ?freezero(pass, strlen(pass)); ??? ?if (r != 0) ??? ??? ?fatal("Load key \"%s\": %s", filename, ssh_err(r)); @@ -429,7 +431,7 @@...

Hello, With the introduction of SSH_ASKPASS_REQUIRE in version 8.4, I've set up a script for SSH_ASKPASS to query my local passwordstore (https://www.passwordstore.org/) vault to retrieve the password for a given key. This works for ssh-add as well as ssh (configured with AddKeysToAgent set to 'yes'). My workflow effectively transforms into entering the password for the GPG key used

...ass = 0, ttyfd; rppflags = (flags & RP_ECHO) ? RPP_ECHO_ON : RPP_ECHO_OFF; - if (flags & RP_USE_ASKPASS) + if (flags & RP_USE_ASKPASS || + (options.prefer_askpass && getenv(SSH_ASKPASS_ENV) && + !(flags & RP_ECHO))) use_askpass = 1; else if (flags & RP_ALLOW_STDIN) { if (!isatty(STDIN_FILENO)) Index: ssh-add.c =================================================================== RCS file: /cvs/openssh/ssh-add.c,v retrieving revision 1.77 diff -u -r1.77 ssh-add.c --- ssh-add.c 17 Jul 2004 04:07:42 -0000 1.77 +++ ssh-add.c 3 Oct 2004 10:58:54 -0000 @@ -48,6 +...

...024) + break; + + buf[i++] = ch; + } + + buf[i] = '\0'; + + return buf; } diff -bur openssh-3.1p1.org/readpass.h openssh-3.1p1/readpass.h --- openssh-3.1p1.org/readpass.h Wed Jul 4 06:46:58 2001 +++ openssh-3.1p1/readpass.h Mon Apr 22 10:19:53 2002 @@ -16,3 +16,4 @@ #define RP_ALLOW_STDIN 0x0002 char *read_passphrase(const char *, int); +char *read_password_from_fd(int fd); diff -bur openssh-3.1p1.org/ssh.1 openssh-3.1p1/ssh.1 --- openssh-3.1p1.org/ssh.1 Tue Feb 19 05:27:24 2002 +++ openssh-3.1p1/ssh.1 Mon Apr 22 10:34:59 2002 @@ -51,6 +51,7 @@ .Op Fl afgknqstvxACNPTX1246 ....

I've architected this in a way that looks future proof at least to the openssl provider transition. What will happen in openssl 3.0.0 is that providers become active and will accept keys via URI. The current file mechanisms will still be available but internally it will become a file URI. To support the provider interface, openssl will have to accept keys by URI instead of file and may

https://bugzilla.mindrot.org/show_bug.cgi?id=69 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |djm at mindrot.org Alias| |generalised-askpass -- Configure bugmail:

Engine keys are private key files which are only understood by openssl external engines. ?The problem is they can't be loaded with the usual openssl methods, they have to be loaded via ENGINE_load_private_key(). ?Because they're files, they fit well into openssh pub/private file structure, so they're not very appropriately handled by the pkcs11 interface because it assumes the private

...dd_engine_key(int agent_fd, const char *file, const char *engine) +{ + int ret; + char *pin = NULL; + + ret = ssh_add_engine_key(agent_fd, file, engine, NULL, lifetime, confirm, maxsign); + if (ret == SSH_ERR_KEY_WRONG_PASSPHRASE) { + pin = read_passphrase("Enter engine key passphrase:", RP_ALLOW_STDIN); + if (!pin) + return -1; + ret = ssh_add_engine_key(agent_fd, file, engine, pin, lifetime, confirm, maxsign); + } + if (ret != SSH_AGENT_SUCCESS) { + fprintf(stderr, "failed to add engine key: %s\n", ssh_err(ret)); + } else { + fprintf(stderr, "Engine Identity added: %s\n&quo...

Hi, OpenSSH 8.2p1 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This is a feature release. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is also available via git using the instructions at