Re: unable to use SSH_ASKPASS

From: Derek Martin (code_at_pizzashack.org)
Date: 08/05/05

  • Next message: Peter Kjellström: "Re: Effective bandwidth reduction over WAN" 
    Date: Fri, 5 Aug 2005 12:20:28 -0400
To: secureshell@securityfocus.com

    On Fri, Aug 05, 2005 at 09:50:47AM +0300, Popeanga Marian wrote:
    > starting ssh from a shell script and setting SSH_ASKPASS and DISPLAY
    > should involve executing the $SSH_ASKPASS. Till now i wasn't able to do
    > it.

    The key is the first phrase from the section of the man page you
    quoted:

        If ssh DOES NOT have a terminal associated with it [emphasis added
        by me.]

    A shell script that you start from your command line DOES have a
    terminal associated with it, so if you are starting your test script
    from the command line, it will not invoke the program specified by
    SSH_ASKPASS. As the man page explains, this is mostly useful for
    starting ssh from ~/.xsession (to start an ssh session while your X
    Window System session is starting up).

    The sentence before that is also important:

         SSH_ASKPASS
                  If ssh needs a passphrase, it will read the passphrase
                  from the current terminal if it was run from a terminal.

    If you run ssh from your terminal, INCLUDING if you run it in a shell
    script started from a terminal, the passphrase will be prompted for on
    the terminal.

    The reason it works from .xsession (or similar files) is because these
    scripts were NOT started from a terminal... They were started by the
    X window system directly, which in turn was started by (usually) init.
    None of these processes have a controlling terminal, so neither will
    .xsession (or an ssh session started from it). 

    -- 
Derek D. Martin
http://www.pizzashack.org/
GPG Key ID: 0x81CFE75D

  • Next message: Peter Kjellström: "Re: Effective bandwidth reduction over WAN"

    Relevant Pages

    • Re: pppd pty equivilent in FBSD
      ... I let pppd manage retries & setting routes. ... >I wouldn't personally recommend vpn over ssh for anyone either, ... I'm the sole bsd user at my company, and the ppp over ssh ... >Actual bash script I call: ...
      (freebsd-net)
    • Re: [kde-linux] Sessions names
      ... ssh 192.168.2.80??? ... You can write a wrapper script that would start ssh to some ip and rename the ... konsole session dynamically. ... dcop call to konsole you need to know the pid of konsole. ...
      (KDE)
    • Re: Hacker activity?
      ... >login to a server, most as root but some are attempts to login to ... >telnet, all come from the same remote server, and all fail. ... >getting some odd cgi calls to a script on a secure ssl server. ... Make sure root cannot login to your system via ssh. ...
      (freebsd-questions)
    • Re: Learning Expect - Some help with a straightforward script + advice on cleaner ways to do thi
      ...  This is the first script of a few to go across multiple servers, but basically I have a very, very, very outdated hosts file that needs to be updated, as well as servers whose ... This script is used to ensure servers are up and running. ... # Need a way to check for an ssh time out/hang on connect ... # - Checking if the ssh session is connecting and then getting term'd ...
      (comp.lang.tcl)
    • Re: Ive been hacked...tips for a postmortem?
      ... > for keywords, like the email address in the `mailme' script, see if it ... www.openssh.com) That SSH1 is not to be used for anything other than ... SSH at all. ... an SSH vulnerability is to place in your startup scripts (usually rc.M, ...
      (comp.os.linux.security)