Tell SSH to use a graphical prompt for key passphrase
Clash Royale CLAN TAG#URR8PPP
up vote
33
down vote
favorite
How can I force SSH to request passphrases using a graphical prompt (GTK, for example) instead of the standard one that uses the terminal?
I tried setting SSH_ASKPASS=/usr/bin/ssh-askpass
but it seems to have no effects.
The problem is the fact the openssh documentation says
If ssh does not have a terminal associated with it but DISPLAY and SSH_ASKPASS are set, it will execute the program specified by SSH_ASKPASS and open an X11 window to read the passphrase.
An ssh launched from the command line, in my case as the result of a git push
, will have a terminal associated with it, so the SSH_ASKPASS
logic seems to be ignored.
Please note that I am not referring to ssh-add
, but to generic ssh invocations towards an hosts for which a key pair is present but protected by a passphrase.
ssh
add a comment |Â
up vote
33
down vote
favorite
How can I force SSH to request passphrases using a graphical prompt (GTK, for example) instead of the standard one that uses the terminal?
I tried setting SSH_ASKPASS=/usr/bin/ssh-askpass
but it seems to have no effects.
The problem is the fact the openssh documentation says
If ssh does not have a terminal associated with it but DISPLAY and SSH_ASKPASS are set, it will execute the program specified by SSH_ASKPASS and open an X11 window to read the passphrase.
An ssh launched from the command line, in my case as the result of a git push
, will have a terminal associated with it, so the SSH_ASKPASS
logic seems to be ignored.
Please note that I am not referring to ssh-add
, but to generic ssh invocations towards an hosts for which a key pair is present but protected by a passphrase.
ssh
add a comment |Â
up vote
33
down vote
favorite
up vote
33
down vote
favorite
How can I force SSH to request passphrases using a graphical prompt (GTK, for example) instead of the standard one that uses the terminal?
I tried setting SSH_ASKPASS=/usr/bin/ssh-askpass
but it seems to have no effects.
The problem is the fact the openssh documentation says
If ssh does not have a terminal associated with it but DISPLAY and SSH_ASKPASS are set, it will execute the program specified by SSH_ASKPASS and open an X11 window to read the passphrase.
An ssh launched from the command line, in my case as the result of a git push
, will have a terminal associated with it, so the SSH_ASKPASS
logic seems to be ignored.
Please note that I am not referring to ssh-add
, but to generic ssh invocations towards an hosts for which a key pair is present but protected by a passphrase.
ssh
How can I force SSH to request passphrases using a graphical prompt (GTK, for example) instead of the standard one that uses the terminal?
I tried setting SSH_ASKPASS=/usr/bin/ssh-askpass
but it seems to have no effects.
The problem is the fact the openssh documentation says
If ssh does not have a terminal associated with it but DISPLAY and SSH_ASKPASS are set, it will execute the program specified by SSH_ASKPASS and open an X11 window to read the passphrase.
An ssh launched from the command line, in my case as the result of a git push
, will have a terminal associated with it, so the SSH_ASKPASS
logic seems to be ignored.
Please note that I am not referring to ssh-add
, but to generic ssh invocations towards an hosts for which a key pair is present but protected by a passphrase.
ssh
ssh
edited Jul 22 '13 at 23:17
asked Jul 22 '13 at 15:43
gioele
82011120
82011120
add a comment |Â
add a comment |Â
4 Answers
4
active
oldest
votes
up vote
26
down vote
#1 - Missing package?
You're probably missing the package that contains ssh-askpass
. Try installing it.
Fedora/CentOS/RHEL:
$ sudo yum install openssh-askpass
Debian/Ubuntu:
$ sudo apt-get install ssh-askpass-gnome ssh-askpass
Finding missing utilities
You can search for missing tools using these commands:
Fedora/CentOS/RHEL:
$ yum search ssh-askpass
Loaded plugins: langpacks, presto, refresh-packagekit
Adding en_US to language list
======================================================= Matched: ssh-askpass =======================================================
x11-ssh-askpass.x86_64 : A passphrase dialog for X and not only for OpenSSH
ksshaskpass.x86_64 : A KDE version of ssh-askpass with KWallet support
connect-proxy.x86_64 : SSH Proxy command helper
openssh-askpass.x86_64 : A passphrase dialog for OpenSSH and X
Debian/Ubuntu:
$ apt-file -l search ssh-askpass
app-install-data
cruft
git-cola
luckybackup-data
pssh
sdm-terminal
seahorse
ssh-askpass
ssh-askpass-fullscreen
ssh-askpass-gnome
#2 - Disconnected terminal?
I missed this initially but after further reading up I noticed this comment in the man page of ssh
regarding the SSH_ASKPASS
environment variable.
excerpt
SSH_ASKPASS If ssh needs a passphrase, it will read the passphrase from the
current terminal if it was run from a terminal. If ssh does not
have a terminal associated with it but DISPLAY and SSH_ASKPASS
are set, it will execute the program specified by SSH_ASKPASS
and open an X11 window to read the passphrase. This is particularly
useful when calling ssh from a .xsession or related script.
(Note that on some machines it may be necessary to redirect the
input from /dev/null to make this work.)
If you notice in the comment, it states that ssh "doesn't have a terminal associated" AND DISPLAY
& SSH_ASKPASS
are set. Noticing this is key. So to get ssh
to use SSH_ASKPASS
we need to get ssh
to not have a terminal (aka. STDIN
& STDOUT
) attached to it.
