How to authenticate passkey from a Tcl script calling bash?

Question

I have a tcl script that calls a lot of functions from bash including ssh. The part I'm struggling with looks like this:

proc connect {where} {
    set bash c:/cygwin/bin/bash
    catch {exec $bash -c "ssh $where"} result
    puts $result
}
connect user@localhost

I get the authentication failed message:

Pseudo-terminal will not be allocated because stdin is not a terminal.
Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,password,keyboard-interactive).

I can't figure out how to prompt (either showing the console or a tk window, doesn't really matter) the user for the password so the authentication goes through.

The reason I'm using bash to ssh is because eventually I want to connect to a github with the script (need to prompt for a passkey).

Answer 1

Try this:

puts -nonewline "enter your passphrase: "
flush stdout
gets stdin passphrase
exec $bash -c "ssh $where" << $passphrase

The << argument to exec passes the given value to the command on its stdin

If that doesn't work, you'll have to try Expect, or use a key with no passphrase.

Answer 2

One important alternative (which I advise) is to set up a local key-handling agent (e.g., ssh-agent or pageant) to hold the decrypted key so that your code doesn't need to handle passwords at all. I find that's a much simpler method overall because it stops a lot of code from having to understand anything about passwords (which are harder to handle correctly than you might think…)