jctanner · July 15, 2020 16:59
diff --git a/test.log b/test.log
 # unpatched
 [jtanner@jtw530 AP-16894]$ timeout -s SIGKILL 5 /bin/sshpass -v ssh -i keys/testkey -tt testuser@el7host "sudo whoami"
 SSHPASS searching for password prompt using match "assword"
 SSHPASS read: Enter passphrase for key 'keys/testkey': 
 Killed
 [jtanner@jtw530 AP-16894]$ echo $?
 137

 # patched
 [jtanner@jtw530 AP-16894]$ sshpass -v ssh -i keys/testkey -tt testuser@el7host "sudo whoami"
 SSHPASS searching for password prompt using match "assword"
 SSHPASS read: Enter passphrase for key 'keys/testkey': 
 SSHPASS detected ssh key passphrase prompt. Exiting.
 [jtanner@jtw530 AP-16894]$ echo $?
 8
diff --git a/test.patch b/test.patch
 diff --git a/main.c b/main.c
 index ad6c0f7..426af5e 100644
 --- a/main.c
 +++ b/main.c
 @@ -49,6 +49,7 @@ enum program_return_codes {
     RETURN_INCORRECT_PASSWORD,
     RETURN_HOST_KEY_UNKNOWN,
     RETURN_HOST_KEY_CHANGED,
 +    RETURN_PASSPHRASE_REQUIRED,
 };
 
 // Some systems don't define posix_openpt
 @@ -377,6 +378,7 @@ int handleoutput( int fd )
     static int firsttime = 1;
     static const char *compare1=PASSWORD_PROMPT; // Asking for a password
     static const char compare2[]="The authenticity of host "; // Asks to authenticate host
 +    static const char compare3[]="assphrase for key "; // Asks to authenticate host
     // static const char compare3[]="WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!"; // Warns about man in the middle attack
     // The remote identification changed error is sent to stderr, not the tty, so we do not handle it.
     // This is not a problem, as ssh exists immediately in such a case
 @@ -427,6 +429,17 @@ int handleoutput( int fd )
         }
     }
 
 +    if( ret==0 ) {
 +        state2=match( compare3, buffer, numread, state2 );
 +
 +        // Are we being prompted to authenticate the host?
 +        if( compare3[state2]=='\0' ) {
 +            if( args.verbose )
 +                fprintf(stderr, "SSHPASS detected ssh key passphrase prompt. Exiting.\n");
 +            ret=RETURN_PASSPHRASE_REQUIRED;
 +        }
 +    }
 +
     return ret;
 }
	# unpatched
	[jtanner@jtw530 AP-16894]$ timeout -s SIGKILL 5 /bin/sshpass -v ssh -i keys/testkey -tt testuser@el7host "sudo whoami"
	SSHPASS searching for password prompt using match "assword"
	SSHPASS read: Enter passphrase for key 'keys/testkey':
	Killed
	[jtanner@jtw530 AP-16894]$ echo $?
	137

	# patched
	[jtanner@jtw530 AP-16894]$ sshpass -v ssh -i keys/testkey -tt testuser@el7host "sudo whoami"
	SSHPASS searching for password prompt using match "assword"
	SSHPASS read: Enter passphrase for key 'keys/testkey':
	SSHPASS detected ssh key passphrase prompt. Exiting.
	[jtanner@jtw530 AP-16894]$ echo $?
	8
	diff --git a/main.c b/main.c
	index ad6c0f7..426af5e 100644
	--- a/main.c
	+++ b/main.c
	@@ -49,6 +49,7 @@ enum program_return_codes {
	RETURN_INCORRECT_PASSWORD,
	RETURN_HOST_KEY_UNKNOWN,
	RETURN_HOST_KEY_CHANGED,
	+ RETURN_PASSPHRASE_REQUIRED,
	};

	// Some systems don't define posix_openpt
	@@ -377,6 +378,7 @@ int handleoutput( int fd )
	static int firsttime = 1;
	static const char *compare1=PASSWORD_PROMPT; // Asking for a password
	static const char compare2[]="The authenticity of host "; // Asks to authenticate host
	+ static const char compare3[]="assphrase for key "; // Asks to authenticate host
	// static const char compare3[]="WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!"; // Warns about man in the middle attack
	// The remote identification changed error is sent to stderr, not the tty, so we do not handle it.
	// This is not a problem, as ssh exists immediately in such a case
	@@ -427,6 +429,17 @@ int handleoutput( int fd )
	}
	}

	+ if( ret==0 ) {
	+ state2=match( compare3, buffer, numread, state2 );
	+
	+ // Are we being prompted to authenticate the host?
	+ if( compare3[state2]=='\0' ) {
	+ if( args.verbose )
	+ fprintf(stderr, "SSHPASS detected ssh key passphrase prompt. Exiting.\n");
	+ ret=RETURN_PASSPHRASE_REQUIRED;
	+ }
	+ }
	+
	return ret;
	}