One way to do this by making use of the command setsid
. Don't feel bad. I never heard of this tool either. From the man page:
setsid - run a program in a new session
So if we run ssh
as the "program" to setsid
we can detach ssh
from our terminal meeting the criteria mentioned in ssh
's man page. The other criteria are set as follows:
$ echo $DISPLAY; echo $SSH_ASKPASS
:0.0
/usr/libexec/openssh/ssh-askpass
So if we put this all together:
$ setsid ssh user@remotehost
For example:
$ setsid ssh user@skinner
                                      Â
A solution
If you'd like to make it so that the setsid
is "built-in" you can create an aliases like so:
$ alias ssh="setsid ssh"
Now when you ssh
you'll get the GUI popping up asking for your password:
$ ssh user@skinner
References
- reading SSH password from stdin â the openssh 5.6p1 compatible way
ssh-askpass gnome is installed and it works fine if launched manually.
â gioele
Jul 22 '13 at 23:14
@gioele - see updates, I think I've figured it out.
â slmâ¦
Jul 23 '13 at 1:29
the problem of this solution is that it requires that I modify each git or rsync command to usesetsid ssh
instad of plainssh
.
â gioele
Jul 23 '13 at 8:16
@gioele - you asked for a method to "force" the password GUI, this provides that. You can replace commands such asssh
with aliasessetsid ssh
is one approach. There are other ways. The limiting factor is openssh needs no TTY attached in order to activate the ASK_SSHPASS.
â slmâ¦
Jul 23 '13 at 9:08
I'm not missing the package and I cannot usesetsid
and then work inssh
from my terminal. That's just not a valid answer at all!? Plus, it was working in older versions of Ubuntu, so I'm not too sure I understand why it suddenly stopped working!
â Alexis Wilke
Nov 30 '14 at 5:40
 |Â
show 7 more comments
up vote
5
down vote
accepted
It cannot be done in current OpenSSH: there is a issue open in the OpenSSH Bugzilla asking for this feature as of 2013-07: Generalize SSH_ASKPASS.
This does not provide an answer to the question. To critique or request clarification from an author, leave a comment below their post.
â cuonglm
Oct 13 '15 at 1:30
6
@cuonglm "this is not possible" is an answer. It might be wrong or misleading (I'm not saying it is), but it's still an answer.
â terdonâ¦
Oct 22 '15 at 14:04
add a comment |Â
up vote
1
down vote
There is a way to close the terminal for a single command, and that is using file redirection:
ssh-add > /dev/null < /dev/null 2>&1
This will run the command ssh-add
with the terminal closed. Which is fine and dandy, except for the its complexity. But now that you know the correct command, simply make it an alias and append it to ~/.bash_aliases
:
alias ssh-add="/usr/bin/ssh-add > /dev/null < /dev/null 2>&1"
And you should be set. Simply typing ssh-add
will now invoke the alias which will invoke the real command with all the redirection in place.
The ssh-add
now correctly asks you the password with a dialog box... Provided that you have one of these packages installed (in Ubuntu or derivatives, they may have other names elsewhere):
ssh-askpass
ssh-askpass-fullscreen
ssh-askpass-gnome
ksshaskpath
kwalletcli
lxqt-openssh-askpass
razorqt-openssh-askpasss
Now, what do all those things mean?
The 2>&1
means redirect file descriptor #2 (standard error) to the same place file descriptor #1 (standard output) is directed to.
The > /dev/null
means redirect standard output to /dev/null
, which is a special file that discards all data written to it.
The < /dev/null
means redirect standard input to /dev/null
(idem).
As a side note, and an off topic but related note, if you ever want to program a service in bash, you must remember what a service actually is, a process with standard input, output, and error closed that is in the background:
service > /dev/null < /dev/null 2>&1 &
Notice that the only difference is the & added at the end (plus the fact that I changed the command ssh-add
for a theoretical service
. Those commands will correctly put a service on the background.
Thank you for the detailed answer Victor. However, it does not fit my requirements. As I wrote at the end of the question, «Please note that I am not referring to ssh-add, but to generic ssh invocations towards an hosts for which a key pair is present but protected by a passphrase.».
â gioele
Mar 20 '17 at 6:23
I see. Well,ssh
functions the exact same way, and the same answer I gave previously still applies. Just replace every occurence ofssh-add
withssh
and you are set.
â Victor
Mar 22 '17 at 14:38
There is just a tiny detail you forgot: if I close stdin/stdout for ssh, how do I give commands through ssh? ;)
â gioele
Mar 22 '17 at 15:54
add a comment |Â
up vote
0
down vote
I had the same problem when I installed seahorse (which provide seahorse-ssh-askpass
) without installing the package gnome-keyring
on ArchLinux.
Looking at the content of this package gnome-keyring
(https://www.archlinux.org/packages/extra/i686/gnome-keyring) may help you solve your problem.
In any case, if you do not mind using seahorse, you can also install the packages seahorse
and gnome-keyring
(or the equivalent ones for your distribution).
If you do not use Gnome, additional steps may be required: https://wiki.archlinux.org/index.php/GNOME_Keyring.
add a comment |Â
4 Answers
4
active
oldest
votes
4 Answers
4
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
26
down vote
#1 - Missing package?
You're probably missing the package that contains ssh-askpass
. Try installing it.
