When the SSH_ASKPASS helper is used for getting answer for a question it might be a question which is not a passphrase but for example a yes/no question when a new host key is received. Unfortunately the helper is not getting any hints about what it should present to the user, whether it should echo the answer the user types or not. Even better in case of questions with limited number of answers it could get a list of the possible answers so the askpass dialog could use a radio buttons instead of text entry box. But for start it would be good enough if the askpass at least know about the echo on/off flag.
Created attachment 1874 [details] /home/djm/askpass-env-echo.diff Set SSH_ASKPASS_ECHO=1 environment for askpass child when echo is to be enabled.
We are freezing for the OpenSSH 5.6 release. Retargetting these bugs to the next release.
Targetting OpenSSH 5.7
Retarget unclosed bugs from 5.7=>5.8
Retarget unresolved bugs/features to 6.0 release
Retarget unresolved bugs/features to 6.0 release (try again - bugzilla's "change several" isn't)
Retarget from 6.0 to 6.1
Retarget 6.0 => 6.1
Retarget uncompleted bugs from 6.1 => 6.2
Retarget bugs from 6.1 => 6.2
retarget to openssh-6.3
Retarget to openssh-6.4
Retarget 6.3 -> 6.4
Retarget incomplete bugs / feature requests to 6.6 release
Retarget to 6.7 release, since 6.6 was mostly bugfixing.
Remove from 6.6 tracking bug
Retarget incomplete bugs to 6.8 release.
These bugs are no longer targeted at the imminent 6.7 release
OpenSSH 6.8 is approaching release and closed for major work. Retarget these bugs for the next release.
Retarget to 6.9
Retarget pending bugs to openssh-7.1
Comment on attachment 1874 [details] /home/djm/askpass-env-echo.diff >Index: readpass.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/readpass.c,v >retrieving revision 1.47 >diff -u -p -r1.47 readpass.c >--- readpass.c 3 Aug 2006 03:34:42 -0000 1.47 >+++ readpass.c 18 Jun 2010 05:06:21 -0000 >@@ -44,7 +44,7 @@ > #include "uidswap.h" > > static char * >-ssh_askpass(char *askpass, const char *msg) >+ssh_askpass(char *askpass, const char *msg, int echo_on) > { > pid_t pid; > size_t len; >@@ -69,6 +69,10 @@ ssh_askpass(char *askpass, const char *m > close(p[0]); > if (dup2(p[1], STDOUT_FILENO) < 0) > fatal("ssh_askpass: dup2: %s", strerror(errno)); >+ if (echo_on) >+ setenv("SSH_ASKPASS_ECHO", "1", 1); >+ else >+ unsetenv("SSH_ASKPASS_ECHO"); > execlp(askpass, askpass, msg, (char *) 0); > fatal("ssh_askpass: exec(%s): %s", askpass, strerror(errno)); > } >@@ -141,7 +145,8 @@ read_passphrase(const char *prompt, int > askpass = getenv(SSH_ASKPASS_ENV); > else > askpass = _PATH_SSH_ASKPASS_DEFAULT; >- if ((ret = ssh_askpass(askpass, prompt)) == NULL) >+ if ((ret = ssh_askpass(askpass, prompt, >+ flags & RP_ECHO)) == NULL) > if (!(flags & RP_ALLOW_EOF)) > return xstrdup(""); > return ret;
OpenSSH 8.2 sets a $SSH_ASKPASS_PROMPT environment variable that passes context through to the askpass program. The contrib/gnome-ssh-askpass[23] helper has been updated to use it too.
close bugs that were resolved in OpenSSH 8.5 release cycle