gnome-ssh-askpass

gnome-ssh-askpass [options]
Note: Typically invoked automatically by SSH clients when the SSH_ASKPASS environment variable is set, often without explicit arguments. Standard GTK options are supported but rarely used in practice.

gnome-ssh-askpass is a graphical utility designed to securely prompt the user for an SSH passphrase in environments where a terminal (TTY) is not available, such as within a graphical desktop session. It serves as a visual alternative to the standard command-line passphrase prompts.

This tool is typically invoked automatically by SSH clients (like ssh or ssh-add) when they require a passphrase for a key but detect that the DISPLAY environment variable is set (indicating a graphical environment) and the SSH_ASKPASS environment variable points to gnome-ssh-askpass.

When executed, it displays a modal dialog box asking the user to enter the passphrase for their SSH key. This ensures that sensitive passphrase information is entered directly into a secure GUI prompt rather than being echoed on a potentially compromised terminal or script. It is an integral component of the GNOME desktop's integration with SSH, providing a seamless user experience for managing SSH keys.

• Graphical Environment Required: gnome-ssh-askpass relies on a graphical display. It will not function in a purely command-line or TTY environment, as it requires the DISPLAY environment variable to be set.
• Environment Variable Dependency: Its automatic invocation by ssh or ssh-add depends on the SSH_ASKPASS environment variable being correctly set to the full path of the executable.
• Security Context: While providing a secure graphical prompt, users should ensure the desktop environment itself is secure. Always verify the authenticity of the prompt before entering sensitive information.

When ssh or ssh-add needs a passphrase and a TTY is unavailable (e.g., in a background script or a GUI application), it checks the SSH_ASKPASS environment variable. If set, it executes the program specified by this variable, piping the prompt message to its standard input. gnome-ssh-askpass then reads this message, displays a graphical dialog, and returns the entered passphrase to standard output.

Like most GNOME applications, gnome-ssh-askpass supports standard GTK toolkit options (e.g., --display, --no-gtkrc, --g-fatal-warnings) which can affect its appearance or behavior, though these are rarely used in its typical automated invocation.

gnome-ssh-askpass emerged as part of the GNOME desktop environment's efforts to provide a more integrated and user-friendly experience for common system tasks, including SSH key management. It was developed to offer a graphical alternative to the default terminal-based passphrase prompts, making the process of adding keys to ssh-agent or connecting via SSH more intuitive for users within a desktop session. Its development has mirrored the evolution of the GNOME project itself, ensuring compatibility and aesthetic consistency with the wider desktop environment.

ssh(1), ssh-agent(1), ssh-add(1), ssh-askpass(1)