Fedora/CentOS/RHEL:
$ sudo yum install openssh-askpass
Debian/Ubuntu:
$ sudo apt-get install ssh-askpass-gnome ssh-askpass
Finding missing utilities
You can search for missing tools using these commands:
Fedora/CentOS/RHEL:
$ yum search ssh-askpass
Loaded plugins: langpacks, presto, refresh-packagekit
Adding en_US to language list
======================================================= Matched: ssh-askpass =======================================================
x11-ssh-askpass.x86_64 : A passphrase dialog for X and not only for OpenSSH
ksshaskpass.x86_64 : A KDE version of ssh-askpass with KWallet support
connect-proxy.x86_64 : SSH Proxy command helper
openssh-askpass.x86_64 : A passphrase dialog for OpenSSH and X
Debian/Ubuntu:
$ apt-file -l search ssh-askpass
app-install-data
cruft
git-cola
luckybackup-data
pssh
sdm-terminal
seahorse
ssh-askpass
ssh-askpass-fullscreen
ssh-askpass-gnome
#2 - Disconnected terminal?
I missed this initially but after further reading up I noticed this comment in the man page of ssh
regarding the SSH_ASKPASS
environment variable.
excerpt
SSH_ASKPASS If ssh needs a passphrase, it will read the passphrase from the
current terminal if it was run from a terminal. If ssh does not
have a terminal associated with it but DISPLAY and SSH_ASKPASS
are set, it will execute the program specified by SSH_ASKPASS
and open an X11 window to read the passphrase. This is particularly
useful when calling ssh from a .xsession or related script.
(Note that on some machines it may be necessary to redirect the
input from /dev/null to make this work.)
If you notice in the comment, it states that ssh "doesn't have a terminal associated" AND DISPLAY
& SSH_ASKPASS
are set. Noticing this is key. So to get ssh
to use SSH_ASKPASS
we need to get ssh
to not have a terminal (aka. STDIN
& STDOUT
) attached to it.
One way to do this by making use of the command setsid
. Don't feel bad. I never heard of this tool either. From the man page:
setsid - run a program in a new session
So if we run ssh
as the "program" to setsid
we can detach ssh
from our terminal meeting the criteria mentioned in ssh
's man page. The other criteria are set as follows:
$ echo $DISPLAY; echo $SSH_ASKPASS
:0.0
/usr/libexec/openssh/ssh-askpass
So if we put this all together:
$ setsid ssh user@remotehost
For example:
$ setsid ssh user@skinner
                                      Â
A solution
If you'd like to make it so that the setsid
is "built-in" you can create an aliases like so:
$ alias ssh="setsid ssh"
Now when you ssh
you'll get the GUI popping up asking for your password:
$ ssh user@skinner
References
- reading SSH password from stdin â the openssh 5.6p1 compatible way
ssh-askpass gnome is installed and it works fine if launched manually.
â gioele
Jul 22 '13 at 23:14
@gioele - see updates, I think I've figured it out.
â slmâ¦
Jul 23 '13 at 1:29
the problem of this solution is that it requires that I modify each git or rsync command to usesetsid ssh
instad of plainssh
.
â gioele
Jul 23 '13 at 8:16
@gioele - you asked for a method to "force" the password GUI, this provides that. You can replace commands such asssh
with aliasessetsid ssh
is one approach. There are other ways. The limiting factor is openssh needs no TTY attached in order to activate the ASK_SSHPASS.
â slmâ¦
Jul 23 '13 at 9:08
I'm not missing the package and I cannot usesetsid
and then work inssh
from my terminal. That's just not a valid answer at all!? Plus, it was working in older versions of Ubuntu, so I'm not too sure I understand why it suddenly stopped working!
â Alexis Wilke
Nov 30 '14 at 5:40
 |Â
show 7 more comments
up vote
26
down vote
#1 - Missing package?
You're probably missing the package that contains ssh-askpass
. Try installing it.
Fedora/CentOS/RHEL:
$ sudo yum install openssh-askpass
Debian/Ubuntu:
$ sudo apt-get install ssh-askpass-gnome ssh-askpass
Finding missing utilities
You can search for missing tools using these commands:
Fedora/CentOS/RHEL:
$ yum search ssh-askpass
Loaded plugins: langpacks, presto, refresh-packagekit
Adding en_US to language list
======================================================= Matched: ssh-askpass =======================================================
x11-ssh-askpass.x86_64 : A passphrase dialog for X and not only for OpenSSH
ksshaskpass.x86_64 : A KDE version of ssh-askpass with KWallet support
connect-proxy.x86_64 : SSH Proxy command helper
openssh-askpass.x86_64 : A passphrase dialog for OpenSSH and X
Debian/Ubuntu:
$ apt-file -l search ssh-askpass
app-install-data
cruft
git-cola
luckybackup-data
pssh
sdm-terminal
seahorse
ssh-askpass
ssh-askpass-fullscreen
ssh-askpass-gnome
#2 - Disconnected terminal?
I missed this initially but after further reading up I noticed this comment in the man page of ssh
regarding the SSH_ASKPASS
environment variable.
excerpt
SSH_ASKPASS If ssh needs a passphrase, it will read the passphrase from the
current terminal if it was run from a terminal. If ssh does not
have a terminal associated with it but DISPLAY and SSH_ASKPASS
are set, it will execute the program specified by SSH_ASKPASS
and open an X11 window to read the passphrase. This is particularly
useful when calling ssh from a .xsession or related script.
(Note that on some machines it may be necessary to redirect the
input from /dev/null to make this work.)
