diff options
-rw-r--r-- | Makefile | 2 | ||||
-rwxr-xr-x | ssh-askpass-noinput | 3 | ||||
-rw-r--r-- | ssh-askpass-noinput.1.md | 48 |
3 files changed, 52 insertions, 1 deletions
@@ -21,7 +21,7 @@ CXXFLAGS ?= -g -O2 -Wall -Wold-style-cast CXXFLAGS += -std=c++11 LDFLAGS += -lstdc++ -lboost_program_options -lboost_filesystem -lboost_system -lnettle -all: ssh-agent-filter.1 afssh.1 +all: ssh-agent-filter.1 afssh.1 ssh-askpass-noinput.1 %.1: %.1.md pandoc -s -w man $< -o $@ diff --git a/ssh-askpass-noinput b/ssh-askpass-noinput new file mode 100755 index 0000000..2954b88 --- /dev/null +++ b/ssh-askpass-noinput @@ -0,0 +1,3 @@ +#!/bin/sh + +exec zenity --question --title "SSH Request" --no-markup --text "$1" --ok-label Allow --cancel-label Deny diff --git a/ssh-askpass-noinput.1.md b/ssh-askpass-noinput.1.md new file mode 100644 index 0000000..2c9ce73 --- /dev/null +++ b/ssh-askpass-noinput.1.md @@ -0,0 +1,48 @@ +% SSH-ASKPASS-NOINPUT +% chrysn <chrysn@fsfe.org> +% 2013-10-26 + +# NAME + +ssh-askpass-noinput - an `ssh-askpass` implementation for asking allow/deny questions + +# SYNOPSIS + +*ssh-askpass-noinput* text + +# DESCRIPTION + +*ssh-askpass-noinput* is an implementation of *ssh-askpass*, which does not +acutally ask for a password; instead, it only asks a binary (allow/deny) +question and exits with 0 for allow and 1 for deny. + +It is not intended as a general replacement for *ssh-askpass*, but for special +applications that don't care about a passphrase. + +# OPTIONS + +As usual with *ssh-askpass* implementations, *ssh-askpass-noinput* only takes a +single argument, which will be presented as the question. + +# BACKGROUND AND APPLICATIONS + +Some programs (*ssh-agent* and *ssh-agent-filter*) use *ssh-askpass* to have +users confirm actions without entering a passphrase; *ssh-agent* does this when +used via *ssh-add*'s `-c` option. They do not indicate that it is a binary +question (because in the classical *ssh-agent* invocation, there is no option to +do this), and expect the user to ignore the text input and click "OK" or +"Cancel", whereupon they read the askpass's exit status. + +With programs that are known to only ask those questions, setting +`SSH_ASKPASS=ssh-askpass-noinput` in their environment will make them use this +particular implementation for their questions. It should never be installed as +`/usr/bin/ssh-askpass`. + +# FUTURE + +This solution is obviously a hack, which is needed until a way is established +and implemented for *ssh-askpass* to be used more flexibly. + +# SEE ALSO + +ssh-agent-filter(1), ssh-agent(1), ssh-askpass(1) |