Bug 1871 - ssh-askpass should be able to distinguish between a prompt for confirmation and a prompt for an actual passphrase
Summary: ssh-askpass should be able to distinguish between a prompt for confirmation a...
Status: CLOSED FIXED
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: Miscellaneous (show other bugs)
Version: 5.8p1
Hardware: All All
: P2 normal
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks: V_8_2
  Show dependency treegraph
 
Reported: 2011-02-25 08:41 AEDT by Daniel Kahn Gillmor
Modified: 2021-03-04 09:53 AEDT (History)
3 users (show)

See Also:

Attachments
patch to contrib/gnome-ssh-askpass2.c implementing these changes (5.09 KB, patch)
2011-02-25 09:24 AEDT, Daniel Kahn Gillmor 		no flags Details | Diff
set SSH_ASKPASS_CONFIRMATION_ONLY when just asking for permission (2.02 KB, patch)
2011-02-25 10:00 AEDT, Daniel Kahn Gillmor 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Kahn Gillmor 2011-02-25 08:41:55 AEDT 
currently, ssh-askpass is used in some situations to actually ask the user for a passphrase.

in other situations, it is used to prompt for simple confirmation (e.g. ControlMaster=ask, ssh-add -c).

Providing the exact same UI for both scenarios is not only surprising for new users; it is also potentially problematic.

For example, grabbing the X11 keyboard is a pretty invasive operation (and it is warranted, to avoid other X processes snooping on the passphrase).  A prompt for confirmation doesn't need to grab the keyboard, though.

I'm proposing to extend the ssh-askpass interface with an environment variable SSH_ASKPASS_CONFIRMATION_ONLY.  If this environment variable is set, the ssh-askpass can choose to display a simpler/non-kbd-grabbing UI.  ssh, ssh-add, and ssh-agent would need to know to set or clear that environment variable depending on the type of prompt.

Another approach would be to define a command line argument, but existing ssh-agent implementations appear to treat multiple arguments differently (e.g. gnome-ssh-askpass concatenates them all into the string prompt; jim knoble's x11-ssh-askpass accepts old-school X11-style arguments).  So an environment variable seems cleaner.

This would be an optional UI enhancement -- ssh-askpass implementations that don't know about it or don't care would't need to make any changes.
Comment 1 Daniel Kahn Gillmor 2011-02-25 09:24:02 AEDT 
Created attachment 2003 [details]
patch to contrib/gnome-ssh-askpass2.c implementing these changes

here's a patch implementing this behavior in contrib/gnome-ssh-askpass2.c (does anyone really use gnome1 any more?  should we remove contrib/gnome-ssh-askpass1.c?)

This patch looks noisy, but most of it is just doing proper indenting, so it's whitespace-only changes.
Comment 2 Daniel Kahn Gillmor 2011-02-25 10:00:35 AEDT 
Created attachment 2004 [details]
set SSH_ASKPASS_CONFIRMATION_ONLY when just asking for permission

And here is the fix so that ssh sets the environment variable correctly when invoking ssh-askpass.
Comment 3 maxigas 2011-03-19 10:25:17 AEDT 
It is awfully confusing indeed.  I was trying several times before realising what was going on.  :o
Comment 4 Pavel Volkovitskiy 2014-04-02 04:12:19 AEDT 
Any news on that?
Comment 5 Damien Miller 2020-01-26 00:52:01 AEDT 
OpenSSH 8.2 sets a $SSH_ASKPASS_PROMPT environment variable that implements this feature. SSH_ASKPASS_PROMPT=confirm indicates a yes/no confirmation dialog, SSH_ASKPASS_PROMPT=none indicates an informational dialog and everything else is a regular passphrase request.

the contrib/gnome-ssh-askpass implementation has been updated to support these.
Comment 6 Damien Miller 2021-03-04 09:53:24 AEDT 
close bugs that were resolved in OpenSSH 8.5 release cycle