If you notice in the comment, it states that ssh "doesn't have a terminal associated" AND DISPLAY
& SSH_ASKPASS
are set. Noticing this is key. So to get ssh
to use SSH_ASKPASS
we need to get ssh
to not have a terminal (aka. STDIN
& STDOUT
) attached to it.
One way to do this by making use of the command setsid
. Don't feel bad. I never heard of this tool either. From the man page:
setsid - run a program in a new session
So if we run ssh
as the "program" to setsid
we can detach ssh
from our terminal meeting the criteria mentioned in ssh
's man page. The other criteria are set as follows:
$ echo $DISPLAY; echo $SSH_ASKPASS
:0.0
/usr/libexec/openssh/ssh-askpass
So if we put this all together:
$ setsid ssh user@remotehost
For example:
$ setsid ssh user@skinner
                                      Â
A solution
If you'd like to make it so that the setsid
is "built-in" you can create an aliases like so:
$ alias ssh="setsid ssh"
Now when you ssh
you'll get the GUI popping up asking for your password:
$ ssh user@skinner
References
- reading SSH password from stdin â the openssh 5.6p1 compatible way
ssh-askpass gnome is installed and it works fine if launched manually.
â gioele
Jul 22 '13 at 23:14
@gioele - see updates, I think I've figured it out.
â slmâ¦
Jul 23 '13 at 1:29
the problem of this solution is that it requires that I modify each git or rsync command to usesetsid ssh
instad of plainssh
.
â gioele
Jul 23 '13 at 8:16
@gioele - you asked for a method to "force" the password GUI, this provides that. You can replace commands such asssh
with aliasessetsid ssh
is one approach. There are other ways. The limiting factor is openssh needs no TTY attached in order to activate the ASK_SSHPASS.
â slmâ¦
Jul 23 '13 at 9:08
I'm not missing the package and I cannot usesetsid
and then work inssh
from my terminal. That's just not a valid answer at all!? Plus, it was working in older versions of Ubuntu, so I'm not too sure I understand why it suddenly stopped working!
â Alexis Wilke
Nov 30 '14 at 5:40
 |Â
show 7 more comments
up vote
26
down vote
up vote
26
down vote
#1 - Missing package?
You're probably missing the package that contains ssh-askpass
. Try installing it.
Fedora/CentOS/RHEL:
$ sudo yum install openssh-askpass
Debian/Ubuntu:
$ sudo apt-get install ssh-askpass-gnome ssh-askpass
Finding missing utilities
You can search for missing tools using these commands:
Fedora/CentOS/RHEL:
$ yum search ssh-askpass
Loaded plugins: langpacks, presto, refresh-packagekit
Adding en_US to language list
======================================================= Matched: ssh-askpass =======================================================
x11-ssh-askpass.x86_64 : A passphrase dialog for X and not only for OpenSSH
ksshaskpass.x86_64 : A KDE version of ssh-askpass with KWallet support
connect-proxy.x86_64 : SSH Proxy command helper
openssh-askpass.x86_64 : A passphrase dialog for OpenSSH and X
Debian/Ubuntu:
$ apt-file -l search ssh-askpass
app-install-data
cruft
git-cola
luckybackup-data
pssh
sdm-terminal
seahorse
ssh-askpass
ssh-askpass-fullscreen
ssh-askpass-gnome
#2 - Disconnected terminal?
I missed this initially but after further reading up I noticed this comment in the man page of ssh
regarding the SSH_ASKPASS
environment variable.
excerpt
SSH_ASKPASS If ssh needs a passphrase, it will read the passphrase from the
current terminal if it was run from a terminal. If ssh does not
have a terminal associated with it but DISPLAY and SSH_ASKPASS
are set, it will execute the program specified by SSH_ASKPASS
and open an X11 window to read the passphrase. This is particularly
useful when calling ssh from a .xsession or related script.
(Note that on some machines it may be necessary to redirect the
input from /dev/null to make this work.)
If you notice in the comment, it states that ssh "doesn't have a terminal associated" AND DISPLAY
& SSH_ASKPASS
are set. Noticing this is key. So to get ssh
to use SSH_ASKPASS
we need to get ssh
to not have a terminal (aka. STDIN
& STDOUT
) attached to it.
One way to do this by making use of the command setsid
. Don't feel bad. I never heard of this tool either. From the man page:
setsid - run a program in a new session
So if we run ssh
as the "program" to setsid
we can detach ssh
from our terminal meeting the criteria mentioned in ssh
's man page. The other criteria are set as follows:
$ echo $DISPLAY; echo $SSH_ASKPASS
:0.0
/usr/libexec/openssh/ssh-askpass
So if we put this all together:
$ setsid ssh user@remotehost
For example:
$ setsid ssh user@skinner
                                      Â
A solution
If you'd like to make it so that the setsid
is "built-in" you can create an aliases like so:
$ alias ssh="setsid ssh"
Now when you ssh
you'll get the GUI popping up asking for your password:
$ ssh user@skinner
References
- reading SSH password from stdin â the openssh 5.6p1 compatible way
#1 - Missing package?
You're probably missing the package that contains ssh-askpass
. Try installing it.
