Password handling through remote SSH session
Simon McVittie
smcv at collabora.com
Wed Aug 14 18:49:52 UTC 2019
On Wed, 14 Aug 2019 at 12:05:41 -0600, Gabe Alford wrote:
> I have a QT application that logs into a remote machine through SSH. I plan on
> using polkit in some way for privileged access to admin commands that are not
> services. I want to be able to handle both password-less and password
> authentication in polkit. What's the best way of handling a password prompt
> remotely with polkit?
The app will need to run a polkit agent at the remote end so that it can
answer polkit requests. Polkit agents are implemented using the
polkit-agent-1 library.
Normally, a polkit agent is a GUI thing, and typically each
desktop environment has one; when asked for a password, it asks
the user for a password, waits for their response, and sends the
password as a response to the request. There's a simple agent,
pkttyagent(1), in the polkit source code: it uses the tty instead of a
GUI. https://github.com/lxqt/lxqt-policykit is one implementation in Qt.
In your case, instead of asking the user, the polkit agent will have
to ask your Qt application (perhaps via a Unix socket forwarded through
the ssh connection), which can do whatever it wants to do (perhaps asking
the GUI user) and send back an appropriate password.
smcv
More information about the polkit-devel
mailing list