Tell SSH to use a graphical prompt for key passphrase

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
33
down vote

favorite
11












How can I force SSH to request passphrases using a graphical prompt (GTK, for example) instead of the standard one that uses the terminal?



I tried setting SSH_ASKPASS=/usr/bin/ssh-askpass but it seems to have no effects.



The problem is the fact the openssh documentation says




If ssh does not have a terminal associated with it but DISPLAY and SSH_ASKPASS are set, it will execute the program specified by SSH_ASKPASS and open an X11 window to read the passphrase.




An ssh launched from the command line, in my case as the result of a git push, will have a terminal associated with it, so the SSH_ASKPASS logic seems to be ignored.



Please note that I am not referring to ssh-add, but to generic ssh invocations towards an hosts for which a key pair is present but protected by a passphrase.










share|improve this question



























    up vote
    33
    down vote

    favorite
    11












    How can I force SSH to request passphrases using a graphical prompt (GTK, for example) instead of the standard one that uses the terminal?



    I tried setting SSH_ASKPASS=/usr/bin/ssh-askpass but it seems to have no effects.



    The problem is the fact the openssh documentation says




    If ssh does not have a terminal associated with it but DISPLAY and SSH_ASKPASS are set, it will execute the program specified by SSH_ASKPASS and open an X11 window to read the passphrase.




    An ssh launched from the command line, in my case as the result of a git push, will have a terminal associated with it, so the SSH_ASKPASS logic seems to be ignored.



    Please note that I am not referring to ssh-add, but to generic ssh invocations towards an hosts for which a key pair is present but protected by a passphrase.










    share|improve this question

























      up vote
      33
      down vote

      favorite
      11









      up vote
      33
      down vote

      favorite
      11






      11





      How can I force SSH to request passphrases using a graphical prompt (GTK, for example) instead of the standard one that uses the terminal?



      I tried setting SSH_ASKPASS=/usr/bin/ssh-askpass but it seems to have no effects.



      The problem is the fact the openssh documentation says




      If ssh does not have a terminal associated with it but DISPLAY and SSH_ASKPASS are set, it will execute the program specified by SSH_ASKPASS and open an X11 window to read the passphrase.




      An ssh launched from the command line, in my case as the result of a git push, will have a terminal associated with it, so the SSH_ASKPASS logic seems to be ignored.



      Please note that I am not referring to ssh-add, but to generic ssh invocations towards an hosts for which a key pair is present but protected by a passphrase.










      share|improve this question















      How can I force SSH to request passphrases using a graphical prompt (GTK, for example) instead of the standard one that uses the terminal?



      I tried setting SSH_ASKPASS=/usr/bin/ssh-askpass but it seems to have no effects.



      The problem is the fact the openssh documentation says




      If ssh does not have a terminal associated with it but DISPLAY and SSH_ASKPASS are set, it will execute the program specified by SSH_ASKPASS and open an X11 window to read the passphrase.




      An ssh launched from the command line, in my case as the result of a git push, will have a terminal associated with it, so the SSH_ASKPASS logic seems to be ignored.



      Please note that I am not referring to ssh-add, but to generic ssh invocations towards an hosts for which a key pair is present but protected by a passphrase.







      ssh






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Jul 22 '13 at 23:17

























      asked Jul 22 '13 at 15:43









      gioele

      82011120




      82011120




















          4 Answers
          4






          active

          oldest

          votes

















          up vote
          26
          down vote













          #1 - Missing package?



          You're probably missing the package that contains ssh-askpass. Try installing it.



          Fedora/CentOS/RHEL:



          $ sudo yum install openssh-askpass


          Debian/Ubuntu:



          $ sudo apt-get install ssh-askpass-gnome ssh-askpass


          Finding missing utilities



          You can search for missing tools using these commands:



          Fedora/CentOS/RHEL:



          $ yum search ssh-askpass
          Loaded plugins: langpacks, presto, refresh-packagekit
          Adding en_US to language list
          ======================================================= Matched: ssh-askpass =======================================================
          x11-ssh-askpass.x86_64 : A passphrase dialog for X and not only for OpenSSH
          ksshaskpass.x86_64 : A KDE version of ssh-askpass with KWallet support
          connect-proxy.x86_64 : SSH Proxy command helper
          openssh-askpass.x86_64 : A passphrase dialog for OpenSSH and X


          Debian/Ubuntu:



          $ apt-file -l search ssh-askpass
          app-install-data
          cruft
          git-cola
          luckybackup-data
          pssh
          sdm-terminal
          seahorse
          ssh-askpass
          ssh-askpass-fullscreen
          ssh-askpass-gnome


          #2 - Disconnected terminal?



          I missed this initially but after further reading up I noticed this comment in the man page of ssh regarding the SSH_ASKPASS environment variable.



          excerpt



          SSH_ASKPASS If ssh needs a passphrase, it will read the passphrase from the 
          current terminal if it was run from a terminal. If ssh does not
          have a terminal associated with it but DISPLAY and SSH_ASKPASS
          are set, it will execute the program specified by SSH_ASKPASS
          and open an X11 window to read the passphrase. This is particularly
          useful when calling ssh from a .xsession or related script.
          (Note that on some machines it may be necessary to redirect the
          input from /dev/null to make this work.)


          If you notice in the comment, it states that ssh "doesn't have a terminal associated" AND DISPLAY & SSH_ASKPASS are set. Noticing this is key. So to get ssh to use SSH_ASKPASS we need to get ssh to not have a terminal (aka. STDIN & STDOUT) attached to it.