Fedora/CentOS/RHEL:
$ sudo yum install openssh-askpass
Debian/Ubuntu:
$ sudo apt-get install ssh-askpass-gnome ssh-askpass
Finding missing utilities
You can search for missing tools using these commands:
Fedora/CentOS/RHEL:
$ yum search ssh-askpass
Loaded plugins: langpacks, presto, refresh-packagekit
Adding en_US to language list
======================================================= Matched: ssh-askpass =======================================================
x11-ssh-askpass.x86_64 : A passphrase dialog for X and not only for OpenSSH
ksshaskpass.x86_64 : A KDE version of ssh-askpass with KWallet support
connect-proxy.x86_64 : SSH Proxy command helper
openssh-askpass.x86_64 : A passphrase dialog for OpenSSH and X
Debian/Ubuntu:
$ apt-file -l search ssh-askpass
app-install-data
cruft
git-cola
luckybackup-data
pssh
sdm-terminal
seahorse
ssh-askpass
ssh-askpass-fullscreen
ssh-askpass-gnome
#2 - Disconnected terminal?
I missed this initially but after further reading up I noticed this comment in the man page of ssh
regarding the SSH_ASKPASS
environment variable.
excerpt
SSH_ASKPASS If ssh needs a passphrase, it will read the passphrase from the
current terminal if it was run from a terminal. If ssh does not
have a terminal associated with it but DISPLAY and SSH_ASKPASS
are set, it will execute the program specified by SSH_ASKPASS
and open an X11 window to read the passphrase. This is particularly
useful when calling ssh from a .xsession or related script.
(Note that on some machines it may be necessary to redirect the
input from /dev/null to make this work.)
If you notice in the comment, it states that ssh "doesn't have a terminal associated" AND DISPLAY
& SSH_ASKPASS
are set. Noticing this is key. So to get ssh
to use SSH_ASKPASS
we need to get ssh
to not have a terminal (aka. STDIN
& STDOUT
) attached to it.
One way to do this by making use of the command setsid
. Don't feel bad. I never heard of this tool either. From the man page:
setsid - run a program in a new session
So if we run ssh
as the "program" to setsid
we can detach ssh
from our terminal meeting the criteria mentioned in ssh
's man page. The other criteria are set as follows:
$ echo $DISPLAY; echo $SSH_ASKPASS
:0.0
/usr/libexec/openssh/ssh-askpass
So if we put this all together:
$ setsid ssh user@remotehost
For example:
$ setsid ssh user@skinner
                                      Â
A solution
If you'd like to make it so that the setsid
is "built-in" you can create an aliases like so:
$ alias ssh="setsid ssh"
Now when you ssh
you'll get the GUI popping up asking for your password:
$ ssh user@skinner
References
- reading SSH password from stdin â the openssh 5.6p1 compatible way
edited Jul 23 '13 at 9:16
answered Jul 22 '13 at 17:03
slmâ¦
242k66501669
242k66501669
ssh-askpass gnome is installed and it works fine if launched manually.
â gioele
Jul 22 '13 at 23:14
@gioele - see updates, I think I've figured it out.
â slmâ¦
Jul 23 '13 at 1:29
the problem of this solution is that it requires that I modify each git or rsync command to usesetsid ssh
instad of plainssh
.
â gioele
Jul 23 '13 at 8:16
@gioele - you asked for a method to "force" the password GUI, this provides that. You can replace commands such asssh
with aliasessetsid ssh
is one approach. There are other ways. The limiting factor is openssh needs no TTY attached in order to activate the ASK_SSHPASS.
â slmâ¦
Jul 23 '13 at 9:08
I'm not missing the package and I cannot usesetsid
and then work inssh
from my terminal. That's just not a valid answer at all!? Plus, it was working in older versions of Ubuntu, so I'm not too sure I understand why it suddenly stopped working!
â Alexis Wilke
Nov 30 '14 at 5:40
 |Â
show 7 more comments
ssh-askpass gnome is installed and it works fine if launched manually.
â gioele
Jul 22 '13 at 23:14
@gioele - see updates, I think I've figured it out.
â slmâ¦
Jul 23 '13 at 1:29
the problem of this solution is that it requires that I modify each git or rsync command to usesetsid ssh
instad of plainssh
.
â gioele
Jul 23 '13 at 8:16
@gioele - you asked for a method to "force" the password GUI, this provides that. You can replace commands such asssh
with aliasessetsid ssh
is one approach. There are other ways. The limiting factor is openssh needs no TTY attached in order to activate the ASK_SSHPASS.
â slmâ¦
Jul 23 '13 at 9:08
I'm not missing the package and I cannot usesetsid
and then work inssh
from my terminal. That's just not a valid answer at all!? Plus, it was working in older versions of Ubuntu, so I'm not too sure I understand why it suddenly stopped working!
â Alexis Wilke
Nov 30 '14 at 5:40
ssh-askpass gnome is installed and it works fine if launched manually.
â gioele
Jul 22 '13 at 23:14
ssh-askpass gnome is installed and it works fine if launched manually.
â gioele
Jul 22 '13 at 23:14
@gioele - see updates, I think I've figured it out.
â slmâ¦
Jul 23 '13 at 1:29
@gioele - see updates, I think I've figured it out.
