Seems ignoring SSH_ASKPASS variable

[bergentroll]

virt-manager seems ignoring SSH_ASKPASS environment variable that points to alternative askpass location.

virt-manger version is 2.2.1.

[crobinso]

Thanks for the report. We don't do anything with askpass manually FWIW

Are you seeing this when connecting to remote qemu, or do a remote VM VNC/SPICE console?
What's the libvirt URI you are using? (you can see it in Edit->Connection Details)

[bergentroll]

When I am trying to connect to e.g. qemu+ssh://user@server-name/system I am getting exception you can see below. Therefore SSH_ASKPASS pointed to /usr/bin/ksshaskpass. It seems reasonable for me to respect this variable. But seems it should be addressed to libvirt, right?

Unable to connect to libvirt qemu+ssh://user@librecmc/system.

Configure SSH key access for the remote host, or install an SSH askpass package locally.

Libvirt URI is: qemu+ssh://user@librecmc/system

Traceback (most recent call last):
  File "/usr/share/virt-manager/virtManager/connection.py", line 956, in _do_open
    self._backend.open(connectauth.creds_dialog, self)
  File "/usr/share/virt-manager/virtinst/connection.py", line 172, in open
    conn = libvirt.openAuth(self._open_uri,
  File "/usr/lib/python3.8/site-packages/libvirt.py", line 104, in openAuth
    if ret is None:raise libvirtError('virConnectOpenAuth() failed')
libvirt.libvirtError: Cannot recv data: ssh_askpass: exec(/usr/lib/ssh/ssh-askpass): No such file or directory
Permission denied, please try again.
ssh_askpass: exec(/usr/lib/ssh/ssh-askpass): No such file or directory
Permission denied, please try again.
ssh_askpass: exec(/usr/lib/ssh/ssh-askpass): No such file or directory
Connection closed by 192.168.10.1 port 22: Connection reset by peer

[crobinso]

Maybe this is libvirt but offhand I can't think why it wouldn't be working. Libvirt invokes ssh directly, which should be handling SSH_ASKPASS variable transparently.

Are you running virt-manager under sudo or similar?

[bergentroll]

Are you running virt-manager under sudo or similar?

No, result the same if I just start virt-manager from my shell. In the same time if I try to connect with virsh to a remote URI, it asks for password interactively just in the shell.

[crobinso]

I justed this myself and it's working as expected. On Fedora 32 with

$ rpm -qa | grep askpass
openssh-askpass-8.3p1-3.fc32.x86_64
x11-ssh-askpass-1.2.4.1-30.fc32.x86_64
$ git clone https://github.com/virt-manager/virt-manager
$ cd virt-manager
$ ./virt-manager

Trigger an SSH askpass. It shows the default gtk dialog. Exit virt-manager. Run again with SSH_ASKPASS=/usr/libexec/openssh/x11-ssh-askpass ./virt-manager trigger the URI and it shows the gnarly old x11 dialog.

Can you confirm if something like those steps work for you with virt-manager.git?

[bergentroll]

Yes, everything works as expected.

env SSH_ASKPASS='/usr/bin/ksshaskpass' ./virt-manager --no-fork asks pass in terminal.
./virt-manager calls X11 askpass.
env SSH_ASKPASS='/usr/bin/ksshaskpass' ./virt-manager calls Ksshaskpass.

My GNU/Linux flavour is Arch Linux. I am not sure what was a problem, sorry for bothering.

[crobinso]

No worries, thanks for following up