table of contents
- trixie 3.03-1+b1
- testing 3.03-1+b1
- unstable 3.03-1+b1
- experimental 3.04beta-1
| KWALLETASKPASS(1) | General Commands Manual | KWALLETASKPASS(1) |
NAME¶
kwalletaskpass —
kwallet-based pass-phrase dialog for use with
OpenSSH
SYNOPSIS¶
kwalletaskpass |
[options] label |
DESCRIPTION¶
kwalletaskpass is a kwallet- and
pinentry-based pass-phrase dialog for use with OpenSSH. It is intended to be
called from the ssh-add(1) program and not invoked
directly.
If a passphrase is requested,
kwalletaskpass works by first looking up the
passphrase in the KWallet by means of kwalletcli(1); using
it if found, then calling kwalletcli_getpin(1) to
interactively retrieve an answer from the user via
pinentry otherwise. If the user specifies a
passphrase, kwalletcli_getpin(1) is run again to ask if
the passphrase should be stored in the KWallet. Negative answers will be
stored in the KWallet to avoid being asked each time.
kwalletaskpass uses the KWallet folders
kwalletaskpass and
kwalletaskpass-blacklist with matching entry
names.
If anything other than a key passphrase is requested, it is merely relayed to kwalletcli_getpin(1). Some requests are known to require a boolean answer and are relayed using the boolean query flag; all others are relayed using a PIN query. ssh(1) accepts either the literal word “yes” (case-insensitively matched) or an empty answer (both only when using the OK button) as confirmation.
There are currently no options.
RETURN VALUES¶
kwalletaskpass exits 0 on success, 1 if
the user cancelled the dialogue, or >1 if an error occurred.
ENVIRONMENT¶
DISPLAY- The X11 display to use for child processes. If this is unset or empty,
kwalletcliwill not be called. PINENTRY- The
pinentryprogram to use. The default is inherited from kwalletcli_getpin(1).
kwalletaskpass requires a UTF-8 locale;
should such not be set, it will forcibly switch the locale
(LC_CTYPE, possibly
LC_ALL) to
“C.UTF-8”.
SEE ALSO¶
kwalletcli(1), kwalletcli_getpin(1), ssh-add(1), ssh-askpass(1)
AUTHORS¶
kwalletaskpass was written by
mirabilos initially for tarent GmbH, but is now
developed independently. The idea came from an
askpass.C file found on the internet, with no author
information. This is a rewrite from scratch, licenced more freely, modular,
and with more functionality.
CAVEATS¶
kwalletaskpass relies on string matching
on its label argument to determine both whether to
store the query in the wallet and whether to use boolean or password input
modes for the query. The strings provided match those chosen by, possibly an
older version of, OpenSSH in the “C”
locale.
| December 14, 2025 | Nixpkgs |