â slmâ¦
Jul 23 '13 at 1:29
the problem of this solution is that it requires that I modify each git or rsync command to use
setsid ssh
instad of plain ssh
.â gioele
Jul 23 '13 at 8:16
the problem of this solution is that it requires that I modify each git or rsync command to use
setsid ssh
instad of plain ssh
.â gioele
Jul 23 '13 at 8:16
@gioele - you asked for a method to "force" the password GUI, this provides that. You can replace commands such as
ssh
with aliases setsid ssh
is one approach. There are other ways. The limiting factor is openssh needs no TTY attached in order to activate the ASK_SSHPASS.â slmâ¦
Jul 23 '13 at 9:08
@gioele - you asked for a method to "force" the password GUI, this provides that. You can replace commands such as
ssh
with aliases setsid ssh
is one approach. There are other ways. The limiting factor is openssh needs no TTY attached in order to activate the ASK_SSHPASS.â slmâ¦
Jul 23 '13 at 9:08
I'm not missing the package and I cannot use
setsid
and then work in ssh
from my terminal. That's just not a valid answer at all!? Plus, it was working in older versions of Ubuntu, so I'm not too sure I understand why it suddenly stopped working!â Alexis Wilke
Nov 30 '14 at 5:40
I'm not missing the package and I cannot use
setsid
and then work in ssh
from my terminal. That's just not a valid answer at all!? Plus, it was working in older versions of Ubuntu, so I'm not too sure I understand why it suddenly stopped working!â Alexis Wilke
Nov 30 '14 at 5:40
 |Â
show 7 more comments
up vote
5
down vote
accepted
It cannot be done in current OpenSSH: there is a issue open in the OpenSSH Bugzilla asking for this feature as of 2013-07: Generalize SSH_ASKPASS.
This does not provide an answer to the question. To critique or request clarification from an author, leave a comment below their post.
â cuonglm
Oct 13 '15 at 1:30
6
@cuonglm "this is not possible" is an answer. It might be wrong or misleading (I'm not saying it is), but it's still an answer.
â terdonâ¦
Oct 22 '15 at 14:04
add a comment |Â
up vote
5
down vote
accepted
It cannot be done in current OpenSSH: there is a issue open in the OpenSSH Bugzilla asking for this feature as of 2013-07: Generalize SSH_ASKPASS.
This does not provide an answer to the question. To critique or request clarification from an author, leave a comment below their post.
â cuonglm
Oct 13 '15 at 1:30
6
@cuonglm "this is not possible" is an answer. It might be wrong or misleading (I'm not saying it is), but it's still an answer.
â terdonâ¦
Oct 22 '15 at 14:04
add a comment |Â
up vote
5
down vote
accepted
up vote
5
down vote
accepted
It cannot be done in current OpenSSH: there is a issue open in the OpenSSH Bugzilla asking for this feature as of 2013-07: Generalize SSH_ASKPASS.
It cannot be done in current OpenSSH: there is a issue open in the OpenSSH Bugzilla asking for this feature as of 2013-07: Generalize SSH_ASKPASS.
answered Jul 23 '13 at 8:22
gioele
82011120
82011120
This does not provide an answer to the question. To critique or request clarification from an author, leave a comment below their post.
â cuonglm
Oct 13 '15 at 1:30
6
@cuonglm "this is not possible" is an answer. It might be wrong or misleading (I'm not saying it is), but it's still an answer.
â terdonâ¦
Oct 22 '15 at 14:04
add a comment |Â
This does not provide an answer to the question. To critique or request clarification from an author, leave a comment below their post.
â cuonglm
Oct 13 '15 at 1:30
6
@cuonglm "this is not possible" is an answer. It might be wrong or misleading (I'm not saying it is), but it's still an answer.
â terdonâ¦
Oct 22 '15 at 14:04
This does not provide an answer to the question. To critique or request clarification from an author, leave a comment below their post.
â cuonglm
Oct 13 '15 at 1:30
This does not provide an answer to the question. To critique or request clarification from an author, leave a comment below their post.
â cuonglm
Oct 13 '15 at 1:30
6
6
@cuonglm "this is not possible" is an answer. It might be wrong or misleading (I'm not saying it is), but it's still an answer.
â terdonâ¦
Oct 22 '15 at 14:04
@cuonglm "this is not possible" is an answer. It might be wrong or misleading (I'm not saying it is), but it's still an answer.
â terdonâ¦
Oct 22 '15 at 14:04
add a comment |Â
up vote
1
down vote
There is a way to close the terminal for a single command, and that is using file redirection:
ssh-add > /dev/null < /dev/null 2>&1
This will run the command ssh-add
with the terminal closed. Which is fine and dandy, except for the its complexity. But now that you know the correct command, simply make it an alias and append it to ~/.bash_aliases
:
alias ssh-add="/usr/bin/ssh-add > /dev/null < /dev/null 2>&1"
And you should be set. Simply typing ssh-add
will now invoke the alias which will invoke the real command with all the redirection in place.
The ssh-add
now correctly asks you the password with a dialog box... Provided that you have one of these packages installed (in Ubuntu or derivatives, they may have other names elsewhere):
ssh-askpass
ssh-askpass-fullscreen
ssh-askpass-gnome
ksshaskpath
kwalletcli
lxqt-openssh-askpass
razorqt-openssh-askpasss
Now, what do all those things mean?
The 2>&1
means redirect file descriptor #2 (standard error) to the same place file descriptor #1 (standard output) is directed to.
The > /dev/null
means redirect standard output to /dev/null
, which is a special file that discards all data written to it.
The < /dev/null
means redirect standard input to /dev/null
(idem).
As a side note, and an off topic but related note, if you ever want to program a service in bash, you must remember what a service actually is, a process with standard input, output, and error closed that is in the background:
service > /dev/null < /dev/null 2>&1 &
Notice that the only difference is the & added at the end (plus the fact that I changed the command ssh-add
for a theoretical service
. Those commands will correctly put a service on the background.
