add stuff to handle prompts

[lordmortis]

This handles host key prompting which doesn't work. I'm not sure if this is super robust, or if there are other unhandled prompts

[simmel]

Thank you for the contribution!

How do you trigger ssh-agent/ssh to ask this via ssh-askpass?

[lordmortis]

I was trying to ssh into a host I didn’t yet have a key for

[simmel]

Ah, I always get that prompt in the terminal but I found the SSH_ASKPASS_REQUIRE environment variable. So if SSH_ASKPASS_REQUIRE is set to prefer or force it will use SSH_ASKPASS to prompt.

Also if you don't have a tty, like when using ssh from a GUI application, it will force the use of SSH_ASKPASS.

I think this is the time when we implement #34 which would solve your problem (I'm pretty sure).

Could you put

    set text item delimiters to ", "
    display dialog system attribute as text

above if args ends with ": " or args ends with ":" then and paste the output here? I'm really only interested in the environment variables that start with SSH_.

[lordmortis]

This is using OCR so there may be misspellings :D

• SSH_AUTH_SOCK
• SSH_SK_PROVIDER
• SSH_ASKPASS_REQUIRE
• SSH_ASKPASS

[simmel]

Huh.. Do you set SSH_ASKPASS_REQUIRE yourself in ~/.profile, ~/.zshrc or else where?

Can you paste the output of ssh -V and sw_vers?

[lordmortis]

Sorry for the delay in replying.

I'm pretty sure this is due to the brew package (michaelroosz/ssh/libsk-libfido2-install, github) I installed to re-enable FIDO2 support on my macOS Sonoma machine

Those are being set in a launchctl:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Label</key>
    <string>com.mroosz.ssh_env_vars</string>
    <key>ProgramArguments</key>
    <array>
        <string>/bin/sh</string>
        <string>-c</string>
        <string>/bin/launchctl setenv SSH_ASKPASS /opt/homebrew/bin/ssh-askpass; /bin/launchctl setenv SSH_ASKPASS_REQUIRE force; /bin/launchctl setenv SSH_SK_PROVIDER /usr/local/lib/libsk-libfido2.dylib; /bin/launchctl stop com.openssh.ssh-agent; /bin/launchctl start com.openssh.ssh-agent; /bin/launchctl unsetenv SSH_ASKPASS_REQUIRE</string>
    </array>
    <key>RunAtLoad</key>
    <true/>
</dict>
</plist>

[simmel]

Interesting! From what I could understand from the openssh source code SSH_ASKPASS_REQUIRE is mostly used for FIDO keys so that makes sense.

I'll use your commit but improve on it to mimic what ssh(1) does.
Can you try out the code in the branch https://github.com/theseal/ssh-askpass/tree/host_key_prompt ?

[lordmortis]

So that's giving me a prompt with text entry:

but it does seem to work!

[simmel]

Yep! That's one of the features I added to your commit; that you can paste the fingerprint just like you can in the CLI version.

Thank you so much for your contribution!

[lordmortis]

No problem! thanks for making it better :D