gnome-ssh-askpass

gnome-ssh-askpass [prompt]

gnome-ssh-askpass is a utility from the GNOME desktop environment that displays a graphical dialog for entering SSH passphrases or passwords. It serves as a backend for OpenSSH's SSH_ASKPASS mechanism, allowing tools like ssh-add and ssh-agent to prompt users visually when no terminal is available, such as in X11/Wayland sessions or automated scripts.

Typically invoked indirectly by SSH when SSH_ASKPASS points to its path (e.g., /usr/bin/gnome-ssh-askpass), it receives a prompt string as its sole argument, like 'Enter passphrase for /home/user/.ssh/id_rsa:'. The GTK-based dialog features a label with the prompt, a password entry field, and OK/Cancel buttons. Upon entering the secret and confirming, it prints the passphrase to stdout and exits with code 0; cancellation exits with 1.

This enables seamless SSH key management in graphical desktops, such as loading keys on login via ~/.xinitrc or desktop session scripts. It respects GTK themes for native look and feel.

While simple and effective, it assumes a running display server and is not suited for servers or secure multi-user environments due to potential visibility of the dialog.

Requires GTK, X11 or Wayland; fails in headless/TTY-only environments.
GUI exposes passphrase entry to screen capture or shoulder surfing.
Not for high-security or multi-user systems.

export SSH_ASKPASS=/usr/bin/gnome-ssh-askpass
ssh-add ~/.ssh/id_rsa

A dialog pops up for the passphrase.

SSH_ASKPASS: Path to askpass executable.
DISPLAY: X11 display (auto-detected).
SSH_ASKPASS_REQUIRE: Controls invocation conditions.

Developed in late 1990s/early 2000s as part of GNOME 1.x/2.x utilities for desktop SSH integration. Included in gnome-utils/gnome-core packages. Persists in modern distros via gnome-keyring or standalone, but largely superseded by gnome-keyring-ssh-askpass and agent forwarding.

ssh-add(1), ssh-agent(1), ssh(1), gnome-keyring-daemon(1), seahorse(1)