[sudo-users] Password handling through remote SSH session
Gabe Alford
redhatrises at gmail.com
Fri Aug 23 12:32:50 MDT 2019
On Wed, Aug 14, 2019 at 1:09 PM Todd C. Miller <Todd.Miller at sudo.ws> wrote:
> On Wed, 14 Aug 2019 12:10:20 -0600, Gabe Alford wrote:
>
> > I have a QT application that logs into a remote machine through SSH. I
> need
> > to handle password authentication in sudo to run administrative commands.
> > What's the best way of handling a password prompt remotely with sudo? I
> > would like to have the QT application just pass the password to sudo in
> > some way so there is still human interaction involved. Just not sure what
> > is the best way or if there is a programatic way.
>
> One option would be to use sudo's -S option that reads the passsword
> from the standard input instead of /dev/tty.
>
> However, if you can make use of the "askpass" method that is probably
> better. To do this, you set the SUDO_ASKPASS environment variable
> to the path of a helper program and run sudo with the -A flag. If
> a password is required, sudo will run the helper program specified
> in SUDO_ASKPASS as the invoking user.
>
> The helper receives the prompt as its only argument and it should
> write the password to the standard output. This is similar to the
> ssh askpass functionality and the same helper program should work
> with either one.
>
Sorry for the delayed response. Got distracted with other assignments.
Correct me if I am wrong (probably am), but doesn't SUDO_ASKPASS have to be
set on the remote host?
Wouldn't that require the DISPLAY environment variable to be set if needing
to have a graphical prompt?
As I cannot guarantee that DISPLAY would be set or X allowing remote
displays, would my only option
then be to use something like Popen and sudo's -S option?
Asking out of my own ignorance of all the ways to use and configure sudo.
> - todd
>
More information about the sudo-users
mailing list