[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: ssh private key password



On Fri, Jan 09, 2009 at 10:19:12AM -0600, Callum Lerwick wrote:
> On Fri, 2009-01-09 at 09:16 -0500, John W. Linville wrote:
> > On Thu, Jan 08, 2009 at 05:59:57PM -0500, Jesse Keating wrote:
> > > On Thu, 2009-01-08 at 23:42 +0100, nodata wrote:
> > > > 
> > > > No, I'm just getting annoyed that a GUI is popping up when I am using a
> > > > command line app. Not sure of the point of it, it seems counter
> > > > intuitive.
> > > 
> > > You're using a command line app from a graphical terminal.
> > 
> > I'm not sure I see your point.  Changing focus to another window just
> > to type a passphrase seems at best to add zero benefit and at worst
> > to provide surprise and distraction.  What is the benefit?
> 
> http://man.root.cz/1/gnome-ssh-askpass/
> 
> gnome-ssh-askpass will lock keyboard focus to its window, preventing
> focus stealing and key logging attacks from other X clients. It also
> aborts if it fails to gain a lock on the keyboard. Try starting two
> copies of gnome-ssh-askpass at the same time, and see what happens:
> 
> $ /usr/libexec/openssh/gnome-ssh-askpass&/usr/libexec/openssh/gnome-ssh-askpass
> 
> Seems to me it's much preferable to use gnome-ssh-askpass if you're in
> X, even in xterms.

That could be -- the key logging point seems worthwhile.  Thanks for
the explanation.
 
> (Getting real sick of these "I vote to change default functionality
> because I find it aesthetically displeasing and clearly I know better
> than the people who designed and implemented the functionality"
> threads.)

I suspect some of us are a bit sick of the indignation we get from
others who don't think we should bother asking questions of them
because clearly they know best...just sayin'...

John
-- 
John W. Linville
linville redhat com


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]