          One way to do this by making use of the command setsid. Don't feel bad. I never heard of this tool either. From the man page:




          setsid - run a program in a new session




          So if we run ssh as the "program" to setsid we can detach ssh from our terminal meeting the criteria mentioned in ssh's man page. The other criteria are set as follows:



          $ echo $DISPLAY; echo $SSH_ASKPASS
          :0.0
          /usr/libexec/openssh/ssh-askpass


          So if we put this all together:



          $ setsid ssh user@remotehost


          For example:



          $ setsid ssh user@skinner


                                                 ss of ask gui



          A solution



          If you'd like to make it so that the setsid is "built-in" you can create an aliases like so:



          $ alias ssh="setsid ssh"


          Now when you ssh you'll get the GUI popping up asking for your password:



          $ ssh user@skinner


          References



          • reading SSH password from stdin – the openssh 5.6p1 compatible way





          share|improve this answer






















          • ssh-askpass gnome is installed and it works fine if launched manually.
            – gioele
            Jul 22 '13 at 23:14











          • @gioele - see updates, I think I've figured it out.
            – slm♦
            Jul 23 '13 at 1:29










          • the problem of this solution is that it requires that I modify each git or rsync command to use setsid ssh instad of plain ssh.
            – gioele
            Jul 23 '13 at 8:16










          • @gioele - you asked for a method to "force" the password GUI, this provides that. You can replace commands such as ssh with aliases setsid ssh is one approach. There are other ways. The limiting factor is openssh needs no TTY attached in order to activate the ASK_SSHPASS.
            – slm♦
            Jul 23 '13 at 9:08










          • I'm not missing the package and I cannot use setsid and then work in ssh from my terminal. That's just not a valid answer at all!? Plus, it was working in older versions of Ubuntu, so I'm not too sure I understand why it suddenly stopped working!
            – Alexis Wilke
            Nov 30 '14 at 5:40

















          up vote
          5
          down vote



          accepted










          It cannot be done in current OpenSSH: there is a issue open in the OpenSSH Bugzilla asking for this feature as of 2013-07: Generalize SSH_ASKPASS.






          share|improve this answer




















          • This does not provide an answer to the question. To critique or request clarification from an author, leave a comment below their post.
            – cuonglm
            Oct 13 '15 at 1:30






          • 6




            @cuonglm "this is not possible" is an answer. It might be wrong or misleading (I'm not saying it is), but it's still an answer.
            – terdon♦
            Oct 22 '15 at 14:04


















          up vote
          1
          down vote













          There is a way to close the terminal for a single command, and that is using file redirection:



          ssh-add > /dev/null < /dev/null 2>&1


          This will run the command ssh-add with the terminal closed. Which is fine and dandy, except for the its complexity. But now that you know the correct command, simply make it an alias and append it to ~/.bash_aliases:



          alias ssh-add="/usr/bin/ssh-add > /dev/null < /dev/null 2>&1"


          And you should be set. Simply typing ssh-add will now invoke the alias which will invoke the real command with all the redirection in place.



          The ssh-add now correctly asks you the password with a dialog box... Provided that you have one of these packages installed (in Ubuntu or derivatives, they may have other names elsewhere):



          • ssh-askpass

          • ssh-askpass-fullscreen

          • ssh-askpass-gnome

          • ksshaskpath

          • kwalletcli

          • lxqt-openssh-askpass

          • razorqt-openssh-askpasss

          Now, what do all those things mean?



          The 2>&1 means redirect file descriptor #2 (standard error) to the same place file descriptor #1 (standard output) is directed to.



          The > /dev/null means redirect standard output to /dev/null, which is a special file that discards all data written to it.



          The < /dev/null means redirect standard input to /dev/null (idem).



          As a side note, and an off topic but related note, if you ever want to program a service in bash, you must remember what a service actually is, a process with standard input, output, and error closed that is in the background:



          service > /dev/null < /dev/null 2>&1 &


          Notice that the only difference is the & added at the end (plus the fact that I changed the command ssh-add for a theoretical service. Those commands will correctly put a service on the background.






          share|improve this answer






















          • Thank you for the detailed answer Victor. However, it does not fit my requirements. As I wrote at the end of the question, «Please note that I am not referring to ssh-add, but to generic ssh invocations towards an hosts for which a key pair is present but protected by a passphrase.».
            – gioele
            Mar 20 '17 at 6:23










          • I see. Well, ssh functions the exact same way, and the same answer I gave previously still applies. Just replace every occurence of ssh-add with ssh and you are set.
            – Victor
            Mar 22 '17 at 14:38











          • There is just a tiny detail you forgot: if I close stdin/stdout for ssh, how do I give commands through ssh? ;)
            – gioele
            Mar 22 '17 at 15:54

















          up vote
          0
          down vote













          I had the same problem when I installed seahorse (which provide seahorse-ssh-askpass) without installing the package gnome-keyring on ArchLinux.



          Looking at the content of this package gnome-keyring (https://www.archlinux.org/packages/extra/i686/gnome-keyring) may help you solve your problem.



          In any case, if you do not mind using seahorse, you can also install the packages seahorse and gnome-keyring (or the equivalent ones for your distribution).
          If you do not use Gnome, additional steps may be required: https://wiki.archlinux.org/index.php/GNOME_Keyring.






          share|improve this answer




















            Your Answer








            StackExchange.ready(function()
            var channelOptions =
            tags: "".split(" "),
            id: "106"
            ;
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function()
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled)
            StackExchange.using("snippets", function()
            createEditor();
            );

            else
            createEditor();

            );

            function createEditor()
            StackExchange.prepareEditor(
            heartbeatType: 'answer',
            convertImagesToLinks: false,
            noModals: false,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: null,
            bindNavPrevention: true,
            postfix: "",
            imageUploader:
            brandingHtml: "",
            contentPolicyHtml: "",
            allowUrls: true
            ,
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            );



            );













             

            draft saved


            draft discarded


















            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f83986%2ftell-ssh-to-use-a-graphical-prompt-for-key-passphrase%23new-answer', 'question_page');

            );

            Post as a guest






























            4 Answers
            4






            active

            oldest

            votes








            4 Answers
            4






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes








            up vote
            26
            down vote













            #1 - Missing package?



