3086 – Ssh, scp (6.2p2 or 7.4p1) can't support the way to enter the private key password in a non-interactive way.

Bug 3086 - Ssh, scp (6.2p2 or 7.4p1) can't support the way to enter the private key password in a non-interactive way.

Summary: Ssh, scp (6.2p2 or 7.4p1) can't support the way to enter the private key pass...

Status:	CLOSED FIXED

Alias:	None

Product:	Portable OpenSSH
Classification:	Unclassified
Component:	ssh (show other bugs)
Version:	7.4p1
Hardware:	ix86 Linux

Importance:	P5 normal
Assignee:	Assigned to nobody

URL:
Keywords:

Depends on:	generalised-askpass
Blocks:	V_8_4
	Show dependency tree / graph

Reported:	2019-11-01 18:53 AEDT by wuzhao1024
Modified:	2020-10-02 14:55 AEST (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description wuzhao1024 2019-11-01 18:53:09 AEDT

Ssh and scp (6.2p2 or 7.4p1) can't support the way to input the private key password in a non-interactive manner. As a result, the program automatically executes ssh/scp, which is difficult to use. Generally, the private key of the null password can only be used, which poses a security risk. At the same time, private key encryption is an optional method. If you use errors, there is also a security risk. It is recommended that the software support automatic encryption of private keys, which is safe by default.

Comment 1 Damien Miller 2020-07-17 13:39:15 AEST

Generally your best option in this case it to use ssh-agent. It is possible to ssh-add passworded keys to an agent by passing the password on stdin.

In OpenSSH 8.4, it will also be possible to force the use of $SSH_ASKPASS via the $SSH_ASKPASS_REQUIRE environment (see bug #69), which might offer another approach for you.

Comment 2 Darren Tucker 2020-10-02 14:55:05 AEST

Mass close of all bugs fixed in 8.4 release.