Cocoa mail archive
Re: SSH Wrapper
FROM : Jens Alfke
DATE : Wed Jun 25 23:28:17 2008
On 25 Jun '08, at 2:01 PM, Kevin Ferguson wrote:
> I am, however, running into a problem. I have my task set up to go.
> The issue I'm running into is that SSH obviously requires a password
> authentication. Reading though the SSH man page, I can't find a flag
> that lets you specify a password in the initial command.
Right, because putting passwords on the command line is a security
hole — the command line is visible to other users and processes on
that machine using the "ps" command or equivalent API.
> There doesn't appear to be any way to make my application wait for
> the password prompt, either.
If you connect an NSOutputStream to the NSTask's stdin, you can write
to that stream and it'll be read by the task. You don't have to wait;
the task won't read the input until it's ready for it.
However, trying to wrap around the 'ssh' tool is kind of complex and
error-prone. For example, there are other prompts that the tool might
make, and in some modes it doesn't read a password at all (like if the
user already has a cert installed on the target machine.)
You might consider using the libssh2 library instead <http://www.libssh2.org/wiki/index.php/Main_Page
>.
—Jens
DATE : Wed Jun 25 23:28:17 2008
On 25 Jun '08, at 2:01 PM, Kevin Ferguson wrote:
> I am, however, running into a problem. I have my task set up to go.
> The issue I'm running into is that SSH obviously requires a password
> authentication. Reading though the SSH man page, I can't find a flag
> that lets you specify a password in the initial command.
Right, because putting passwords on the command line is a security
hole — the command line is visible to other users and processes on
that machine using the "ps" command or equivalent API.
> There doesn't appear to be any way to make my application wait for
> the password prompt, either.
If you connect an NSOutputStream to the NSTask's stdin, you can write
to that stream and it'll be read by the task. You don't have to wait;
the task won't read the input until it's ready for it.
However, trying to wrap around the 'ssh' tool is kind of complex and
error-prone. For example, there are other prompts that the tool might
make, and in some modes it doesn't read a password at all (like if the
user already has a cert installed on the target machine.)
You might consider using the libssh2 library instead <http://www.libssh2.org/wiki/index.php/Main_Page
>.
—Jens
| Related mails | Author | Date |
|---|---|---|
| SSH Wrapper |
Kevin Ferguson | Jun 25, 23:01 |
| Re: SSH Wrapper |
Jens Alfke | Jun 25, 23:28 |
| Re: SSH Wrapper |
Stephen J. Butler | Jun 25, 23:33 |
| Re: SSH Wrapper |
Hamish Allan | Jun 26, 00:51 |
