Ubuntu
openssh package

ssh-askpass-gnome pops up for every sudo command

Bug #2026307 reported by john doe
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openssh (Ubuntu)
New
Undecided
Unassigned
Jammy
Triaged
Undecided
Unassigned
Kinetic
Won't Fix
Undecided
Unassigned
Lunar
Won't Fix
Undecided
Unassigned

Bug Description

When running multiple commands like this:

SUDO_ASKPASS=/usr/lib/openssh/gnome-ssh-askpass sudo -A cp ./ez_bkup /usr/local/bin/

from my gtk4 app, the ssh-askpass-gnome dialog and the gnome inhibitShortcutsDialog pops up. i click allow on the inhibitShortcutsDialog, then enter my password, which is accepted, then they both pop up again for each of these sudo commands my app calls.

This happens in ubuntu 22.04-23.04 (completely updated) using gnome. If i use xfce in the same ubuntu versions, the gnome dialog doesn't pop up, of course, and ssh-askpass-gnome works properly (one entry and then all commands executed without further prompting). Fedora 37 works properly with gnome x11 or wayland, and xfce. Not sure if this is a bug in ubuntu's ssh-askpass-gnome, gnome-shell, or both/something else.

ubuntu 23.04 is using GNOME Shell 44.2 and ssh-askpass-gnome 1:9.0p1-1ubuntu8.2

fedora is using openssh-askpass-8.8p1-10.fc37 and GNOME Shell 43.6

thanks

See original description
john doe (itwrx)
description: updated
Revision history for this message
john doe (itwrx) wrote :

btw, if i sit there and click "allow" and enter the sudo password for every sudo command my app envokes, it will eventually process all of them. So, it's like the preference for the "inhibit shortcuts" dialog is not being saved, and the sudo auth is not being saved for the 15 min or whatever it's set for. I find it odd that both of these things would fail, but maybe one is interfering with the other.

Revision history for this message
Lena Voytek (lvoytek) wrote :

Thanks for the bug report. I tested this on my system and can confirm this is an issue in Jammy, Kinetic, Lunar, and Mantic. I found this issue noted on the gnome gitlab here too - https://gitlab.gnome.org/GNOME/seahorse/-/issues/352
Based on the comments in that issue I was able to come up with a workaround that fixes this bug by creating a desktop file for the program at ~/.local/share/applications/gnome-ssh-askpass.desktop and inserting the following:

[Desktop Entry]
Name=GNOME ssh-askpass
GenericName=ssh-askpass
Type=Application
Exec=/usr/lib/openssh/gnome-ssh-askpass
Terminal=false

Changed in openssh (Ubuntu):
status: New → Triaged
Changed in openssh (Ubuntu Jammy):
status: New → Triaged
Changed in openssh (Ubuntu Kinetic):
status: New → Triaged
Changed in openssh (Ubuntu Lunar):
status: New → Triaged
john doe (itwrx)
affects: openssh (Ubuntu) → gnome-shell (Ubuntu)
Changed in gnome-shell (Ubuntu):
status: Triaged → New
Revision history for this message
john doe (itwrx) wrote :

i didn't see your comment and i just changed the project to gnome-shell instead of openssh b/c it does the exact same thing when using seahorse as ssh-askpass provider instead of ssh-askpass-gnome. But i guess seahorse needs a desktop file too. :) thanks for the info and the workaround. will change back to openssh.

So will ubuntu get updates that add a desktop file for this package then? Should i open another issue for seahorse?

Revision history for this message
john doe (itwrx) wrote :

my mistake

affects: gnome-shell (Ubuntu) → openssh (Ubuntu)
Revision history for this message
john doe (itwrx) wrote :

adding the .desktop file and logging back in and re-running did not fix the issue for me with 23.04, unfortunately.

To be clear, my app is calling multiple of these commands and the bug is that one "allow" and one password entry are not enough. both dialogs pop up for each invocation of the SUOD_ASKPASS commands as if no gnome inhibitShortcuts preference or password were entered.

Revision history for this message
Lena Voytek (lvoytek) wrote :

Hmm, I tested the workaround on lunar too just to make sure and it works for me. After the .desktop file is created the inhibitShortcutsDialog will show up one more time. Notably the description of the dialog box will change to contain the Name entry for the desktop file - in this case "GNOME ssh-askpass" rather than the executable name "gnome-ssh-askpass". After clicking "allow" it shouldn't pop up ever again.

If it still has that name the Exec path may be wrong in the desktop file. Make sure it says "Exec=/usr/lib/openssh/gnome-ssh-askpass". Alternatively the local desktop file entry just might not be working and it may be worth adding the file to /usr/share/applications/ instead. This also works for me. Hope that helps, thanks!

Revision history for this message
john doe (itwrx) wrote :

Thanks for getting back. I refactored my application to use pkexec, so idk when i'll get around to testing this. Unfortunately, due to the super old policykit package in debian/ubuntu my app still doesn't work in ubuntu and probably won't support ubuntu until 23.10, assuming policykit-1 122 makes it in. Also, looks like it has some gtk4 bugs that don't happen in fedora. I'll see how 23.10 fairs. Just some volunteered data for the project. :)

Revision history for this message
Utkarsh Gupta (utkarsh) wrote :

Ubuntu 22.10 (Kinetic Kudu) has reached end of life, so this bug will not be fixed for that specific release.

Changed in openssh (Ubuntu Kinetic):
status: Triaged → Won't Fix
Revision history for this message
Brian Murray (brian-murray) wrote :

Ubuntu 23.04 (Lunar Lobster) has reached end of life, so this bug will not be fixed for that specific release.

Changed in openssh (Ubuntu Lunar):
status: Triaged → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.