[sudo-users] Password handling through remote SSH session
Todd C. Miller
Todd.Miller at sudo.ws
Wed Aug 14 13:09:44 MDT 2019
On Wed, 14 Aug 2019 12:10:20 -0600, Gabe Alford wrote:
> I have a QT application that logs into a remote machine through SSH. I need
> to handle password authentication in sudo to run administrative commands.
> What's the best way of handling a password prompt remotely with sudo? I
> would like to have the QT application just pass the password to sudo in
> some way so there is still human interaction involved. Just not sure what
> is the best way or if there is a programatic way.
One option would be to use sudo's -S option that reads the passsword
from the standard input instead of /dev/tty.
However, if you can make use of the "askpass" method that is probably
better. To do this, you set the SUDO_ASKPASS environment variable
to the path of a helper program and run sudo with the -A flag. If
a password is required, sudo will run the helper program specified
in SUDO_ASKPASS as the invoking user.
The helper receives the prompt as its only argument and it should
write the password to the standard output. This is similar to the
ssh askpass functionality and the same helper program should work
with either one.
More information about the sudo-users