sshpass ignores stdin, asks through GUI

Brought to you by: thesun

#17 sshpass ignores stdin, asks through GUI

Milestone: v1.06

Status: wont-fix

Owner: nobody

Labels: None

Priority: 5

Updated: 2018-01-11

Created: 2018-01-11

Creator: hmijail

Private: No

After some weeks (months?) happily using sshpass on macOS Sierra, I have updated to macOS High Sierra and found that sshpass is seemingly failing to read its stdin, and instead always uses ssh-askpass to request a password through the GUI.

$ sudo port install sshpass

$ echo asdf | sshpass -P assphrase idfile
ssh_askpass: exec(/usr/X11R6/bin/ssh-askpass): No such file or directory

$ brew install ssh-askpass
# ... and reboot to make sure that the installed service is started...

$ export SSH_ASKPASS=/usr/local/bin/ssh-askpass  

$ echo asdf | sshpass -P assphrase idfile
# GUI window asks for password!

I don't remember having this problem earlier with macOS Sierra. Any idea of what could be wrong?

Discussion

hmijail - 2018-01-11

Sorry, the sshpass lines should rather look like this:
$ echo asdf | sshpass -P assphrase ssh-add idfile

... and actually I just realized that sshpass fails as explained with ssh-add, BUT it works correctly with ssh -i idfile. So maybe I'm just trying to abuse sshpass, and my recollection of how I was using it in macOS Sierra is just wrong (I've recently changed my ssh configurations, so that's possible).

Anyway,please take this then as a feature request: please add support for ssh-add to sshpass :).

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Shachar Shemesh - 2018-01-11

The problem, as far as I can tell, is that ssh (or, in this case, ssh-add) don't use the terminal to collect the password, but the GUI tool. That is the main difference. There is nothing sshpass can do to collect those. You'll need to test the command line for ssh/ssh-add to see if you can disable that. As a last resort, try to disable the DISPLAY env var while running it.

With that in mind, if what you're doing is to use sshpass to add a password protected public key to the agent, why not simply remove the password protection from the private key? This will allow you to work without sshpass (and, also, without the agent).

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Shachar Shemesh - 2018-01-11

Either way, this is not an sshpass bug. If you want further help, feel free to contact the mailing list.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Shachar Shemesh - 2018-01-11

status: open --> wont-fix
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
- hmijail - 2018-01-11
  
  But note that sshpass + ssh works as expected, while sshpass + ssh-add doesn't, in the same terminal session. So it's not about environment variables. For completeness, I unset DISPLAY and it all keeps working the same.
  
  I do want to use the agent because then I can use agent forwarding for ssh proxying and such.
  
  And I do want to keep the key with a passphrase for evident security reasons. I know this sounds funny in the context of sshpass, but I'm using it in a safe way, promise ;).
  
  If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
  - Shachar Shemesh - 2018-01-11
    
    This isn't the correct venue for this discussion. Let's move this to the sshpass mailing list, where support requests belong.
    
    If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.