NAME¶

kwalletaskpass — kwallet-based pass-phrase dialog for use with OpenSSH

SYNOPSIS¶

kwalletaskpass

[options] label

DESCRIPTION¶

kwalletaskpass is a kwallet- and pinentry-based pass-phrase dialog for use with OpenSSH. It is intended to be called from the ssh-add(1) programme and not invoked directly. If a passphrase is requested, kwalletaskpass works by first looking up the passphrase in the KWallet by means of kwalletcli(1); using it if found, then calling kwalletcli_getpin(1) to interactively retrieve an answer from the user via pinentry otherwise. If the user specifies a passphrase, kwalletcli_getpin(1) is run again to ask if the passphrase should be stored in the KWallet. Negative answers will be stored in the KWallet to avoid being asked each time. kwalletaskpass uses the KWallet folders kwalletaskpass and kwalletaskpass-blacklist with matching entry names. If anything other than a key passphrase is requested, it is merely relayed to kwalletcli_getpin(1). Some requests are known to require a boolean answer and are relayed using the boolean query flag; all others are relayed using a PIN query. ssh(1) accepts either the literal word “yes” (case-insensitively matched) or an empty answer (both only when using the OK button) as confirmation. There are currently no options.

RETURN VALUES¶

kwalletaskpass exits 0 on success, 1 if the user cancelled the dialogue, or >1 if an error occured.

ENVIRONMENT¶

DISPLAY

The X11 display to use for child processes. If this is unset or empty, kwalletcli will not be called.

PINENTRY

The pinentry programme to use. The default is inherited from kwalletcli_getpin(1).

SEE ALSO¶

kwalletcli(1), kwalletcli_getpin(1), ssh-add(1), ssh-askpass(1)

AUTHORS¶

kwalletaskpass was written by Thorsten Glaser ⟨tg@mirbsd.org⟩ mostly for tarent GmbH. The idea came from an askpass.C file found somewhere on the 'net, with no author information. Since it was licenced less freely, this is a rewrite from scratch; modular and with more functionality, too.