Hi,
Couple of comments inline.
On Sun, Jul 21, 2013 at 03:16:28AM +0200, Alexander Hall wrote:
> This is an attempt to make the ssh-* man pages more exact regarding
> SSH_ASKPASS, when used for ssh-agent key confirmation.
>
> The point I'm making is that the relevant SSH_ASKPASS environment
> variable is not that of ssh-add(1) (apart from when ssh-add is actually
> asking for a passphrase).
>
> On a sidenote, I think I'd prefer a 'SSH_CONFIRM' variable or somesuch
> (falling back to SSH_ASKPASS), but maybe we don't want to pollute the
> environment any further.
>
> /Alexander
>
>
> Index: ssh-add.1
> ===================================================================
> RCS file: /cvs/src/usr.bin/ssh/ssh-add.1,v
> retrieving revision 1.58
> diff -u -p -r1.58 ssh-add.1
> --- ssh-add.1 3 Dec 2012 08:33:02 -0000 1.58
> +++ ssh-add.1 21 Jul 2013 01:09:49 -0000
> @@ -84,14 +84,10 @@ to work.
> The options are as follows:
> .Bl -tag -width Ds
> .It Fl c
> -Indicates that added identities should be subject to confirmation before
> +Indicates that
> +.Xr ssh-agent 1
> +should ask for confirmation before added identities are
> being used for authentication.
^^^^^
Zap "being" from above.
> -Confirmation is performed by the
> -.Ev SSH_ASKPASS
> -program mentioned below.
> -Successful confirmation is signaled by a zero exit status from the
> -.Ev SSH_ASKPASS
> -program, rather than text entered into the requester.
> .It Fl D
> Deletes all identities from the agent.
> .It Fl d
> Index: ssh-agent.1
> ===================================================================
> RCS file: /cvs/src/usr.bin/ssh/ssh-agent.1,v
> retrieving revision 1.53
> diff -u -p -r1.53 ssh-agent.1
> --- ssh-agent.1 21 Nov 2010 01:01:13 -0000 1.53
> +++ ssh-agent.1 21 Jul 2013 01:09:49 -0000
> @@ -161,6 +161,18 @@ Later
> .Xr ssh 1
> looks at these variables and uses them to establish a connection to the
> agent.
> .Pp
> +If confirmation before using a key is requested by
> +.Xr ssh-add 1 ,
> +it is performed by the program specified in the
> +.Ev SSH_ASKPASS
> +environment variable, or
> +.Xr ssh-askpass 1
> +if
> +.Ev SSH_ASKPASS
> +is not set.
> +Successful confirmation is signaled by a zero exit status, and that the
^^^^
Maybe drop the "that" from above.
> +first line of the program's output is empty or the string "yes".
> +.Pp
However, the sentence still reads awkwardly. Are you trying to
say the requirement is:
if (an_exit_status == 0 &&
(output_string == "" || output_string == "yes"))
If so, maybe a better wording would be:
Successful confirmation is signaled by a zero exit status,
and the first line of the program's output SHOULD be either
empty or the string "yes."
--patrick
> The agent will never send a private key over its request channel.
> Instead, operations that require a private key will be performed
> by the agent, and the result will be returned to the requester.
> Index: ssh_config.5
> ===================================================================
> RCS file: /cvs/src/usr.bin/ssh/ssh_config.5,v
> retrieving revision 1.166
> diff -u -p -r1.166 ssh_config.5
> --- ssh_config.5 27 Jun 2013 14:05:37 -0000 1.166
> +++ ssh_config.5 21 Jul 2013 01:09:49 -0000
> @@ -286,7 +286,7 @@ will cause ssh
> to listen for control connections, but require confirmation using the
> .Ev SSH_ASKPASS
> program before they are accepted (see
> -.Xr ssh-add 1
> +.Xr ssh-agent 1
> for details).
> If the
> .Cm ControlPath
>