            You're probably missing the package that contains ssh-askpass. Try installing it.



            Fedora/CentOS/RHEL:



            $ sudo yum install openssh-askpass


            Debian/Ubuntu:



            $ sudo apt-get install ssh-askpass-gnome ssh-askpass


            Finding missing utilities



            You can search for missing tools using these commands:



            Fedora/CentOS/RHEL:



            $ yum search ssh-askpass
            Loaded plugins: langpacks, presto, refresh-packagekit
            Adding en_US to language list
            ======================================================= Matched: ssh-askpass =======================================================
            x11-ssh-askpass.x86_64 : A passphrase dialog for X and not only for OpenSSH
            ksshaskpass.x86_64 : A KDE version of ssh-askpass with KWallet support
            connect-proxy.x86_64 : SSH Proxy command helper
            openssh-askpass.x86_64 : A passphrase dialog for OpenSSH and X


            Debian/Ubuntu:



            $ apt-file -l search ssh-askpass
            app-install-data
            cruft
            git-cola
            luckybackup-data
            pssh
            sdm-terminal
            seahorse
            ssh-askpass
            ssh-askpass-fullscreen
            ssh-askpass-gnome


            #2 - Disconnected terminal?



            I missed this initially but after further reading up I noticed this comment in the man page of ssh regarding the SSH_ASKPASS environment variable.



            excerpt



            SSH_ASKPASS If ssh needs a passphrase, it will read the passphrase from the 
            current terminal if it was run from a terminal. If ssh does not
            have a terminal associated with it but DISPLAY and SSH_ASKPASS
            are set, it will execute the program specified by SSH_ASKPASS
            and open an X11 window to read the passphrase. This is particularly
            useful when calling ssh from a .xsession or related script.
            (Note that on some machines it may be necessary to redirect the
            input from /dev/null to make this work.)


            If you notice in the comment, it states that ssh "doesn't have a terminal associated" AND DISPLAY & SSH_ASKPASS are set. Noticing this is key. So to get ssh to use SSH_ASKPASS we need to get ssh to not have a terminal (aka. STDIN & STDOUT) attached to it.



            One way to do this by making use of the command setsid. Don't feel bad. I never heard of this tool either. From the man page:




            setsid - run a program in a new session




            So if we run ssh as the "program" to setsid we can detach ssh from our terminal meeting the criteria mentioned in ssh's man page. The other criteria are set as follows:



            $ echo $DISPLAY; echo $SSH_ASKPASS
            :0.0
            /usr/libexec/openssh/ssh-askpass


            So if we put this all together:



            $ setsid ssh user@remotehost


            For example:



            $ setsid ssh user@skinner


                                                   ss of ask gui



            A solution



            If you'd like to make it so that the setsid is "built-in" you can create an aliases like so:



            $ alias ssh="setsid ssh"


            Now when you ssh you'll get the GUI popping up asking for your password:



            $ ssh user@skinner


            References



            • reading SSH password from stdin – the openssh 5.6p1 compatible way





            share|improve this answer






















            • ssh-askpass gnome is installed and it works fine if launched manually.
              – gioele
              Jul 22 '13 at 23:14











            • @gioele - see updates, I think I've figured it out.
              – slm♦
              Jul 23 '13 at 1:29










            • the problem of this solution is that it requires that I modify each git or rsync command to use setsid ssh instad of plain ssh.
              – gioele
              Jul 23 '13 at 8:16










            • @gioele - you asked for a method to "force" the password GUI, this provides that. You can replace commands such as ssh with aliases setsid ssh is one approach. There are other ways. The limiting factor is openssh needs no TTY attached in order to activate the ASK_SSHPASS.
              – slm♦
              Jul 23 '13 at 9:08










            • I'm not missing the package and I cannot use setsid and then work in ssh from my terminal. That's just not a valid answer at all!? Plus, it was working in older versions of Ubuntu, so I'm not too sure I understand why it suddenly stopped working!
              – Alexis Wilke
              Nov 30 '14 at 5:40














            up vote
            26
            down vote













            #1 - Missing package?



            You're probably missing the package that contains ssh-askpass. Try installing it.



            Fedora/CentOS/RHEL:



            $ sudo yum install openssh-askpass


            Debian/Ubuntu:



            $ sudo apt-get install ssh-askpass-gnome ssh-askpass


            Finding missing utilities



            You can search for missing tools using these commands:



            Fedora/CentOS/RHEL:



            $ yum search ssh-askpass
            Loaded plugins: langpacks, presto, refresh-packagekit
            Adding en_US to language list
            ======================================================= Matched: ssh-askpass =======================================================
            x11-ssh-askpass.x86_64 : A passphrase dialog for X and not only for OpenSSH
            ksshaskpass.x86_64 : A KDE version of ssh-askpass with KWallet support
            connect-proxy.x86_64 : SSH Proxy command helper
            openssh-askpass.x86_64 : A passphrase dialog for OpenSSH and X


            Debian/Ubuntu:



            $ apt-file -l search ssh-askpass
            app-install-data
            cruft
            git-cola
            luckybackup-data
            pssh
            sdm-terminal
            seahorse
            ssh-askpass
            ssh-askpass-fullscreen
            ssh-askpass-gnome


            #2 - Disconnected terminal?



            I missed this initially but after further reading up I noticed this comment in the man page of ssh regarding the SSH_ASKPASS environment variable.



            excerpt



            SSH_ASKPASS If ssh needs a passphrase, it will read the passphrase from the 
            current terminal if it was run from a terminal. If ssh does not
            have a terminal associated with it but DISPLAY and SSH_ASKPASS
            are set, it will execute the program specified by SSH_ASKPASS
            and open an X11 window to read the passphrase. This is particularly
            useful when calling ssh from a .xsession or related script.
            (Note that on some machines it may be necessary to redirect the
            input from /dev/null to make this work.)


