Password handling through remote SSH session

[Gabe Alford]

On Wed, Aug 14, 2019 at 12:49 PM Simon McVittie <smcv at collabora.com> wrote:

> On Wed, 14 Aug 2019 at 12:05:41 -0600, Gabe Alford wrote:
> > I have a QT application that logs into a remote machine through SSH. I
> plan on
> > using polkit in some way for privileged access to admin commands that
> are not
> > services. I want to be able to handle both password-less and password
> > authentication in polkit. What's the best way of handling a password
> prompt
> > remotely with polkit?
>
> The app will need to run a polkit agent at the remote end so that it can
> answer polkit requests. Polkit agents are implemented using the
> polkit-agent-1 library.
>
> Normally, a polkit agent is a GUI thing, and typically each
> desktop environment has one; when asked for a password, it asks
> the user for a password, waits for their response, and sends the
> password as a response to the request. There's a simple agent,
> pkttyagent(1), in the polkit source code: it uses the tty instead of a
> GUI. https://github.com/lxqt/lxqt-policykit is one implementation in Qt.
>
> In your case, instead of asking the user, the polkit agent will have
> to ask your Qt application (perhaps via a Unix socket forwarded through
> the ssh connection), which can do whatever it wants to do (perhaps asking
> the GUI user) and send back an appropriate password.
>

Thanks for the response!

It sounds like pkttyagent is the way to go as I don't want to have to set
DISPLAY
settings on the remote host. Will look at lxqt-policykit as well as having
the polkit
agent ask the QT application instead of the user directly.



>     smcv
> _______________________________________________
> polkit-devel mailing list
> polkit-devel at lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/polkit-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/polkit-devel/attachments/20190821/998432fb/attachment.html>