Re: [Sshpass-devel] Added support for entering TOTP; changing attempts entering password

[Shachar S. <sh...@sh...>]

On 13/07/2021 3:26, Halturin Denis wrote:
> Hello, Shachar
>
> There is no task here to support some N-plugins for two-factor 
> authorization via ssh.
> The patch allows sshpass to work so that the utility can correctly 
> process not only the password,
> but also two-factor authorization. At the moment, the -P key does not 
> solve this problem,
> since it will only change the Prompt to which you need to respond.
>
> The implementation in the patch allows you to respond to both Prompt 
> for password and Prompt for
> two-factor authorization simultaneously / sequentially (it does not 
> matter Duo or MFA/TOTP from Google plugin).
>
> It does not matter how soon the release gets into Debian/Ubuntu and 
> other distributions,
> it is important that you understand that the added keys expand the 
> functionality of sshpass
> and you can enter a two-factor authorization code regardless of the 
> type of plugin (duo/totp/etc).
>
> I really ask you, please review the patch again, delve into the 
> essence of the issue being solved.
>
> Denis
>
The core issue you're trying to solve is what happens when a single 
connection requires two password prompts to answer. That can happen for 
a variety of reasons.

But if two prompts are possible, so are three and four. For example, one 
reason to have two prompts is if you need to use the ssh Proxy option 
(the -P option to ssh) to tunnel through one host to reach a second. But 
if two hops proxy is possible, so are 15.

So, rather than accept a patch that allows SSH to handle *two* prompts, 
I'd rather have an option in place handling any number of prompts.

Something along the lines of a single option *that I can give multiple 
times* that says "answer this prompt with this password".

I hope what I had in mind was clearer.

Shachar