Created
June 11, 2023 19:10
-
-
Save astr0n8t/8214b13bccbbd70b625244c2822facf3 to your computer and use it in GitHub Desktop.
Custom ssh-askpass wrapper for macOS using pinentry-mac
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # Can enable check to enable keychain | |
| # I've disabled this by default | |
| # It only needs to run once | |
| CHECK_KEYCHAIN_ENABLE=1 | |
| if [ $CHECK_KEYCHAIN_ENABLE -eq 0 ] | |
| then | |
| USE_KEYCHAIN=$(defaults read org.gpgtools.common UseKeychain) | |
| if [ $USE_KEYCHAIN -eq 0 ] | |
| then | |
| defaults write org.gpgtools.common UseKeychain -bool yes | |
| fi | |
| DISABLE_KEYCHAIN=$(defaults read org.gpgtools.common DisableKeychain) | |
| if [ $DISABLE_KEYCHAIN -eq 1 ] | |
| then | |
| defaults write org.gpgtools.common DisableKeychain -bool no | |
| fi | |
| fi | |
| # We want to ignore confirmations for user presence | |
| if [[ "$1" == "Confirm user presence"* ]] | |
| then | |
| echo | |
| else | |
| # See if we can get the hash of the key | |
| # that we want the password for | |
| # (this enables keychain option support) | |
| HASHTYPE=$(echo $1 | awk -F':' '{print $1}') | |
| if [[ "$HASHTYPE" == *"SHA256" ]] | |
| then | |
| # Grab the actual hash | |
| SHA256=$(echo $1 | awk -F':' '{print $2}') | |
| PROMPT="SETDESC $1\nOPTION allow-external-password-cache\nSETKEYINFO $SHA256\nGETPIN" | |
| else | |
| # Otherwise don't include the keyinfo | |
| PROMPT="SETDESC $1\nGETPIN" | |
| fi | |
| # Prompt the user for their pin | |
| PIN=$(echo -e $PROMPT | pinentry-mac | grep D | tr -d '\n') | |
| # Return the pin to ssh-agent starting after 'D ' | |
| echo "${PIN:2}" | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment