Re: Entering a passphrase interactively in a runit script

From: Laurent Bercot <ska-supervision_at_skarnet.org>
Date: Fri, 27 May 2016 18:45:09 +0200

On 27/05/2016 18:29, Steve Litt wrote:
> 2) Have the daemon that needs to receive the password listen on a
> socket, and have a front end program (could be telnet) ask the human
> for the password. This could be expanded to provide other
> communication between the daemon and the human.

  That wouldn't work here: in the client-server model, the client is proactive
(it initiates the connection) and the server is reactive. Here, you want the
"server" to actively ask the user for something! Sure, you could have a
common ancestor script that spawns the daemon, waits for it to listen to the
socket, then spawns the interactive program, and the interactive program
connects to the socket. That's much more complex than you need.

  The traditional interface used in those cases is ssh-askpass. If DISPLAY
is defined, ssh-askpass pops up a window on the user's DISPLAY, asking for
a passphrase, and transmit the answer back to the calling program (via a
pipe, I suppose). If DISPLAY is unset, I'm not sure what it does, but
logically it should use the current terminal to interact with the user.
If there's no current terminal, welp, it can't do anything, so a daemon that
wants to use ssh-askpass should make sure it allocates a tty first.

-- 
  Laurent
Received on Fri May 27 2016 - 16:45:09 UTC

This archive was generated by hypermail 2.3.0 : Sun May 09 2021 - 19:44:19 UTC