            If you notice in the comment, it states that ssh "doesn't have a terminal associated" AND DISPLAY & SSH_ASKPASS are set. Noticing this is key. So to get ssh to use SSH_ASKPASS we need to get ssh to not have a terminal (aka. STDIN & STDOUT) attached to it.



            One way to do this by making use of the command setsid. Don't feel bad. I never heard of this tool either. From the man page:




            setsid - run a program in a new session




            So if we run ssh as the "program" to setsid we can detach ssh from our terminal meeting the criteria mentioned in ssh's man page. The other criteria are set as follows:



            $ echo $DISPLAY; echo $SSH_ASKPASS
            :0.0
            /usr/libexec/openssh/ssh-askpass


            So if we put this all together:



            $ setsid ssh user@remotehost


            For example:



            $ setsid ssh user@skinner


                                                   ss of ask gui



            A solution



            If you'd like to make it so that the setsid is "built-in" you can create an aliases like so:



            $ alias ssh="setsid ssh"


            Now when you ssh you'll get the GUI popping up asking for your password:



            $ ssh user@skinner


            References



            • reading SSH password from stdin – the openssh 5.6p1 compatible way





            share|improve this answer






















            • ssh-askpass gnome is installed and it works fine if launched manually.
              – gioele
              Jul 22 '13 at 23:14











            • @gioele - see updates, I think I've figured it out.
              – slm♦
              Jul 23 '13 at 1:29










            • the problem of this solution is that it requires that I modify each git or rsync command to use setsid ssh instad of plain ssh.
              – gioele
              Jul 23 '13 at 8:16










            • @gioele - you asked for a method to "force" the password GUI, this provides that. You can replace commands such as ssh with aliases setsid ssh is one approach. There are other ways. The limiting factor is openssh needs no TTY attached in order to activate the ASK_SSHPASS.
              – slm♦
              Jul 23 '13 at 9:08










            • I'm not missing the package and I cannot use setsid and then work in ssh from my terminal. That's just not a valid answer at all!? Plus, it was working in older versions of Ubuntu, so I'm not too sure I understand why it suddenly stopped working!
              – Alexis Wilke
              Nov 30 '14 at 5:40












            up vote
            26
            down vote










            up vote
            26
            down vote









            #1 - Missing package?



            You're probably missing the package that contains ssh-askpass. Try installing it.



            Fedora/CentOS/RHEL:



            $ sudo yum install openssh-askpass


            Debian/Ubuntu:



            $ sudo apt-get install ssh-askpass-gnome ssh-askpass


            Finding missing utilities



            You can search for missing tools using these commands:



            Fedora/CentOS/RHEL:



            $ yum search ssh-askpass
            Loaded plugins: langpacks, presto, refresh-packagekit
            Adding en_US to language list
            ======================================================= Matched: ssh-askpass =======================================================
            x11-ssh-askpass.x86_64 : A passphrase dialog for X and not only for OpenSSH
            ksshaskpass.x86_64 : A KDE version of ssh-askpass with KWallet support
            connect-proxy.x86_64 : SSH Proxy command helper
            openssh-askpass.x86_64 : A passphrase dialog for OpenSSH and X


            Debian/Ubuntu:



            $ apt-file -l search ssh-askpass
            app-install-data
            cruft
            git-cola
            luckybackup-data
            pssh
            sdm-terminal
            seahorse
            ssh-askpass
            ssh-askpass-fullscreen
            ssh-askpass-gnome


            #2 - Disconnected terminal?



            I missed this initially but after further reading up I noticed this comment in the man page of ssh regarding the SSH_ASKPASS environment variable.



            excerpt



            SSH_ASKPASS If ssh needs a passphrase, it will read the passphrase from the 
            current terminal if it was run from a terminal. If ssh does not
            have a terminal associated with it but DISPLAY and SSH_ASKPASS
            are set, it will execute the program specified by SSH_ASKPASS
            and open an X11 window to read the passphrase. This is particularly
            useful when calling ssh from a .xsession or related script.
            (Note that on some machines it may be necessary to redirect the
            input from /dev/null to make this work.)


            If you notice in the comment, it states that ssh "doesn't have a terminal associated" AND DISPLAY & SSH_ASKPASS are set. Noticing this is key. So to get ssh to use SSH_ASKPASS we need to get ssh to not have a terminal (aka. STDIN & STDOUT) attached to it.



            One way to do this by making use of the command setsid. Don't feel bad. I never heard of this tool either. From the man page:




            setsid - run a program in a new session




            So if we run ssh as the "program" to setsid we can detach ssh from our terminal meeting the criteria mentioned in ssh's man page. The other criteria are set as follows:



            $ echo $DISPLAY; echo $SSH_ASKPASS
            :0.0
            /usr/libexec/openssh/ssh-askpass


            So if we put this all together:



            $ setsid ssh user@remotehost


            For example:



            $ setsid ssh user@skinner


                                                   ss of ask gui



            A solution



            If you'd like to make it so that the setsid is "built-in" you can create an aliases like so:



            $ alias ssh="setsid ssh"


            Now when you ssh you'll get the GUI popping up asking for your password:



            $ ssh user@skinner


            References



            • reading SSH password from stdin – the openssh 5.6p1 compatible way





            share|improve this answer














            #1 - Missing package?



            You're probably missing the package that contains ssh-askpass. Try installing it.



