ssh private key password

Callum Lerwick seg at haxxed.com
Fri Jan 9 16:19:12 UTC 2009


On Fri, 2009-01-09 at 09:16 -0500, John W. Linville wrote:
> On Thu, Jan 08, 2009 at 05:59:57PM -0500, Jesse Keating wrote:
> > On Thu, 2009-01-08 at 23:42 +0100, nodata wrote:
> > > 
> > > No, I'm just getting annoyed that a GUI is popping up when I am using a
> > > command line app. Not sure of the point of it, it seems counter
> > > intuitive.
> > 
> > You're using a command line app from a graphical terminal.
> 
> I'm not sure I see your point.  Changing focus to another window just
> to type a passphrase seems at best to add zero benefit and at worst
> to provide surprise and distraction.  What is the benefit?

http://man.root.cz/1/gnome-ssh-askpass/

gnome-ssh-askpass will lock keyboard focus to its window, preventing
focus stealing and key logging attacks from other X clients. It also
aborts if it fails to gain a lock on the keyboard. Try starting two
copies of gnome-ssh-askpass at the same time, and see what happens:

$ /usr/libexec/openssh/gnome-ssh-askpass&/usr/libexec/openssh/gnome-ssh-askpass

Seems to me it's much preferable to use gnome-ssh-askpass if you're in
X, even in xterms.

(Getting real sick of these "I vote to change default functionality
because I find it aesthetically displeasing and clearly I know better
than the people who designed and implemented the functionality"
threads.)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20090109/491168a7/attachment.sig>


More information about the fedora-devel-list mailing list