similar to: [Bug 3572] New: ssh-agent refused operation when using FIDO2 with -O verify-required

https://bugzilla.mindrot.org/show_bug.cgi?id=69 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |djm at mindrot.org Alias| |generalised-askpass -- Configure bugmail:

Hi all, I have a script which calls ssh-add at a certain point, and I'm getting the following error: ssh_askpass: exec(/usr/bin/ssh-askpass): No such file or directory I don't see why it's doing this, since SSH_ASKPASS isn't set, and there should be a working terminal: SSH_ASKPASS If ssh needs a passphrase, it will read the passphrase from the

http://bugzilla.mindrot.org/show_bug.cgi?id=496 ------- Additional Comments From markus at openbsd.org 2003-02-19 01:15 ------- that's not too hard with the current code, and you could use the 'passwd' lock feature for something similar: specify timeout x and enter passwd on agent startup. after x seconds of activity the agent will 'autolock'. use ssh-add -X to unlock

There is an amusing bug in ssh-add that causes it to go into an infinite loop. I am using openssh 1.2.3, and noticed that when I ran "ssh-add < /dev/null" in my X startup scripts, but didn't have ssh-askpass installed, ssh-add started spewing errors into my .xsession-errors and didn't stop. I found that what happens is: ssh-add forks and attempts to exec ssh-askpass. The

I was recently looking at verifying the attestation data (ssh-sk-attest-v00) for a SK key, but I believe the data saved in this structure is insufficient for completing verification of the attestation. While the structure has enough information for U2F devices, FIDO2 devices sign their attestation over a richer "authData" blob [1] (concatenated with the challenge hash). The authData blob

The patch below fixes a compile-time warning in readpass.c. MIME-Version: 1.0 Content-Type: application/aegis-patch Subject: openssh.2 - Fix warning in readpass.c Content-Name: openssh.2.C010.patch Content-Disposition: attachment; filename=openssh.2.C010.patch X-Aegis-Project-Name: openssh.2 X-Aegis-Change-Number: 10 # # Fix the following warning in readpass.c: # # readpass.c: In function

On Mon, Jul 20, 2020 at 09:27:16AM +1000, Damien Miller wrote: > On Sun, 19 Jul 2020, Domenico Andreoli wrote: > > > On Mon, Jul 13, 2020 at 01:34:37PM +1000, Damien Miller wrote: > > > On Fri, 10 Jul 2020, Frank Sharkey wrote: > > > > > > > I set up the YubiKey with OpenSSH 8.2 (Ubuntu client and server) and it > > > > works. However, it

Hi, When we added U2F support, we also extended the interface used by ssh and ssh-agent to invoke the $SSH_ASKPASS program. Originally, the askpass prompt was used to obtain passphrases for ssh in cases where it was not possible to read them from the terminal. Later it was (ab)used for showing confirmation prompts for each use of any key that was added to the agent using "ssh-add -c".

http://bugzilla.mindrot.org/show_bug.cgi?id=69 astrand at lysator.liu.se changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |astrand at lysator.liu.se ------- Additional Comments From astrand at lysator.liu.se 2003-03-26 21:10 ------- >hmmm, alternately

We're developing a security application (http://iscs.sourceforge.net) that uses SSH for out-of-band management. Sometimes we want to use rsa keys and other times we want to use user ids and passwords. We noticed that there was not an OpenSSH API that we could use to pass the user's password and that we could not give it via stdin. We did notice that we could set SSH_ASKPASS and launch

Hello, With the introduction of SSH_ASKPASS_REQUIRE in version 8.4, I've set up a script for SSH_ASKPASS to query my local passwordstore (https://www.passwordstore.org/) vault to retrieve the password for a given key. This works for ssh-add as well as ssh (configured with AddKeysToAgent set to 'yes'). My workflow effectively transforms into entering the password for the GPG key used

Hi, I had developed a program which spawns a shell where i am trying to use ssh commands to log into a linux server. There is a pop up dialog window which is prompting me for key-ing the password. Actually i want to get rid of this pop up dialog box, as i don't want this to be visible in my program/code execution. Could you please let me know is there any way to resolve and stop this

http://bugzilla.mindrot.org/show_bug.cgi?id=872 Summary: SSH client fails for non-root users with "Host key verification failed" Product: Portable OpenSSH Version: 3.8.1p1 Platform: ix86 OS/Version: Linux Status: NEW Severity: major Priority: P2 Component: ssh

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I note that ssh-askpass-gnome was moved into the contrib/ directory of portable OpenSSH and the configure option for it (--with-gnome-askpass) was removed. I can understand not wanting a configure option for one particular askpass program, but it would be useful to have a general replacement, as in % ./configure

Hi, I've been attempting to write a gui wrapper to launch ssh -X user at machine application I'm trying to launch ssh and connect to it with pipes so that my front end can enter the password if required (either from a cache or by popping up a dialogue box). I've been having problems with pipes though reading from ssh's stdout, for when it asks for the password. Before I go

Dear list, I have set up SSH with the SSH_ASKPASS and DISPLAY variable set. Everything works perfectly. When ssh is used without a tty, the askpass program is executed, providing the password. But when I change the location of the askpass program, so it contains a space in the absolute path name (for example "c:\My Documents\askpass") the askpass program cannot be found. I get a

Hi everybody, I have asked a question a long time ago regarding SSH_ASKPASS, but with the latest version of OpenSSH I am not able to get the desired result. My goal is to launch a script on a remote server via SSH without having to type a password, because it is locally executed from a script. This should not be too complicated, but somehow I am not able to figure this out myself. I have

https://bugzilla.mindrot.org/show_bug.cgi?id=3226 Bug ID: 3226 Summary: Feature request: Prempt fingerprint prompt when connecting to new server Product: Portable OpenSSH Version: 8.4p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component:

Hi all, i'm trying to figure out if i'm being silly or if there is a genuine problem. Running on the notorious Redhat 7, 2.2.16-22 #1, X86. [user at host]$ ssh-agent -s SSH_AUTH_SOCK=/tmp/ssh-XXYFcFR6/agent.2101; export SSH_AUTH_SOCK; SSH_AGENT_PID=2102; export SSH_AGENT_PID; echo Agent pid 2102; [user at host]$ echo $SSH_AUTH_SOCK [user at host]$ echo $SSH_AGENT_PID [user at host]$

OpenSSH Version 2.9p1 of "ssh-add $HOME/.ssh/id_rsa < /dev/null" fails on the first try of using ssh-askpass before the window manager starts. The second try works. The error message on the first try is "Bad passphrase, try again". This did not occur using OpenSSH-2.5.2p2.tar.gz. I've tested this on both RHL6.2 and RHL7.1, both with all RH rpm updates applied. I