[sudo-users] Password handling through remote SSH session
Todd C. Miller
Todd.Miller at sudo.ws
Fri Aug 23 14:00:31 MDT 2019
On Fri, 23 Aug 2019 12:32:50 -0600, Gabe Alford wrote:
> Correct me if I am wrong (probably am), but doesn't SUDO_ASKPASS have to be
> set on the remote host?
> Wouldn't that require the DISPLAY environment variable to be set if needing
> to have a graphical prompt?
It depends. The askpass program doesn't have to be graphical, it
just needs to be able to access the password in some way. It is
even possible to hard-code the password into a script that gets
created on the fly, but this means storing the password in plain-text
somewhere on the file system which is problematic.
> As I cannot guarantee that DISPLAY would be set or X allowing remote
> displays, would my only option
> then be to use something like Popen and sudo's -S option?
That is probably the simplest approach.
More information about the sudo-users