similar to: Sending passphrase w/o keyboard interaction

Hello, I have the following problem. I have an application which is running and which has already request a passphrase to the user. This application needs to launch ssh agent and ssh add, but I do not want to be prompt again for the passphrase. My private key is of course encrypted with the passphrase. How can I do ? My only idea for the moment is to change the variable value of ask_passphrase

On Tue, Jan 02, 2024 at 03:52:29PM +1100, Damien Miller wrote: > On Mon, 1 Jan 2024, Christian Weisgerber wrote: > > > Chris Green: > > > > > Setting SSH_ASKPASS_REQUIRE=never in the environment on my xubuntu > > > 23.10 system doesn't seem to work. I have set it:- > > > > > > chris$ env | grep SSH > > >

A co-worker argues we can login using only password to a "ssh-key restricted host (PasswordAuthentication no)", without being asked by any passphase; just by putting a key (no need to be the private key) on another password-based host. It that true? I do not think so. I would name that as an "important OpenSSH daemon security bug". That is because I think it is not true.

> > There must be *something* in the environment that affects this because > I'm seeing two different ways of asking for the passphrase on the same > screen. The only difference is that one is a simple terminal window > running on my system and the other is one where I have used ssh to > connect to a remote system and then ssh again back to the 'home' > system.

On 2024/01/02 09:51, Chris Green wrote: > I think I have it! I need to unset SSH_AUTH_SOCK, that's all that's > needed. See:- > > chris$ ssh -i backup_id_rsa backup > [here the pop-up appears and I cancel it] > sign_and_send_pubkey: signing failed for RSA "backup_id_rsa" from > agent: agent refused operation > chris at backup's

Hi all, I have a script which calls ssh-add at a certain point, and I'm getting the following error: ssh_askpass: exec(/usr/bin/ssh-askpass): No such file or directory I don't see why it's doing this, since SSH_ASKPASS isn't set, and there should be a working terminal: SSH_ASKPASS If ssh needs a passphrase, it will read the passphrase from the

The included patch adds a new option to the ssh client: -d fd Read the password from file descriptor fd. If you use 0 for fd, the passphrase will be read from stdin. This is basically the same as GPG:s parameter --passphrase-fd. Flames about why this is a bad idea goes into /dev/null. I really need to do this. There are lots of ugly Expect-hacks out there, but I want a more clean

There is an amusing bug in ssh-add that causes it to go into an infinite loop. I am using openssh 1.2.3, and noticed that when I ran "ssh-add < /dev/null" in my X startup scripts, but didn't have ssh-askpass installed, ssh-add started spewing errors into my .xsession-errors and didn't stop. I found that what happens is: ssh-add forks and attempts to exec ssh-askpass. The

On Mon, 1 Jan 2024, Christian Weisgerber wrote: > Chris Green: > > > Setting SSH_ASKPASS_REQUIRE=never in the environment on my xubuntu > > 23.10 system doesn't seem to work. I have set it:- > > > > chris$ env | grep SSH > > SSH_AUTH_SOCK=/run/user/1000/keyring/ssh > > SSH_ASKPASS_REQUIRE=never > > What component is actually

https://bugzilla.mindrot.org/show_bug.cgi?id=3572 Bug ID: 3572 Summary: ssh-agent refused operation when using FIDO2 with -O verify-required Product: Portable OpenSSH Version: 9.3p1 Hardware: Other OS: Linux Status: NEW Severity: minor Priority: P5 Component:

On 09/13/2018 07:54 PM, Darren Tucker wrote: > I'd guess that the reason it doesn't work is that the key is encrypted > and neither the agent nor a tty to ask for the decryption passphrase > is available. Try repeating your command line test after unsetting > SSH_AUTH_SOCK > Okay. That reproduced the issue. Is there a recommended way to provide the decryption

Hello, With the introduction of SSH_ASKPASS_REQUIRE in version 8.4, I've set up a script for SSH_ASKPASS to query my local passwordstore (https://www.passwordstore.org/) vault to retrieve the password for a given key. This works for ssh-add as well as ssh (configured with AddKeysToAgent set to 'yes'). My workflow effectively transforms into entering the password for the GPG key used

My keys are secured with a passphrase. That's good for security, but having to type the passphrase either at every login or at every invocation of ssh(1) is annoying. I know I could invoke ssh-add(1) just before invoking ssh(1), if I keep track of whether I invoked it already, or write some hacky scripts; but the rest of OpenSSH is wonderfully usable without any hacks. Hence, this patch.

I would like ssh to have the command line option of supplying the passphrase. This would make it possible to do attendant free scp transfers from PHP, for example. As it is, it is impossible to use a web script to initiate an scp xfer if an encrypted private key is used. I realize that stupid people could make shell scripts or web scripts then with the pass phrase in them, but those same stupid

I am going to preface this email by saying that I know very little about OpenSSH internals, the protocol, etc. I do a lot of work with novice programmers, and one step that comes up relatively early is generating SSH keys. In case you haven't done it in a while, the output looks like this: $ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key

http://bugzilla.mindrot.org/show_bug.cgi?id=81 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |WORKSFORME ------- Additional Comments From djm at mindrot.org 2002-01-26 10:07

http://bugzilla.mindrot.org/show_bug.cgi?id=1138 Summary: Passphrase asked for (but ignored) if key file permissions too liberal. Product: Portable OpenSSH Version: 4.2p1 Platform: PPC OS/Version: Linux Status: NEW Severity: minor Priority: P1 Component: ssh-add AssignedTo:

Hi everybody, I have asked a question a long time ago regarding SSH_ASKPASS, but with the latest version of OpenSSH I am not able to get the desired result. My goal is to launch a script on a remote server via SSH without having to type a password, because it is locally executed from a script. This should not be too complicated, but somehow I am not able to figure this out myself. I have

I'm running into some odd behavior that I can't figure out that I'm hoping someone can help me with. After years of SSH usage, I've decided to exchange one laziness for another and use ssh-agent. However I'm running into an odd instance where ssh is asking for the passphrase to my key stored in ~/.ssh/id_dsa when attempting to connect to a machine with nothing in

The patch below does two things. 1. If invoked with no arguments, attempt to add both RSA and DSA keys. 2. Remember the last successful passphrase and attempt to use it on subsequent key files which are added. Note that the latter part of the patch extends the period of time during which the passphrase is held in clear text in the ssh-add process, but doesn't introduce any _new_