            Fedora/CentOS/RHEL:



            $ sudo yum install openssh-askpass


            Debian/Ubuntu:



            $ sudo apt-get install ssh-askpass-gnome ssh-askpass


            Finding missing utilities



            You can search for missing tools using these commands:



            Fedora/CentOS/RHEL:



            $ yum search ssh-askpass
            Loaded plugins: langpacks, presto, refresh-packagekit
            Adding en_US to language list
            ======================================================= Matched: ssh-askpass =======================================================
            x11-ssh-askpass.x86_64 : A passphrase dialog for X and not only for OpenSSH
            ksshaskpass.x86_64 : A KDE version of ssh-askpass with KWallet support
            connect-proxy.x86_64 : SSH Proxy command helper
            openssh-askpass.x86_64 : A passphrase dialog for OpenSSH and X


            Debian/Ubuntu:



            $ apt-file -l search ssh-askpass
            app-install-data
            cruft
            git-cola
            luckybackup-data
            pssh
            sdm-terminal
            seahorse
            ssh-askpass
            ssh-askpass-fullscreen
            ssh-askpass-gnome


            #2 - Disconnected terminal?



            I missed this initially but after further reading up I noticed this comment in the man page of ssh regarding the SSH_ASKPASS environment variable.



            excerpt



            SSH_ASKPASS If ssh needs a passphrase, it will read the passphrase from the 
            current terminal if it was run from a terminal. If ssh does not
            have a terminal associated with it but DISPLAY and SSH_ASKPASS
            are set, it will execute the program specified by SSH_ASKPASS
            and open an X11 window to read the passphrase. This is particularly
            useful when calling ssh from a .xsession or related script.
            (Note that on some machines it may be necessary to redirect the
            input from /dev/null to make this work.)


            If you notice in the comment, it states that ssh "doesn't have a terminal associated" AND DISPLAY & SSH_ASKPASS are set. Noticing this is key. So to get ssh to use SSH_ASKPASS we need to get ssh to not have a terminal (aka. STDIN & STDOUT) attached to it.



            One way to do this by making use of the command setsid. Don't feel bad. I never heard of this tool either. From the man page:




            setsid - run a program in a new session




            So if we run ssh as the "program" to setsid we can detach ssh from our terminal meeting the criteria mentioned in ssh's man page. The other criteria are set as follows:



            $ echo $DISPLAY; echo $SSH_ASKPASS
            :0.0
            /usr/libexec/openssh/ssh-askpass


            So if we put this all together:



            $ setsid ssh user@remotehost


            For example:



            $ setsid ssh user@skinner


                                                   ss of ask gui



            A solution



            If you'd like to make it so that the setsid is "built-in" you can create an aliases like so:



            $ alias ssh="setsid ssh"


            Now when you ssh you'll get the GUI popping up asking for your password:



            $ ssh user@skinner


            References



            • reading SSH password from stdin – the openssh 5.6p1 compatible way






            share|improve this answer














            share|improve this answer



            share|improve this answer








            edited Jul 23 '13 at 9:16

























            answered Jul 22 '13 at 17:03









            slm♦

            242k66501669




            242k66501669











            • ssh-askpass gnome is installed and it works fine if launched manually.
              – gioele
              Jul 22 '13 at 23:14











            • @gioele - see updates, I think I've figured it out.
              – slm♦
              Jul 23 '13 at 1:29










            • the problem of this solution is that it requires that I modify each git or rsync command to use setsid ssh instad of plain ssh.
              – gioele
              Jul 23 '13 at 8:16










            • @gioele - you asked for a method to "force" the password GUI, this provides that. You can replace commands such as ssh with aliases setsid ssh is one approach. There are other ways. The limiting factor is openssh needs no TTY attached in order to activate the ASK_SSHPASS.
              – slm♦
              Jul 23 '13 at 9:08










            • I'm not missing the package and I cannot use setsid and then work in ssh from my terminal. That's just not a valid answer at all!? Plus, it was working in older versions of Ubuntu, so I'm not too sure I understand why it suddenly stopped working!
              – Alexis Wilke
              Nov 30 '14 at 5:40
















            • ssh-askpass gnome is installed and it works fine if launched manually.
              – gioele
              Jul 22 '13 at 23:14











            • @gioele - see updates, I think I've figured it out.
              – slm♦
              Jul 23 '13 at 1:29










            • the problem of this solution is that it requires that I modify each git or rsync command to use setsid ssh instad of plain ssh.
              – gioele
              Jul 23 '13 at 8:16










            • @gioele - you asked for a method to "force" the password GUI, this provides that. You can replace commands such as ssh with aliases setsid ssh is one approach. There are other ways. The limiting factor is openssh needs no TTY attached in order to activate the ASK_SSHPASS.
              – slm♦
              Jul 23 '13 at 9:08










            • I'm not missing the package and I cannot use setsid and then work in ssh from my terminal. That's just not a valid answer at all!? Plus, it was working in older versions of Ubuntu, so I'm not too sure I understand why it suddenly stopped working!
              – Alexis Wilke
              Nov 30 '14 at 5:40















            ssh-askpass gnome is installed and it works fine if launched manually.
            – gioele
            Jul 22 '13 at 23:14





            ssh-askpass gnome is installed and it works fine if launched manually.
            – gioele
            Jul 22 '13 at 23:14













            @gioele - see updates, I think I've figured it out.
            – slm♦
            Jul 23 '13 at 1:29




            @gioele - see updates, I think I've figured it out.
            – slm♦
            Jul 23 '13 at 1:29












            the problem of this solution is that it requires that I modify each git or rsync command to use setsid ssh instad of plain ssh.
            – gioele
            Jul 23 '13 at 8:16




            the problem of this solution is that it requires that I modify each git or rsync command to use setsid ssh instad of plain ssh.
            – gioele
            Jul 23 '13 at 8:16












            @gioele - you asked for a method to "force" the password GUI, this provides that. You can replace commands such as ssh with aliases setsid ssh is one approach. There are other ways. The limiting factor is openssh needs no TTY attached in order to activate the ASK_SSHPASS.
            – slm♦
            Jul 23 '13 at 9:08