Thank you for the detailed answer Victor. However, it does not fit my requirements. As I wrote at the end of the question, «Please note that I am not referring to ssh-add, but to generic ssh invocations towards an hosts for which a key pair is present but protected by a passphrase.».
â gioele
Mar 20 '17 at 6:23
I see. Well,ssh
functions the exact same way, and the same answer I gave previously still applies. Just replace every occurence ofssh-add
withssh
and you are set.
â Victor
Mar 22 '17 at 14:38
There is just a tiny detail you forgot: if I close stdin/stdout for ssh, how do I give commands through ssh? ;)
â gioele
Mar 22 '17 at 15:54
add a comment |Â
up vote
1
down vote
There is a way to close the terminal for a single command, and that is using file redirection:
ssh-add > /dev/null < /dev/null 2>&1
This will run the command ssh-add
with the terminal closed. Which is fine and dandy, except for the its complexity. But now that you know the correct command, simply make it an alias and append it to ~/.bash_aliases
:
alias ssh-add="/usr/bin/ssh-add > /dev/null < /dev/null 2>&1"
And you should be set. Simply typing ssh-add
will now invoke the alias which will invoke the real command with all the redirection in place.
The ssh-add
now correctly asks you the password with a dialog box... Provided that you have one of these packages installed (in Ubuntu or derivatives, they may have other names elsewhere):
ssh-askpass
ssh-askpass-fullscreen
ssh-askpass-gnome
ksshaskpath
kwalletcli
lxqt-openssh-askpass
razorqt-openssh-askpasss
Now, what do all those things mean?
The 2>&1
means redirect file descriptor #2 (standard error) to the same place file descriptor #1 (standard output) is directed to.
The > /dev/null
means redirect standard output to /dev/null
, which is a special file that discards all data written to it.
The < /dev/null
means redirect standard input to /dev/null
(idem).
As a side note, and an off topic but related note, if you ever want to program a service in bash, you must remember what a service actually is, a process with standard input, output, and error closed that is in the background:
service > /dev/null < /dev/null 2>&1 &
Notice that the only difference is the & added at the end (plus the fact that I changed the command ssh-add
for a theoretical service
. Those commands will correctly put a service on the background.
Thank you for the detailed answer Victor. However, it does not fit my requirements. As I wrote at the end of the question, «Please note that I am not referring to ssh-add, but to generic ssh invocations towards an hosts for which a key pair is present but protected by a passphrase.».
â gioele
Mar 20 '17 at 6:23
I see. Well,ssh
functions the exact same way, and the same answer I gave previously still applies. Just replace every occurence ofssh-add
withssh
and you are set.
â Victor
Mar 22 '17 at 14:38
There is just a tiny detail you forgot: if I close stdin/stdout for ssh, how do I give commands through ssh? ;)
â gioele
Mar 22 '17 at 15:54
add a comment |Â
up vote
1
down vote
up vote
1
down vote
There is a way to close the terminal for a single command, and that is using file redirection:
ssh-add > /dev/null < /dev/null 2>&1
This will run the command ssh-add
with the terminal closed. Which is fine and dandy, except for the its complexity. But now that you know the correct command, simply make it an alias and append it to ~/.bash_aliases
:
alias ssh-add="/usr/bin/ssh-add > /dev/null < /dev/null 2>&1"
And you should be set. Simply typing ssh-add
will now invoke the alias which will invoke the real command with all the redirection in place.
The ssh-add
now correctly asks you the password with a dialog box... Provided that you have one of these packages installed (in Ubuntu or derivatives, they may have other names elsewhere):
ssh-askpass
ssh-askpass-fullscreen
ssh-askpass-gnome
ksshaskpath
kwalletcli
lxqt-openssh-askpass
razorqt-openssh-askpasss
Now, what do all those things mean?
The 2>&1
means redirect file descriptor #2 (standard error) to the same place file descriptor #1 (standard output) is directed to.
The > /dev/null
means redirect standard output to /dev/null
, which is a special file that discards all data written to it.
The < /dev/null
means redirect standard input to /dev/null
(idem).
As a side note, and an off topic but related note, if you ever want to program a service in bash, you must remember what a service actually is, a process with standard input, output, and error closed that is in the background:
service > /dev/null < /dev/null 2>&1 &
Notice that the only difference is the & added at the end (plus the fact that I changed the command ssh-add
for a theoretical service
. Those commands will correctly put a service on the background.
There is a way to close the terminal for a single command, and that is using file redirection:
ssh-add > /dev/null < /dev/null 2>&1
This will run the command ssh-add
with the terminal closed. Which is fine and dandy, except for the its complexity. But now that you know the correct command, simply make it an alias and append it to ~/.bash_aliases
:
alias ssh-add="/usr/bin/ssh-add > /dev/null < /dev/null 2>&1"
And you should be set. Simply typing ssh-add
will now invoke the alias which will invoke the real command with all the redirection in place.
The ssh-add
now correctly asks you the password with a dialog box... Provided that you have one of these packages installed (in Ubuntu or derivatives, they may have other names elsewhere):
ssh-askpass
ssh-askpass-fullscreen
ssh-askpass-gnome
ksshaskpath
kwalletcli
lxqt-openssh-askpass
razorqt-openssh-askpasss
Now, what do all those things mean?
The 2>&1
means redirect file descriptor #2 (standard error) to the same place file descriptor #1 (standard output) is directed to.
The > /dev/null
means redirect standard output to /dev/null
, which is a special file that discards all data written to it.
The < /dev/null
means redirect standard input to /dev/null
(idem).
