On Tue, Jan 02, 2024 at 03:52:29PM +1100, Damien Miller wrote: > On Mon, 1 Jan 2024, Christian Weisgerber wrote: > > > Chris Green: > > > > > Setting SSH_ASKPASS_REQUIRE=never in the environment on my xubuntu > > > 23.10 system doesn't seem to work. I have set it:- > > > > > > chris$ env | grep SSH > > > SSH_AUTH_SOCK=/run/user/1000/keyring/ssh > > > SSH_ASKPASS_REQUIRE=never > > > > What component is actually calling ssh-askpass? > > > > Setting SSH_ASKPASS_REQUIRE=never has no effect for me either, but > > that's because... > > > > Jan 1 21:26:12 lorvorc ssh-agent[76961]: error: Fssh_notify_start: > > exec(/usr/local/bin/ssh-askpass): No such file or directory > > > > ... ssh-askpass is called by a previously started ssh-agent that > > doesn't know about the new environment variable. The fact that > > you have SSH_AUTH_SOCK set suggests that authentication requests > > are also forwarded to an agent in your setup. > > yeah, some desktop enviornments implicitly start an agent. Often this > isn't actually ssh-agent, but something else that speaks the agent > protocol. Either way, they are a pain to configure because the > configuration is usually hidden from the user and often difficult to > disable. > > Generally I find it easier to override them. > My xubuntu is actually running ssh-agent:- chris 2549 1543 0 Jan01 ? 00:00:00 /usr/bin/ssh-agent -D -a /run/user/1000/keyring/.ssh It's started by gnome-keyring-daemon which is handy because it uses my login password to unlock my default passphrase, thus I don't need to enter a passphrase explicitly when running my GUI desktop. It's only because I want to use a *different* key/passphrase pair for some systems that I have hit this issue of ssh-agent using a GUI pop-up to ask for a passphrase. Do SSH_ASKPASS and SSH_ASKPASS_REQUIRE affect ssh-agent directly? There's nothing in the man page indicating this. There must be *something* in the environment that affects this because I'm seeing two different ways of asking for the passphrase on the same screen. The only difference is that one is a simple terminal window running on my system and the other is one where I have used ssh to connect to a remote system and then ssh again back to the 'home' system. The local system window gets the GUI pop-up the 'two ssh' window asks for the passphrase in the terminal. I can even 'ssh localhost' and then the ssh to the remote asks for the passphrase in the terminal window as I want it! This does seem a rather OTT workaround though! :-) -- Chris Green _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev