openssh-portable icon indicating copy to clipboard operation
openssh-portable copied to clipboard
verified publisher icon openssh

readpass: add fallback to tty if default askpass unavailable

Open YHNdnzj opened this issue 1 year ago • 2 comments

Currently, when read_passphrase() is called with RP_ALLOW_STDIN + !isatty(STDIN_FILENO) or $SSH_ASKPASS_REQUIRE=prefer, and running in GUI environment (w/ $DISPLAY or $WAYLAND_DISPLAY), askpass is effectively enforced. This behavior is not ideal though when no askpass program is installed, as it results in hard failure.

Instead, check the existence of the default askpass path early, and if unavailable fall back to tty in the 2 cases mentioned above.

YHNdnzj avatar Nov 09 '24 15:11 YHNdnzj

I think doing it this way might be a little cleaner. Does it solve your problem?

https://github.com/djmdjm/openssh-wip/pull/46/commits/0ad874541fc7f8cafa6f65a7c588b50218958cdf

djmdjm avatar Nov 28 '24 16:11 djmdjm

I think doing it this way might be a little cleaner. Does it solve your problem?

djmdjm/openssh-wip@0ad8745

A cleaner approach is definitely appreciated. However, it appears to me that your patch would break compat if $SSH_ASKPASS points to executable in $PATH, rather than being absolute. That's why I resorted to only checking the existence for default askpass program, and rely on exec*p() returning error otherwise.

YHNdnzj avatar Nov 28 '24 16:11 YHNdnzj