Support password authentication without `sshpass` binary (use `SSH_ASKPASS`)
clue opened this issue · 0 comments
We should support password authentication without requiring the additional sshpass
binary. The binary works perfectly fine, however it is non-standard and requires an explicit installation like this on Debian/Ubuntu-based systems:
$ sudo apt install ssh-askpass
As an alternative, we should be able to set the SSH_ASKPASS
environment when launching the ssh
binary:
$ SSH_ASKPASS="echo foo" ssh user@example.com
Special care still needs to be taken to not leak the password to the process list. On top of this, we may have to set SSH_ASKPASS_REQUIRE=force
(available as of OpenSSH 8.4 released 2020-09-27) or resort to setting additional environment variables to control this behavior (https://unix.stackexchange.com/questions/125427/force-ssh-to-always-use-ssh-askpass).
I'm not currently working on this myself, but figured it makes sense to post here anyway. If you need this for a commercial project and you want to help sponsor this feature, feel free to reach out and I'm happy to take a look. PRs are also welcome 👍