Re: [Sshpass-devel] Added support for entering TOTP; changing attempts entering password
Brought to you by:
thesun
Menu
▾
▴
Re: [Sshpass-devel] Added support for entering TOTP; changing attempts entering password
|
From: Halturin D. <dha...@ho...> - 2021-07-13 00:27:11
|
Hello, Shachar There is no task here to support some N-plugins for two-factor authorization via ssh. The patch allows sshpass to work so that the utility can correctly process not only the password, but also two-factor authorization. At the moment, the -P key does not solve this problem, since it will only change the Prompt to which you need to respond. The implementation in the patch allows you to respond to both Prompt for password and Prompt for two-factor authorization simultaneously / sequentially (it does not matter Duo or MFA/TOTP from Google plugin). It does not matter how soon the release gets into Debian/Ubuntu and other distributions, it is important that you understand that the added keys expand the functionality of sshpass and you can enter a two-factor authorization code regardless of the type of plugin (duo/totp/etc). I really ask you, please review the patch again, delve into the essence of the issue being solved. Denis ________________________________ От: Shachar Shemesh <sh...@sh...> Отправлено: 12 июля 2021 г. 22:40 Кому: ssh...@li... <ssh...@li...> Тема: Re: [Sshpass-devel] Added support for entering TOTP; changing attempts entering password On 09/07/2021 12:39, Halturin Denis wrote: Hello Shachar, Tell me, can I help with the review of my patch? Hello Denis, First, thank you for your patience. I'm overwhelmed by... life, and these things take time, unfortunately. My review for your patch is the same as it is for https://sourceforge.net/p/sshpass/patches/13/, trying to add Duo support. If you look at those patches you will notice they are very very very similar, and for pretty much the same reason. I can summarize both as "ssh added another type of prompt, and we want sshpass to support it". That's not the way to go. To understand why, just think what would happen if I accepted your patch today. It will be about a month until Debian Sid would carry it, and quite a few more months until Ubuntu would. I have no idea how long it would take for other distros to pick it up. All of that is assuming I am immediately responsive. As you have experienced, that is hardly the case. I'm not against sshpass supporting totp, or duo, or any other ssh plugin. I'm against it supporting those plugins individually. Sshpass already have a "-P" option for telling it what prompt to look out for. I understand why that is not always a good enough solution, but if that's the case for you, I would like a patch that provides a solution that is good enough while also being generic. Not adding support to TOTP, but "adding support for two password prompts in a row" (or whatever the reason that -P doesn't satisfy your need). Let's go through the release cycle once and solve this for as many ssh plugins as we can. Shachar |