            @gioele - you asked for a method to "force" the password GUI, this provides that. You can replace commands such as ssh with aliases setsid ssh is one approach. There are other ways. The limiting factor is openssh needs no TTY attached in order to activate the ASK_SSHPASS.
            – slm♦
            Jul 23 '13 at 9:08












            I'm not missing the package and I cannot use setsid and then work in ssh from my terminal. That's just not a valid answer at all!? Plus, it was working in older versions of Ubuntu, so I'm not too sure I understand why it suddenly stopped working!
            – Alexis Wilke
            Nov 30 '14 at 5:40




            I'm not missing the package and I cannot use setsid and then work in ssh from my terminal. That's just not a valid answer at all!? Plus, it was working in older versions of Ubuntu, so I'm not too sure I understand why it suddenly stopped working!
            – Alexis Wilke
            Nov 30 '14 at 5:40












            up vote
            5
            down vote



            accepted










            It cannot be done in current OpenSSH: there is a issue open in the OpenSSH Bugzilla asking for this feature as of 2013-07: Generalize SSH_ASKPASS.






            share|improve this answer




















            • This does not provide an answer to the question. To critique or request clarification from an author, leave a comment below their post.
              – cuonglm
              Oct 13 '15 at 1:30






            • 6




              @cuonglm "this is not possible" is an answer. It might be wrong or misleading (I'm not saying it is), but it's still an answer.
              – terdon♦
              Oct 22 '15 at 14:04















            up vote
            5
            down vote



            accepted










            It cannot be done in current OpenSSH: there is a issue open in the OpenSSH Bugzilla asking for this feature as of 2013-07: Generalize SSH_ASKPASS.






            share|improve this answer




















            • This does not provide an answer to the question. To critique or request clarification from an author, leave a comment below their post.
              – cuonglm
              Oct 13 '15 at 1:30






            • 6




              @cuonglm "this is not possible" is an answer. It might be wrong or misleading (I'm not saying it is), but it's still an answer.
              – terdon♦
              Oct 22 '15 at 14:04













            up vote
            5
            down vote



            accepted







            up vote
            5
            down vote



            accepted






            It cannot be done in current OpenSSH: there is a issue open in the OpenSSH Bugzilla asking for this feature as of 2013-07: Generalize SSH_ASKPASS.






            share|improve this answer












            It cannot be done in current OpenSSH: there is a issue open in the OpenSSH Bugzilla asking for this feature as of 2013-07: Generalize SSH_ASKPASS.







            share|improve this answer












            share|improve this answer



            share|improve this answer










            answered Jul 23 '13 at 8:22









            gioele

            82011120




            82011120











            • This does not provide an answer to the question. To critique or request clarification from an author, leave a comment below their post.
              – cuonglm
              Oct 13 '15 at 1:30






            • 6




              @cuonglm "this is not possible" is an answer. It might be wrong or misleading (I'm not saying it is), but it's still an answer.
              – terdon♦
              Oct 22 '15 at 14:04

















            • This does not provide an answer to the question. To critique or request clarification from an author, leave a comment below their post.
              – cuonglm
              Oct 13 '15 at 1:30






            • 6




              @cuonglm "this is not possible" is an answer. It might be wrong or misleading (I'm not saying it is), but it's still an answer.
              – terdon♦
              Oct 22 '15 at 14:04
















            This does not provide an answer to the question. To critique or request clarification from an author, leave a comment below their post.
            – cuonglm
            Oct 13 '15 at 1:30




            This does not provide an answer to the question. To critique or request clarification from an author, leave a comment below their post.
            – cuonglm
            Oct 13 '15 at 1:30




            6




            6




            @cuonglm "this is not possible" is an answer. It might be wrong or misleading (I'm not saying it is), but it's still an answer.
            – terdon♦
            Oct 22 '15 at 14:04





            @cuonglm "this is not possible" is an answer. It might be wrong or misleading (I'm not saying it is), but it's still an answer.
            – terdon♦
            Oct 22 '15 at 14:04











            up vote
            1
            down vote













            There is a way to close the terminal for a single command, and that is using file redirection:



            ssh-add > /dev/null < /dev/null 2>&1


            This will run the command ssh-add with the terminal closed. Which is fine and dandy, except for the its complexity. But now that you know the correct command, simply make it an alias and append it to ~/.bash_aliases:



            alias ssh-add="/usr/bin/ssh-add > /dev/null < /dev/null 2>&1"


            And you should be set. Simply typing ssh-add will now invoke the alias which will invoke the real command with all the redirection in place.



            The ssh-add now correctly asks you the password with a dialog box... Provided that you have one of these packages installed (in Ubuntu or derivatives, they may have other names elsewhere):



            • ssh-askpass

            • ssh-askpass-fullscreen

            • ssh-askpass-gnome

            • ksshaskpath

            • kwalletcli

            • lxqt-openssh-askpass

            • razorqt-openssh-askpasss

            Now, what do all those things mean?



            The 2>&1 means redirect file descriptor #2 (standard error) to the same place file descriptor #1 (standard output) is directed to.



            The > /dev/null means redirect standard output to /dev/null, which is a special file that discards all data written to it.



            The < /dev/null means redirect standard input to /dev/null (idem).