As a side note, and an off topic but related note, if you ever want to program a service in bash, you must remember what a service actually is, a process with standard input, output, and error closed that is in the background:
service > /dev/null < /dev/null 2>&1 &
Notice that the only difference is the & added at the end (plus the fact that I changed the command ssh-add
for a theoretical service
. Those commands will correctly put a service on the background.
edited 15 mins ago
studog
1035
1035
answered Mar 19 '17 at 20:26
Victor
112
112
Thank you for the detailed answer Victor. However, it does not fit my requirements. As I wrote at the end of the question, «Please note that I am not referring to ssh-add, but to generic ssh invocations towards an hosts for which a key pair is present but protected by a passphrase.».
â gioele
Mar 20 '17 at 6:23
I see. Well,ssh
functions the exact same way, and the same answer I gave previously still applies. Just replace every occurence ofssh-add
withssh
and you are set.
â Victor
Mar 22 '17 at 14:38
There is just a tiny detail you forgot: if I close stdin/stdout for ssh, how do I give commands through ssh? ;)
â gioele
Mar 22 '17 at 15:54
add a comment |Â
Thank you for the detailed answer Victor. However, it does not fit my requirements. As I wrote at the end of the question, «Please note that I am not referring to ssh-add, but to generic ssh invocations towards an hosts for which a key pair is present but protected by a passphrase.».
â gioele
Mar 20 '17 at 6:23
I see. Well,ssh
functions the exact same way, and the same answer I gave previously still applies. Just replace every occurence ofssh-add
withssh
and you are set.
â Victor
Mar 22 '17 at 14:38
There is just a tiny detail you forgot: if I close stdin/stdout for ssh, how do I give commands through ssh? ;)
â gioele
Mar 22 '17 at 15:54
Thank you for the detailed answer Victor. However, it does not fit my requirements. As I wrote at the end of the question, «Please note that I am not referring to ssh-add, but to generic ssh invocations towards an hosts for which a key pair is present but protected by a passphrase.».
â gioele
Mar 20 '17 at 6:23
Thank you for the detailed answer Victor. However, it does not fit my requirements. As I wrote at the end of the question, «Please note that I am not referring to ssh-add, but to generic ssh invocations towards an hosts for which a key pair is present but protected by a passphrase.».
â gioele
Mar 20 '17 at 6:23
I see. Well,
ssh
functions the exact same way, and the same answer I gave previously still applies. Just replace every occurence of ssh-add
with ssh
and you are set.â Victor
Mar 22 '17 at 14:38
I see. Well,
ssh
functions the exact same way, and the same answer I gave previously still applies. Just replace every occurence of ssh-add
with ssh
and you are set.â Victor
Mar 22 '17 at 14:38
There is just a tiny detail you forgot: if I close stdin/stdout for ssh, how do I give commands through ssh? ;)
â gioele
Mar 22 '17 at 15:54
There is just a tiny detail you forgot: if I close stdin/stdout for ssh, how do I give commands through ssh? ;)
â gioele
Mar 22 '17 at 15:54
add a comment |Â
up vote
0
down vote
I had the same problem when I installed seahorse (which provide seahorse-ssh-askpass
) without installing the package gnome-keyring
on ArchLinux.
Looking at the content of this package gnome-keyring
(https://www.archlinux.org/packages/extra/i686/gnome-keyring) may help you solve your problem.
In any case, if you do not mind using seahorse, you can also install the packages seahorse
and gnome-keyring
(or the equivalent ones for your distribution).
If you do not use Gnome, additional steps may be required: https://wiki.archlinux.org/index.php/GNOME_Keyring.
add a comment |Â
up vote
0
down vote
I had the same problem when I installed seahorse (which provide seahorse-ssh-askpass
) without installing the package gnome-keyring
on ArchLinux.
Looking at the content of this package gnome-keyring
(https://www.archlinux.org/packages/extra/i686/gnome-keyring) may help you solve your problem.
In any case, if you do not mind using seahorse, you can also install the packages seahorse
and gnome-keyring
(or the equivalent ones for your distribution).
If you do not use Gnome, additional steps may be required: https://wiki.archlinux.org/index.php/GNOME_Keyring.
add a comment |Â
up vote
0
down vote
up vote
0
down vote
I had the same problem when I installed seahorse (which provide seahorse-ssh-askpass
) without installing the package gnome-keyring
on ArchLinux.
Looking at the content of this package gnome-keyring
(https://www.archlinux.org/packages/extra/i686/gnome-keyring) may help you solve your problem.
In any case, if you do not mind using seahorse, you can also install the packages seahorse
and gnome-keyring
(or the equivalent ones for your distribution).
If you do not use Gnome, additional steps may be required: https://wiki.archlinux.org/index.php/GNOME_Keyring.
I had the same problem when I installed seahorse (which provide seahorse-ssh-askpass
) without installing the package gnome-keyring
on ArchLinux.
Looking at the content of this package gnome-keyring
(https://www.archlinux.org/packages/extra/i686/gnome-keyring) may help you solve your problem.
In any case, if you do not mind using seahorse, you can also install the packages seahorse
and gnome-keyring
(or the equivalent ones for your distribution).
If you do not use Gnome, additional steps may be required: https://wiki.archlinux.org/index.php/GNOME_Keyring.
answered Aug 7 '13 at 16:31
Fabrice
1
1
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f83986%2ftell-ssh-to-use-a-graphical-prompt-for-key-passphrase%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password