Non-interactive ssh password auth Activity
Brought to you by:
thesun
Activity for Non-interactive ssh password auth
-
bitozoid created ticket #32
ControlMaster / ProxyJump
-
James created ticket #16
Remove AC_FUNC_MALLOC check
-
Shachar Shemesh merged merge request #1 on Code
Fix Segmentation fault in -e mode when environment variable is not set.
-
Marius Wachtler created merge request #1 on Code
Fix Segmentation fault in -e mode when environment variable is not set.
-
Hide password on "ps aux| grep {process name}"
-
The bug system isn't the proper place to ask these types of questions.
-
I'm not sure this is worth fixing. The setup here is this: scp is checking whether it's "foreground" (and thus print the progress) by checking which is the process leader of STDOUT. When running under sshpass, STDOUT is directed to the parent's STDOUT (typically, the controlling terminal of where sshpass was run). But this is not the controlling terminal for scp itself. This is the PTY that sshpass created to accept the password prompt. This causes the IOCTL to fail, and scp to conclude it is running...
-
The immediate cause for scp is an ioctl it does that fails with ENOTTY: ioctl(1, TIOCGPGRP, 0x7ffc18af0484) = -1 ENOTTY (Inappropriate ioctl for device) Still investigating why.
-
[feature request] sshpass should ask for password using the interactive password prompt
-
Each run of sshpass only provides the password to one ssh instance. If sshpass asks for the password, then it will ask for the password 100 times. What you need is a standalone program that asks for the password in a secure way, and then transfers it to sshpass on all 100 instances. This should by no means be part of sshpass itself. A quick search showed https://github.com/r-lib/askpass. See if it's any help to you.
-
Yuri posted a comment on ticket #31
The same program should be run on 100 machines. Users can't type ssh password 100 times. sshpass and pssh combination allow to type the password only once. However, the process of typing password is not as good what ssh itself provides.
-
I fail to see how that is different than just running ssh and letting it ask for the password.
-
At work I wrote a script that allows to start some processes on many machines. It uses sshpass and pssh. Currently the password should either be typed at program's start or password should be supplied as program's argument. Both options are bad. The former option makes it tricky to enter password for people who aren't used to it, and the latter option isn't secure and is also inconvenient. sshpass should really print a prompt just like ssh, and should accept the password from the interactive pro...
-
Can you please outline the use case behind this request?
-
[feature request] sshpass should ask for password using the interactive password prompt
-
John posted a comment on ticket #27
Any update on the fix.
-
T Johnson posted a comment on ticket #30
I forgot mention we are using 1.09.
-
pseudo terminal intermittently fails to be established between sshpass and ssh
-
John posted a comment on ticket #27
Any update on the fix.
-
Cálestyo posted a comment on ticket #28
I don't think sshpass could ever guarantee that a passphrase given as argument cannot be viewed by others, even if it would overwrite it. The OS might still export the original command line somehow and even if it wouldn't there's always the small time frame between starting the process (where the passphrase would be visible) and overwriting it, where an attacker could see it. Your only chance is if the OS prohibits users to see the command arguments of processes from other users.
-
David Finder created ticket #29
Invalid internally wrapped RC.
-
Guilherme Rodrigues Cunha created ticket #28
Hide password on "ps aux| grep {process name}"
-
i am not sure about it. you can fix it the way you like. i have no idea am the end user. but there is no rush. just fyi they would be releasing luna lobster in April.
-
Snippet from sudo's strace ioctl(10, TIOCGPTPEER, 0x102) = 11 dup3(11, 0, 0) = 0 dup3(11, 1, 0) = 1 dup3(11, 2, 0) = 2 Essentially, it opens its own controlling TTY, and then sets that as the standard output, error and input for the process. This is the reason it doesn't print to the terminal: it's printing to sshpass. We can, perhaps, set sshpass to forward the output, but that won't work completely either. In order to work, we need to also redirect the input, and I'm not sure it makes sense to...
-
No worries, take your time I am in no rush, fix it whenever you can.
-
I'm sorry. I've been very busy lately. Atypically for sshpass, the problem is a logic problem, not a system problem. I think the state machine doesn't realize that the password prompt has been satisfied, and doesn't move on to the part where it acts as a passthrough.
-
hi there, did you get a chance to fix the issue.
-
The problem reproduces on my system. I'll have a look when I can.
-
sshpass -p "adminpassword" sudo install terminator doesn't work on Jammy and Kinetic Kudu. It works on Focal Fossa
-
1.9 or 1.10 doesn’t print out anything on terminal console
-
Release 1.10 now has the fix.
-
Non-interactive ssh password auth released /sshpass/1.10/sshpass-1.10.tar.gz
-
Tag version 1.10
-
v1.09 TIOCSCTTY error
-
Fix is pushed to repo. Thank you, everyone.
-
Controlling TTY code fix.
-
Help message problems
-
Iakov Kirilenko posted a comment on ticket #24
This patch helps to fix well known issue also for msys/mingw too. As I can see, there are no obvious reasons for regression with this change. Thanks.
-
Predrag Zečević posted a comment on ticket #24
Adding patch file (NOTE: it was tested only on OpenIndiana platform): :; patch -u main.c -i sshpass-1.09.main_c.patch Patch file was created by comparing original and modified file: :; diff -Naur sshpass-1.09-tar/main.c sshpass-1.09/main.c Regards.