            As a side note, and an off topic but related note, if you ever want to program a service in bash, you must remember what a service actually is, a process with standard input, output, and error closed that is in the background:



            service > /dev/null < /dev/null 2>&1 &


            Notice that the only difference is the & added at the end (plus the fact that I changed the command ssh-add for a theoretical service. Those commands will correctly put a service on the background.






            share|improve this answer






















            • Thank you for the detailed answer Victor. However, it does not fit my requirements. As I wrote at the end of the question, «Please note that I am not referring to ssh-add, but to generic ssh invocations towards an hosts for which a key pair is present but protected by a passphrase.».
              – gioele
              Mar 20 '17 at 6:23










            • I see. Well, ssh functions the exact same way, and the same answer I gave previously still applies. Just replace every occurence of ssh-add with ssh and you are set.
              – Victor
              Mar 22 '17 at 14:38











            • There is just a tiny detail you forgot: if I close stdin/stdout for ssh, how do I give commands through ssh? ;)
              – gioele
              Mar 22 '17 at 15:54














            up vote
            1
            down vote













            There is a way to close the terminal for a single command, and that is using file redirection:



            ssh-add > /dev/null < /dev/null 2>&1


            This will run the command ssh-add with the terminal closed. Which is fine and dandy, except for the its complexity. But now that you know the correct command, simply make it an alias and append it to ~/.bash_aliases:



            alias ssh-add="/usr/bin/ssh-add > /dev/null < /dev/null 2>&1"


            And you should be set. Simply typing ssh-add will now invoke the alias which will invoke the real command with all the redirection in place.



            The ssh-add now correctly asks you the password with a dialog box... Provided that you have one of these packages installed (in Ubuntu or derivatives, they may have other names elsewhere):



            • ssh-askpass

            • ssh-askpass-fullscreen

            • ssh-askpass-gnome

            • ksshaskpath

            • kwalletcli

            • lxqt-openssh-askpass

            • razorqt-openssh-askpasss

            Now, what do all those things mean?



            The 2>&1 means redirect file descriptor #2 (standard error) to the same place file descriptor #1 (standard output) is directed to.



            The > /dev/null means redirect standard output to /dev/null, which is a special file that discards all data written to it.



            The < /dev/null means redirect standard input to /dev/null (idem).



            As a side note, and an off topic but related note, if you ever want to program a service in bash, you must remember what a service actually is, a process with standard input, output, and error closed that is in the background:



            service > /dev/null < /dev/null 2>&1 &


            Notice that the only difference is the & added at the end (plus the fact that I changed the command ssh-add for a theoretical service. Those commands will correctly put a service on the background.






            share|improve this answer






















            • Thank you for the detailed answer Victor. However, it does not fit my requirements. As I wrote at the end of the question, «Please note that I am not referring to ssh-add, but to generic ssh invocations towards an hosts for which a key pair is present but protected by a passphrase.».
              – gioele
              Mar 20 '17 at 6:23










            • I see. Well, ssh functions the exact same way, and the same answer I gave previously still applies. Just replace every occurence of ssh-add with ssh and you are set.
              – Victor
              Mar 22 '17 at 14:38











            • There is just a tiny detail you forgot: if I close stdin/stdout for ssh, how do I give commands through ssh? ;)
              – gioele
              Mar 22 '17 at 15:54












            up vote
            1
            down vote










            up vote
            1
            down vote









            There is a way to close the terminal for a single command, and that is using file redirection:



            ssh-add > /dev/null < /dev/null 2>&1


            This will run the command ssh-add with the terminal closed. Which is fine and dandy, except for the its complexity. But now that you know the correct command, simply make it an alias and append it to ~/.bash_aliases:



            alias ssh-add="/usr/bin/ssh-add > /dev/null < /dev/null 2>&1"


            And you should be set. Simply typing ssh-add will now invoke the alias which will invoke the real command with all the redirection in place.



            The ssh-add now correctly asks you the password with a dialog box... Provided that you have one of these packages installed (in Ubuntu or derivatives, they may have other names elsewhere):



            • ssh-askpass

            • ssh-askpass-fullscreen

            • ssh-askpass-gnome

            • ksshaskpath

            • kwalletcli

            • lxqt-openssh-askpass

            • razorqt-openssh-askpasss

            Now, what do all those things mean?



            The 2>&1 means redirect file descriptor #2 (standard error) to the same place file descriptor #1 (standard output) is directed to.



            The > /dev/null means redirect standard output to /dev/null, which is a special file that discards all data written to it.



            The < /dev/null means redirect standard input to /dev/null (idem).



            As a side note, and an off topic but related note, if you ever want to program a service in bash, you must remember what a service actually is, a process with standard input, output, and error closed that is in the background:



            service > /dev/null < /dev/null 2>&1 &


            Notice that the only difference is the & added at the end (plus the fact that I changed the command ssh-add for a theoretical service. Those commands will correctly put a service on the background.






            share|improve this answer














            There is a way to close the terminal for a single command, and that is using file redirection:



            ssh-add > /dev/null < /dev/null 2>&1


            This will run the command ssh-add with the terminal closed. Which is fine and dandy, except for the its complexity. But now that you know the correct command, simply make it an alias and append it to ~/.bash_aliases:



            alias ssh-add="/usr/bin/ssh-add > /dev/null < /dev/null 2>&1"


            And you should be set. Simply typing ssh-add will now invoke the alias which will invoke the real command with all the redirection in place.



            The ssh-add now correctly asks you the password with a dialog box... Provided that you have one of these packages installed (in Ubuntu or derivatives, they may have other names elsewhere):



            • ssh-askpass

            • ssh-askpass-fullscreen

            • ssh-askpass-gnome

            • ksshaskpath

            • kwalletcli

            • lxqt-openssh-askpass

            • razorqt-openssh-askpasss

            Now, what do all those things mean?



            The 2>&1 means redirect file descriptor #2 (standard error) to the same place file descriptor #1 (standard output) is directed to.



            The > /dev/null means redirect standard output to /dev/null, which is a special file that discards all data written to it.



            The < /dev/null means redirect standard input to /dev/null (idem).



