The overrides were not being passed to the askpass kitten.
And we dont need to support backward compatibility for secrets with no
backend, since this feature has never been released.
Motivation: Some environments disallow or do not reliably accept one-way
pubkey-only auth, or require keyboard-interactive password + TOTP. This adds an
optional, host-scoped automation via kitty's native askpass to reduce repetitive
manual entry while preserving the ssh kitten UX.
- Add auth_config.go to parse password/totp_* from ssh.conf by host block
- Ignore these keys in main ssh.conf parser to avoid bad-line warnings
- Pass host/user to askpass for host-aware lookup
- Auto-answer password and OTP prompts in askpass; fallback to UI otherwise
Security: Secrets in ssh.conf are plain text; users should enforce strict
permissions or avoid storing passwords if unacceptable. Only login password/OTP
prompts are auto-answered; passphrases and host key confirmations are not.
feat(ssh): add secret backend support for auth passwords and TOTP secrets
Introduce support for specifying secret backends in SSH auth config, currently supporting only the "text" backend for storing secrets directly. This allows for future extensibility while maintaining backward compatibility by treating values without a backend as "text:<value>".
The changes include new fields in AuthEntry for backends, updated parsing logic in lineHandler, error handling for invalid backends, and normalization for existing configs. A new parseBackendSecret function handles the parsing with validation.
Follow PEP 0394 and use /usr/bin/env python so that the python in the
users venv is respected. Not that the kitty python files are meant to be
executed standalone anyway, but, whatever.
Fixes#6810
kovidgoyal@5e645a7 fixes the password file creation, allowing it to be
unlinked, but read_data_from_shared_memory/1 rejects the shared object
if it is not read only, and will break the ssh kitten for all
platforms.
This change removes the read only check, relying only on the file
ownership check.
This fully fixes#5928
Signed-off-by: Loren Schlomer <me@schlomie.com>
It's easier to type, and cuter.
Also, most, if not all of the TUI parts of
kitty's kittens will eventually be re-written into kitten.
The only downside I can see is that we cant tab complete kitty
anymore, but hopefully there will be less reason to run kitty
from the shell as command line tools migrate to kitten.
Meowrrrr!!!
Fixing this involved adding a new mode to kitty where it handles
ctrl-c/z/q by sending signals to the tty foreground process group
instead of delegating to the kernel to do that. Since the pipe may be
full we have no way of knowing when the kernel will get around to
reading the signal byte. So send the signal ourselves.
Fixes#5271
