ssh-askpass icon indicating copy to clipboard operation
ssh-askpass copied to clipboard
verified publisher icon theseal

Update instructions for Sonoma 14.6+ (#54)

Open micolous opened this issue 11 months ago • 2 comments

Fixes #54 (well, works around the new normal).

This documents the workarounds I've provided here, which is the only way that works with Apple's stock ssh-agent LaunchAgent configuration and does not rely on exploiting launchd security weaknesses.

The Homebrew formula will need to be updated to patch the new default paths in the plist: https://github.com/theseal/homebrew-ssh-askpass/pull/20

I've made a couple of changes to the plist, because they have no effect on Apple ssh-agent Sonoma 14.6 and later:

  • Remove setting DISPLAY with launchctl setenv
  • Don't stop com.openssh.ssh-agent (Apple's ssh-agent)

The Homebrew formula could be replaced with a cask to automate this stuff. I'll add an issue for that later.

This should work even if you installed your own ssh-agent to replace Apple's, as long as it checks /usr/X11R6/bin/ssh-askpass.

While this doesn't fix usage of third-party authentication modules like FIDO2, that's totally unrelated to ssh-askpass.

Feedback needed

  • [x] ~~This assumes that MacPorts always installs to /usr/local/bin. Homebrew uses different paths on Apple Silicon and Intel.~~ It's been /opt/local for at least a decade, fixed.

micolous avatar Feb 18 '25 05:02 micolous

Or you find this PR, you can simply use https://github.com/Vlad1mir-D/ssh-askpass which already contains everything merged properly :)

Vlad1mir-D avatar May 26 '25 11:05 Vlad1mir-D

You copied my commits into your own fork and merged to the default branch. Anyone can get the same by clicking the micolous:fix-sonoma-14.6 link at the top of this page. Slow clap.

micolous avatar May 26 '25 11:05 micolous