Re: How to get "Enter passphrase" on command line rather than GUI pop-up?

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 

On 02.01.24 10:37, Chris Green wrote:

It's started by gnome-keyring-daemon which is handy because it uses my
login password to unlock my default passphrase, thus I don't need to
enter a passphrase explicitly when running my GUI desktop.

It's only because I want to use a *different* key/passphrase pair for
some systems that I have hit this issue of ssh-agent using a GUI
pop-up to ask for a passphrase.
Now *that* sounds like the practical thing to do is to have only the shells/terminals used for *those* tasks decoupled from your agent running centrally in the background. (Which, as you already discovered, can be done by unsetting $SSH_AUTH_SOCK in those shells.) 


Do SSH_ASKPASS and SSH_ASKPASS_REQUIRE affect ssh-agent directly?
There's nothing in the man page indicating this.
I'd guess that they do, but that's irrelevant: Since the agent is not running in a shell/terminal, it *cannot* ask you for the passphrase on any command line instead, much less the one you're running the "ssh" from.
You could instead control the agent's behaviour by un- and reloading privkeys with "ssh-add" before "ssh"ing, but that's hardly a UX improvement. 


I guess the need to specify the key file is a result of [...]
OpenSSH will autoload keypairs from a number of defined pathes, but what seems to be the one you're using here ($HOME/backup_id_rsa) is not one of them, so you'll always have to point your login procedure at that file *somehow/-time*.
(In fact, having additional keypairs at the default pathes might be detrimental if you want your "ssh" to fall back to a specified one, because ssh will try them automatically, every time ssh asks sshd "would you be willing to accept *this* keypair?" counts as a failed login attempt (long-standing bug), and sshd limits the number of attempts it'll let the client have in the one TCP connection (MaxAuthTries config).) 

Kind regards,
--
Jochen Bern
Systemingenieur

Binect GmbH

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux