ttyprompt

command module

v1.0.0 Latest Latest Go to latest Published: May 13, 2018 License: MIT Imports: 15 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/foxcpp/ttyprompt

Links

Open Source Insights

README ¶

ttyprompt

Ask for passwords on separate TTY to combat X11 keyloggers.

Yes, you may use Wayland but some people have reasons to stay with X.Org. If you have no idea what Wayland is - check it out and consider switching to it because this program is actually a dirty hack.

Installation

Install Golang toolchain (https://golang.ir/dl).

Included Makefile will take care of everything else:

$ make
# make install

As an additional security measure you may want to run ttyprompt as a separate user which will be only one member of ttyprompt:

# useradd -lMNr -s /sbin/nologin -g ttyprompt ttyprompt

To always run ttyprompt using this user account:

# chown ttyprompt /usr/local/bin/ttyprompt
# chmod u+s /usr/local/bin/ttyprompt

Build tags

Tag	Meaning
`nomlock`	Don't lock entire memory of process.
`nopinentry`	Disable pinentry mode support.

Usage

Simple Mode

Just run ttyprompt, entered password will be written to stdout.

There are some options you may want to use to customize dialog, see ttyprompt --help.

Polkit Agent Mode

Not implemeneted yet.

ssh-askpass

Set SSH_ASKPASS environment variable to /usr/local/bin/ttyprompt-ssh.

Note: Check out https://unix.stackexchange.com/a/83991 if you want to always use ttyprompt for SSH.

Note 2: setsid trick breaks group-only execution mode set on ttyprompt binary and scripts. To use it you should run the following command first:

chmod o+x /usr/local/bin/*ttyprompt*

sudo

ttyprompt-ssh works for sudo too:

export SSH_ASKPASS=/usr/local/bin/ttyprompt-ssh

Then use sudo -A instead of just sudo.

Pinentry Emulation Mode (GnuPG passphrase prompt)

Add pinentry-program /usr/local/bin/pinentry-ttyprompt to .gnupg/gpg-agent.conf. Make sure to restart gpg-agent: gpgconf --kill gpg-agent.

Room for improvement

Make prompt customizable in simple mode
Allow to select prompt TTY
Implement pinentry emulation mode
- Implement Assuan protocol wrappers
- Fix video driver permission error.
Use advisory locking on TTY to prevent race conditions.
ssh-askpass
Show "execution context" (parent process info, real UID/GID and similar)
Polkit agent emulation mode
- Polkit Authority interface wrapper
- PAM wrapper
Modularize build (disable/enable polkit/pinentry mode using build tags)
All remaining // TODO: in code
Clean up code

Security issues

Contact me privately via email (fox.cpp at disroot dot org). Use PGP encryption if possible.

License

As usual: ttyprompt is published under the terms of the MIT license. You can do anything as long as you keep copyright notice.

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
prompt
terminal

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL