jctanner/test.log

## test.log
# unpatched
[jtanner@jtw530 AP-16894]$ timeout -s SIGKILL 5 /bin/sshpass -v ssh -i keys/testkey -tt testuser@el7host "sudo whoami"
SSHPASS searching for password prompt using match "assword"
SSHPASS read: Enter passphrase for key 'keys/testkey':
Killed
[jtanner@jtw530 AP-16894]$ echo $?
137

# patched
[jtanner@jtw530 AP-16894]$ sshpass -v ssh -i keys/testkey -tt testuser@el7host "sudo whoami"
SSHPASS searching for password prompt using match "assword"
SSHPASS read: Enter passphrase for key 'keys/testkey':
SSHPASS detected ssh key passphrase prompt. Exiting.
[jtanner@jtw530 AP-16894]$ echo $?
8

## test.patch
diff --git a/main.c b/main.c
index ad6c0f7..426af5e 100644
--- a/main.c
+++ b/main.c
@@ -49,6 +49,7 @@ enum program_return_codes {
     RETURN_INCORRECT_PASSWORD,
     RETURN_HOST_KEY_UNKNOWN,
     RETURN_HOST_KEY_CHANGED,
+    RETURN_PASSPHRASE_REQUIRED,
 };

 // Some systems don't define posix_openpt
@@ -377,6 +378,7 @@ int handleoutput( int fd )
     static int firsttime = 1;
     static const char *compare1=PASSWORD_PROMPT; // Asking for a password
     static const char compare2[]="The authenticity of host "; // Asks to authenticate host
+    static const char compare3[]="assphrase for key "; // Asks to authenticate host
     // static const char compare3[]="WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!"; // Warns about man in the middle attack
     // The remote identification changed error is sent to stderr, not the tty, so we do not handle it.
     // This is not a problem, as ssh exists immediately in such a case
@@ -427,6 +429,17 @@ int handleoutput( int fd )
         }
     }

+    if( ret==0 ) {
+        state2=match( compare3, buffer, numread, state2 );
+
+        // Are we being prompted to authenticate the host?
+        if( compare3[state2]=='\0' ) {
+            if( args.verbose )
+                fprintf(stderr, "SSHPASS detected ssh key passphrase prompt. Exiting.\n");
+            ret=RETURN_PASSPHRASE_REQUIRED;
+        }
+    }
+
     return ret;
 }
	# unpatched
	[jtanner@jtw530 AP-16894]$ timeout -s SIGKILL 5 /bin/sshpass -v ssh -i keys/testkey -tt testuser@el7host "sudo whoami"
	SSHPASS searching for password prompt using match "assword"
	SSHPASS read: Enter passphrase for key 'keys/testkey':
	Killed
	[jtanner@jtw530 AP-16894]$ echo $?
	137

	# patched
	[jtanner@jtw530 AP-16894]$ sshpass -v ssh -i keys/testkey -tt testuser@el7host "sudo whoami"
	SSHPASS searching for password prompt using match "assword"
	SSHPASS read: Enter passphrase for key 'keys/testkey':
	SSHPASS detected ssh key passphrase prompt. Exiting.
	[jtanner@jtw530 AP-16894]$ echo $?
	8
	diff --git a/main.c b/main.c
	index ad6c0f7..426af5e 100644
	--- a/main.c
	+++ b/main.c
	@@ -49,6 +49,7 @@ enum program_return_codes {
	RETURN_INCORRECT_PASSWORD,
	RETURN_HOST_KEY_UNKNOWN,
	RETURN_HOST_KEY_CHANGED,
	+ RETURN_PASSPHRASE_REQUIRED,
	};

	// Some systems don't define posix_openpt
	@@ -377,6 +378,7 @@ int handleoutput( int fd )
	static int firsttime = 1;
	static const char *compare1=PASSWORD_PROMPT; // Asking for a password
	static const char compare2[]="The authenticity of host "; // Asks to authenticate host
	+ static const char compare3[]="assphrase for key "; // Asks to authenticate host
	// static const char compare3[]="WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!"; // Warns about man in the middle attack
	// The remote identification changed error is sent to stderr, not the tty, so we do not handle it.
	// This is not a problem, as ssh exists immediately in such a case
	@@ -427,6 +429,17 @@ int handleoutput( int fd )
	}
	}

	+ if( ret==0 ) {
	+ state2=match( compare3, buffer, numread, state2 );
	+
	+ // Are we being prompted to authenticate the host?
	+ if( compare3[state2]=='\0' ) {
	+ if( args.verbose )
	+ fprintf(stderr, "SSHPASS detected ssh key passphrase prompt. Exiting.\n");
	+ ret=RETURN_PASSPHRASE_REQUIRED;
	+ }
	+ }
	+
	return ret;
	}