[Swift-devel] askpass for command line ssh provider?

Michael Wilde wilde at mcs.anl.gov
Mon Jan 16 10:07:20 CST 2012


Was: Re: [Swift-devel] command line ssh provider...

After a bit more thought, it seems that enabling the ssh-cl provider to prompt for passwords is perhaps not a required feature.

We will for example need to access many systems that needs a one time password.

But its likely that such mechanisms need to be set up outside of Swift (or at least outside the main line of the provider), using agents or master channels, else the user would get multiple password prompts per endpoint.

For now, we can do this outside of Swift proper (ie in the various portals, ideally via scripts that we package in swift/bin which can be used by both command line users and by portal code).

Later we can consider if its reasonable to make the ssh-cl provider smart enough to invoke such channel or agent setup scripts automatically when needed.

- Mike



----- Original Message -----
> From: "Mihael Hategan" <hategan at mcs.anl.gov>
> To: "Michael Wilde" <wilde at mcs.anl.gov>
> Cc: "Ben Clifford" <benc at hawaga.org.uk>, "Swift Devel" <swift-devel at ci.uchicago.edu>
> Sent: Friday, January 13, 2012 6:09:18 PM
> Subject: Re: [Swift-devel] command line ssh provider...
> On Fri, 2012-01-13 at 18:00 -0600, Michael Wilde wrote:
> > Another good test is to access eg surveyor, and intrepid using an
> > OTP via ssh-cl.
> 
> A word of caution there: if the ssh client asks for the password on
> the
> command line (instead of through ssh-askpass or some other gui),
> things
> won't work very well. It might be possible to add some detection for
> that in the provider, but that's not a high priority given that there
> is
> a workaround (askpass).

-- 
Michael Wilde
Computation Institute, University of Chicago
Mathematics and Computer Science Division
Argonne National Laboratory




More information about the Swift-devel mailing list