https://bugzilla.mindrot.org/show_bug.cgi?id=1871
Summary: ssh-askpass should be able to distinguish between a prompt for confirmation and a prompt for an actual passphrase Product: Portable OpenSSH Version: 5.8p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Miscellaneous AssignedTo: unassigned-b...@mindrot.org ReportedBy: d...@fifthhorseman.net currently, ssh-askpass is used in some situations to actually ask the user for a passphrase. in other situations, it is used to prompt for simple confirmation (e.g. ControlMaster=ask, ssh-add -c). Providing the exact same UI for both scenarios is not only surprising for new users; it is also potentially problematic. For example, grabbing the X11 keyboard is a pretty invasive operation (and it is warranted, to avoid other X processes snooping on the passphrase). A prompt for confirmation doesn't need to grab the keyboard, though. I'm proposing to extend the ssh-askpass interface with an environment variable SSH_ASKPASS_CONFIRMATION_ONLY. If this environment variable is set, the ssh-askpass can choose to display a simpler/non-kbd-grabbing UI. ssh, ssh-add, and ssh-agent would need to know to set or clear that environment variable depending on the type of prompt. Another approach would be to define a command line argument, but existing ssh-agent implementations appear to treat multiple arguments differently (e.g. gnome-ssh-askpass concatenates them all into the string prompt; jim knoble's x11-ssh-askpass accepts old-school X11-style arguments). So an environment variable seems cleaner. This would be an optional UI enhancement -- ssh-askpass implementations that don't know about it or don't care would't need to make any changes. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs