-
Notifications
You must be signed in to change notification settings - Fork 1
/
ssh-askpass
executable file
·66 lines (54 loc) · 1.77 KB
/
ssh-askpass
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
#!/bin/sh
# This script is run by ssh-agent for keys marked for confirmation
# (ie: added with ssh-add -c)
STAMP_DIR=${HOME}/tmp
ME=${STAMP_DIR}/ssh-askpass-$$
IT=${STAMP_DIR}/ssh-agent-auth
if [ -z "${_SSH_KEYFILE}" ] ; then
FN=$( echo "$@" | awk '{print $NF;}' )
else
FN=${_SSH_KEYFILE##*/}
fi
LOG=${HOME}/tmp/ssh-askpass.log
trace() {
NOW=$( date )
echo "[ssh-askpass-$$] ${NOW} $*" >> "${LOG}"
}
trace "called: $0 $*"
# mark the arrival time of the confirmation request
# we compare the mtime of this file against and adjacent
# file. this adjcacent file gets updated by a UI prompt
mkdir -p "${STAMP_DIR}"
START=$(date +%s)
touch "${ME}"
trace "$FN"
# check to see if global or key-specific override markers exist
if [ -f "${HOME}/tmp/ssh-askpass-defeat" ] || \
[ -f "${HOME}/tmp/ssh-askpass-defeat-${FN}" ] ; then
reattach-to-user-namespace terminal-notifier -title SSH -subtitle "Automatic use of ssh-agent" -group ssh-askpass -message "${FN}" >/dev/null 2>&1
trace "not asking for confirmation owing to defeat file"
rm -f "${ME}"
exit 0
fi
# loop over a sleep whilst waiting to see if the 'other' file
# has been updated
reattach-to-user-namespace terminal-notifier -title SSH -subtitle "Allow use of ssh-agent?" -group ssh-askpass -message "${FN}" -sound Tink -execute "${HOME}/bin/ssh-agent-auth" >/dev/null 2>&1
# shellcheck disable=3013
while [ "${ME}" -nt "${IT}" ] ; do
sleep 0.5
NOW=$(date +%s)
DELTA=$(( (NOW - START) % 10 ))
if [ ${DELTA} -eq 0 ] ; then
trace "nudge"
fi
# decline the request if told to
if [ -f "${HOME}/tmp/ssh-askpass-decline" ] ; then
rm "${HOME}/tmp/ssh-askpass-decline"
trace "decline"
exit 1
fi
done
rm -f "${ME}"
reattach-to-user-namespace terminal-notifier -remove ALL >/dev/null 2>&1
trace "accept"
exit 0