[sudo-users] Password handling through remote SSH session

Todd C. Miller Todd.Miller at sudo.ws
Fri Aug 23 14:00:31 MDT 2019

On Fri, 23 Aug 2019 12:32:50 -0600, Gabe Alford wrote:

> Correct me if I am wrong (probably am), but doesn't SUDO_ASKPASS have to be
> set on the remote host?


> Wouldn't that require the DISPLAY environment variable to be set if needing
> to have a graphical prompt?

It depends.  The askpass program doesn't have to be graphical, it
just needs to be able to access the password in some way.  It is
even possible to hard-code the password into a script that gets
created on the fly, but this means storing the password in plain-text
somewhere on the file system which is problematic.

> As I cannot guarantee that DISPLAY would be set or X allowing remote
> displays, would my only option
> then be to use something like Popen and sudo's -S option?

That is probably the simplest approach.

 - todd

More information about the sudo-users mailing list