FiSH Connection fails : mc freezing
Hans Peter Stroebel
hpstr at operamail.com
Sun Oct 7 13:40:58 UTC 2001
Am Sonntag, 7. Oktober 2001 10:44 schrieb Pavel Roskin:
Hi Pavel, Hi Pavel, ;-)
> > fish does not suuport password auth because ssh always reads passwd from
> > /ddev/tty. Fixssh to acceptt passwd from stdin, and we an fix mc.
>
> Actually, there is a good reason why ssh uses /dev/tty. The standard
> channels (stdout, stdin, stderr) are connected to the remote program and
> should be completely independent from the authentication. At least the
> recent versions of OpenSSH do it this way. You can do this:
>
> ssh prog <infile >outfile 2>errfile
I tried that; indeed, it is not possible to redirect SSH`s input/output sent
to /dev/tty.
On the other hand, I think it would not be necessary to make SSH accept all
input on it`s stdin, would it ? The passphrase should be sufficient.
I tried to examine the code of OpenSSH 2.3.0p1 and to insert an -I
switch, but it seems to be quite complicated to me.
BTW, who did "invent" this switch ? Google left me completely clueless.
However, the code in cli.c (precisely, the client function
"cli_read_passphrase") seems to have the possibilty to read even from stdin :
/*
* Presents a prompt and returns the response allocated with xmalloc().
* Uses /dev/tty or stdin/out depending on arg. Optionally disables echo
* of response depending on arg. Tries to ensure that no other userland
* buffer is storing the response.
*/
As one of the arguments a variable "from_stdin" is passed, but I did whether
figure out where this variable is set nor where it is defined, it seems to be
always 0.
Depending on the value of "from_stdin", the function "cli_open" seems to
return the file descriptors of /dev/tty or of stdin/stdout. I have no idea
yet if this behaviour, most probably depending on the value of "from_stdin"
and maybe "cli_input" and "cli_output" (initialized with -1) can be
influenced by an external application like mc _without_ hacking ssh, and if
it concerns only the initial operation of reading the password or _all_ of
SSH`s I/O.
If yes, this might help to solve the problem.
> It is possible to control /dev/tty of ssh if it's run in a pseudoterminal,
> similar to how MC runs the subshell. Still it will require that mc
I did not get SSH to allocate a pseudoterminal, it refuses if it is not the
controlling tty.
> interprets the output of ssh somehow. Maybe MC could capture all output
> until ssh runs the fish server _or_ asks for the password/passphrase, but
> I envision problems with making it secure and reliable.
I tried even to surpress SSH`s output of the password request, no success.
After having compiled it for about some 20 times, I gave up (for now...).
At least, I did not break the program with my first tries in C ;-)
However, I`m not sure if this could resolve the problem, as the password has
to be fed to SSH in the right moment anyway.
> Another solution would be to hide the panels and run ssh on the same tty
> as MC. The panels would be restored when the remote fish server answers.
> This would not be pretty, but it would completely eliminate the need to
> redirect /dev/tty and capture/feed anything.
How would this work ? I found no possibility to hide the panels temporarily ?
Hacking required ?
ciao,
Hans
--
Hans Peter Stroebel <hpstr at operamail.com>
Yes, I do. But not Yahoo.
More information about the mc
mailing list