-
HI! I have tested this patch, and it has worked! Many thanks.
-
Website sshpass.sourceforge.net: HTTP Error 443 "Connection refused".
-
I tried to remove the web page reference. I don't think I've succeeded in doing that, but I did succeed in making it point at https://sshpass.sourceforge.io/, which at least has a valid certificate. Of course, that redirects right back to the sf project page, but since I don't have anything useful to put in that page, that's at least somewhat preferable.
-
Drei Eck created ticket #26
Website sshpass.sourceforge.net: HTTP Error 443 "Connection refused".
-
Przemyslaw Strzelczak posted a comment on ticket #11
Noticed it is already released in 1.07.
-
Marcin Olszewski posted a comment on ticket #24
In fact, looks like there are two bugs in the code: 1) per tty_ioctl's documentation, the TIOCSCTTY option requires an int argument, while none is provided here. Adding a zero solves the invalid argument problem (the only value mentioned is 1 and it is for root only) NOTE: because of the way the documentation is formatted, it is easy to treat the description for TIOCNOTTY - which says about a void argument - as the second part for TIOCSCTTY. 3) Once the invalid argument is resolved, we'll face the...
-
Any news on this?
-
Hi Shachar, could you release a version with this patch? It is likely that I hit issue described here in my work.
-
One more thought about it: e) Maybe, what sshpass would need was even another way to specify the passphrase... something like -c "command", in which command is a shell command executed via system(3). sshpass could simply check it's exit status and if 0 take whatever was printed to stdout and use that ass password (including any newlines and so). Exit status 1 would indicate errors, others could be reserved for future use. Of course one would also need to educate users that they mustn't include any...
-
Hi, you have to install build-essential meta package (it will install all development tools, full list of included packages at https://pkg.openindiana.org/hipster/manifest/0/metapackages%2Fbuild-essential%401.0%2C5.11-2022.0.0.1%3A20220117T192224Z) GCC suite is installed under /usr/gcc directory, so you have to adjust your environment variables. For example, I have installed several compilers: developer/gcc-10 10.3.0-2020.0.1.3 i-- developer/gcc-11 11.3.0-2022.0.0.0 i-- developer/gcc-7 7.5.0-2020.0.1.9...
-
Hi, you have to install build-essential meta package (it will install all development tools, full list of included packages at https://pkg.openindiana.org/hipster/manifest/0/metapackages%2Fbuild-essential%401.0%2C5.11-2022.0.0.1%3A20220117T192224Z) GCC suite is installed under /usr/gcc directory, so you have to adjust your environment variables. For example, I have installed several compilers: developer/gcc-10 10.3.0-2020.0.1.3 i-- developer/gcc-11 11.3.0-2022.0.0.0 i-- developer/gcc-7 7.5.0-2020.0.1.9...
-
I've never migrated a project from SF to git(lab/hub)... not sure whether the latter provide any migration tools, so that one could keep all the issues etc.. But at least the repo should be possible.
-
The problem isn't that sshpass doesn't pass scp's output. The problem is that scp decides that it is running non-interactively, and therefor doesn't produce any output. I don't know, at this point, what caused scp to decide that.
-
I tried installing it inside a VM, but I don't know how to install the dependencies. Can you explain the steps needed to turn a bare install to one that is capable of compiling sshpass?
-
-E option for reading password from named env-var
-
I went another route. The -e option now has an optional argument specifying the environment environment. Code is committed.
-
consider switching to git[lab/hub/etc.]
-
Yeah, it was time. Original repo was on CVS, btw.
-
Convert repository from SVN to git
-
Sig unsafe functions in signal handler
-
Better "-e" handling.
-
Update version to 1.09
-
Explicitly set the controlling TTY
-
Whitespaces fix
-
Update version to 1.08
-
Typo in man page
-
Scrub the environment variable for -e (Ubuntu bug #1649374)
-
Report when IP key has changed (Debian bug #730101)
-
Update version to 1.07
-
Report if can't open -f password file (closes #3)
-
Report IPC errors to stderr
-
Update changelog
-
Update changelog
-
Remove unneeded log (closes Bug #12)
-
Fix race over signal handling.
-
Pass terminating signals to child
-
Update version number to 1.06
-
Update the changelog
-
Add verbosity option for debugging why things don't work
-
Allow changing the default password prompt search string from configure
-
Print the default prompt as part of -V
-
Update version information to 1.05
-
Add -P to specify the prompt on the command line
-
Fix typo.
-
Show help if no program to run was supplied
-
Change the "select" to "pselect", resolving the race
-
Slightly racy solution to the TTY slave close problem with openssh 5.6
-
Update version info to 1.04
-
Hide the password passed on the command line from "ps"
-
Fix 100% CPU usage while session is taking place
-
Fix crash when "-e" is given but SSHPASS environment variable is not set.
-
Update documentation for version 1.03
-
Detect host authentication requests.
-
Sort out the easy error codes (those that do not require further output parsing)
-
Expand the help string printed by the program.
-
Update version info for version 1.02
-
Ensure broader compilation support for more platforms (Cygwin)
-
Switch to more standard "posix_openpt" to get a new pty
-
Various updates to the tests performed by the configure script
-
Update version number to 1.01
-
Make sshpass pass window resize events to the inner tty (the one ssh uses)
1 >
