Closed eugenesvk closed 8 years ago
Thanks for the report! I'm surprised I did not / nobody noticed this before - and sorry for latency.
I do not use SSH_ASKPASS or similar - so did not test it. But agent forwarding and a simple script run via BINARY_SSH shows the environment being propagated correctly now, locale and X forwarding included.
If you could confirm this now works correctly, that'd be great. In the mean time, the bug has been closed.
Unfortunately, it doesn't work. When I have "personal": "-c",
option in my config files, ssh-ident silently ignores it (my guess is for the same reason — the vars aren't read) and just asks me to enter the password to the website directly even though the key is loaded properly All keys already loaded
When I launch an agent manually and manually add the same key with the -c
option (with export DISPLAY=localhost:0.0
and export SSH_ASKPASS=/usr/lib/git-core/git-gui--askpass
defined in my bash profile) it all works — the agent opens up the gui to ask for a confirmation.
Why does ssh-ident
clear the environment in the first place?
I'm using
ssh-add -c
flag to confirm every use of my ssh keys. To get a GUI yes/no confirmation, I've installed a little script ssh-askpass that creates a simple XQuartz window. Now, on OSX all that is required is to place this script in the right place in/usr/X11R6/bin/ssh-askpass
where ssh-agent is able to find it automatically. However, it's also possible to set$SSH_ASKPASS
environment variable pointing to the script ($DISPLAY
also has to be set). This second option is something that I'm using on Windows with MSYS2 (where instead of ssh-askpass, where I'm using the default git script (git-gui--askpass
) to spawn a GUI window.It works wonderfully in both environments, however it all breaks when I use
ssh-ident
instead ofssh
. As far as I understand it, at the momentssh-agent
is spawned, it must have access to either the default path or to the path set by$SSH_ASKPASS
(and also$DISPLAY
). If it does, all subsequent calls will respect the-c
flag, spawn a new confirmation window, wait for it and pass the ssh key (or not) depending on the button you click in that window. Now, since your script spawns agents in subprocess calls, they don't have access to these default paths or environment variables andssh-agent
doesn't know it can spawn a GUI window, so it just ignores the-c
flag and never passes an ssh key. Would you please adjust your subprocess routines so thatssh-agent
would have access to those two variables (and either allow user to set them separately or read them from the default environment beforehand, and if unset try to read/usr/X11R6/bin/ssh-askpass
which seems to be the default path on OSX)?OSX 10.11.3 or Win10 with MSYS2