            As a side note, and an off topic but related note, if you ever want to program a service in bash, you must remember what a service actually is, a process with standard input, output, and error closed that is in the background:



            service > /dev/null < /dev/null 2>&1 &


            Notice that the only difference is the & added at the end (plus the fact that I changed the command ssh-add for a theoretical service. Those commands will correctly put a service on the background.







            share|improve this answer














            share|improve this answer



            share|improve this answer








            edited 15 mins ago









            studog

            1035




            1035










            answered Mar 19 '17 at 20:26









            Victor

            112




            112











            • Thank you for the detailed answer Victor. However, it does not fit my requirements. As I wrote at the end of the question, «Please note that I am not referring to ssh-add, but to generic ssh invocations towards an hosts for which a key pair is present but protected by a passphrase.».
              – gioele
              Mar 20 '17 at 6:23










            • I see. Well, ssh functions the exact same way, and the same answer I gave previously still applies. Just replace every occurence of ssh-add with ssh and you are set.
              – Victor
              Mar 22 '17 at 14:38











            • There is just a tiny detail you forgot: if I close stdin/stdout for ssh, how do I give commands through ssh? ;)
              – gioele
              Mar 22 '17 at 15:54
















            • Thank you for the detailed answer Victor. However, it does not fit my requirements. As I wrote at the end of the question, «Please note that I am not referring to ssh-add, but to generic ssh invocations towards an hosts for which a key pair is present but protected by a passphrase.».
              – gioele
              Mar 20 '17 at 6:23










            • I see. Well, ssh functions the exact same way, and the same answer I gave previously still applies. Just replace every occurence of ssh-add with ssh and you are set.
              – Victor
              Mar 22 '17 at 14:38











            • There is just a tiny detail you forgot: if I close stdin/stdout for ssh, how do I give commands through ssh? ;)
              – gioele
              Mar 22 '17 at 15:54















            Thank you for the detailed answer Victor. However, it does not fit my requirements. As I wrote at the end of the question, «Please note that I am not referring to ssh-add, but to generic ssh invocations towards an hosts for which a key pair is present but protected by a passphrase.».
            – gioele
            Mar 20 '17 at 6:23




            Thank you for the detailed answer Victor. However, it does not fit my requirements. As I wrote at the end of the question, «Please note that I am not referring to ssh-add, but to generic ssh invocations towards an hosts for which a key pair is present but protected by a passphrase.».
            – gioele
            Mar 20 '17 at 6:23












            I see. Well, ssh functions the exact same way, and the same answer I gave previously still applies. Just replace every occurence of ssh-add with ssh and you are set.
            – Victor
            Mar 22 '17 at 14:38





            I see. Well, ssh functions the exact same way, and the same answer I gave previously still applies. Just replace every occurence of ssh-add with ssh and you are set.
            – Victor
            Mar 22 '17 at 14:38













            There is just a tiny detail you forgot: if I close stdin/stdout for ssh, how do I give commands through ssh? ;)
            – gioele
            Mar 22 '17 at 15:54




            There is just a tiny detail you forgot: if I close stdin/stdout for ssh, how do I give commands through ssh? ;)
            – gioele
            Mar 22 '17 at 15:54










            up vote
            0
            down vote













            I had the same problem when I installed seahorse (which provide seahorse-ssh-askpass) without installing the package gnome-keyring on ArchLinux.



            Looking at the content of this package gnome-keyring (https://www.archlinux.org/packages/extra/i686/gnome-keyring) may help you solve your problem.



            In any case, if you do not mind using seahorse, you can also install the packages seahorse and gnome-keyring (or the equivalent ones for your distribution).
            If you do not use Gnome, additional steps may be required: https://wiki.archlinux.org/index.php/GNOME_Keyring.






            share|improve this answer
























              up vote
              0
              down vote













              I had the same problem when I installed seahorse (which provide seahorse-ssh-askpass) without installing the package gnome-keyring on ArchLinux.



              Looking at the content of this package gnome-keyring (https://www.archlinux.org/packages/extra/i686/gnome-keyring) may help you solve your problem.



              In any case, if you do not mind using seahorse, you can also install the packages seahorse and gnome-keyring (or the equivalent ones for your distribution).
              If you do not use Gnome, additional steps may be required: https://wiki.archlinux.org/index.php/GNOME_Keyring.






              share|improve this answer






















                up vote
                0
                down vote










                up vote
                0
                down vote









                I had the same problem when I installed seahorse (which provide seahorse-ssh-askpass) without installing the package gnome-keyring on ArchLinux.



                Looking at the content of this package gnome-keyring (https://www.archlinux.org/packages/extra/i686/gnome-keyring) may help you solve your problem.



                In any case, if you do not mind using seahorse, you can also install the packages seahorse and gnome-keyring (or the equivalent ones for your distribution).
                If you do not use Gnome, additional steps may be required: https://wiki.archlinux.org/index.php/GNOME_Keyring.






                share|improve this answer












                I had the same problem when I installed seahorse (which provide seahorse-ssh-askpass) without installing the package gnome-keyring on ArchLinux.



                Looking at the content of this package gnome-keyring (https://www.archlinux.org/packages/extra/i686/gnome-keyring) may help you solve your problem.



                In any case, if you do not mind using seahorse, you can also install the packages seahorse and gnome-keyring (or the equivalent ones for your distribution).
                If you do not use Gnome, additional steps may be required: https://wiki.archlinux.org/index.php/GNOME_Keyring.







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Aug 7 '13 at 16:31









                Fabrice

                1




                1



























                     

                    draft saved


                    draft discarded















































                     


                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function ()
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f83986%2ftell-ssh-to-use-a-graphical-prompt-for-key-passphrase%23new-answer', 'question_page');

                    );

                    Post as a guest













































































                    Popular posts from this blog

                    How to check contact read email or not when send email to Individual?

                    Displaying single band from multi-band raster using QGIS

                    How many registers does an x86_64 CPU actually have?