Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1v3VRk-00HGyh-Hi for pgadmin-hackers@arkaria.postgresql.org; Tue, 30 Sep 2025 08:10:53 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1v3VRi-007Qtd-5R for pgadmin-hackers@arkaria.postgresql.org; Tue, 30 Sep 2025 08:10:50 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1v3VRh-007QtU-PH for pgadmin-hackers@lists.postgresql.org; Tue, 30 Sep 2025 08:10:50 +0000 Received: from mail-lf1-x133.google.com ([2a00:1450:4864:20::133]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96) (envelope-from ) id 1v3VRf-000rDV-0h for pgadmin-hackers@postgresql.org; Tue, 30 Sep 2025 08:10:49 +0000 Received: by mail-lf1-x133.google.com with SMTP id 2adb3069b0e04-579d7104c37so7664241e87.3 for ; Tue, 30 Sep 2025 01:10:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pgadmin.org; s=google; t=1759219845; x=1759824645; darn=postgresql.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=7m7GqOjsO4ZJCpr/cnrEo+A5Z2SwSikFzlUf7rBLLZY=; b=gSI9BMrJmCiiwbzuCOWjLbjb1s/fL0h+igBtGJ/FlVTyu2Y4onmDCDE38as6+IS59P HdJD7fMTiSwXmYIc/35zLDipxZdstwG/iUKXB+FyPA1Cr4891RAzsDTl5QQL7RpaKILq ipxhfM8ZtD4tcPEZPE552X1bKxNOZ9yu00NHaMRlrE6G1T352YseCnA+n+TcoidRJ2p/ PdqAGTLhF2L+yrCq6fLQjgyUyrQmkmhZhKZ9Rkq3WIoNFquv5ZJUmTZhXFyMviZO30T7 A2HNhqKXU94cg267bg9Pf3Y3RiAAZe8PQmpfk6SS+9QTssihqtAe0nlkUObq1IL3X6Jz SYWg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1759219845; x=1759824645; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=7m7GqOjsO4ZJCpr/cnrEo+A5Z2SwSikFzlUf7rBLLZY=; b=YprQRbt6sdd74EekS4v5ZjBw8Wmnisbmu5Vl7PzZiiI59ms27nwkRzqegILvcFoNBB Et0P9epmVtXkcGb0TixThUiY/5ZUdNaQL0Tk4VTam8lL63Myv25QftwHyEUHc2fhOWy7 OZmIN7jZHYymh/RNiZbz/NICcnR+o+353yCeeWApx7Xc2pJS9O5XOIFEwtT9bZrkeaaB dKf0QXHRT+zcbchOzPxkkXaqJkWCgWaL9bFZ0s7aiOLY4HiJYfWDbsGYEoRt0HrglyMr ZaU3of/GtdDVqOYmdqK7X655JEKcbFXuB0UcLFLv/gbmK4cwxbPnhTxzN7KdfxVcWUAE AXXA== X-Forwarded-Encrypted: i=1; AJvYcCWdDM1qRpB9WLV+gQlh2o+BaALvTlVJUWhINtxurklYVIpbDCC6+APQ6MeGhzVTB/6qemIASYVEdnFuywms8WY=@postgresql.org X-Gm-Message-State: AOJu0YwQTxZGLltyPD0u4cNnKPkIqf/uylllk0jTucF4w5ZFpKJWAO5j qOgXvYdrocX1jY8cDz+55CvRtGiYd9WQ+h3gPlNeUPR8yBMAuJtVdmITCys+9TGIMCDQqDWZX3l BcebpZwfDIlCX6JAkYFOU7oOVAMoev0hcfA/a5U+W X-Gm-Gg: ASbGncvyOMp4BvILyEJ5/fgYccmnFEFcuFog8ks3c6WYIRW7FhHaOMfh491pQ2axw63 b/4H5Q16Tmu5ZLiiKO2TwXHSz7C8kDB/qnbGp8gvgAftbbRwe0lk0ctXBtChfRVWLu9J/BKc5ZO Mk8gY/L/cjYfRcjmt5LqmiOTe3CPqnpmNAaE5uu3rughqF06nwwnPQoGF8sxGc+UidvVCnkwFPS w8MyS/iFeYf8gDgh4N8oRLUy+/AecIJdA== X-Google-Smtp-Source: AGHT+IHQXeRG37ORjAmjLBwP5Cx0fcfM9XGG/p4x2yqnkAIIijPw9YoXrQUwSvzTsdP0+59X6arFXyL66IUCb8b+x+c= X-Received: by 2002:a05:6512:3f03:b0:560:8b86:75ba with SMTP id 2adb3069b0e04-582d38c00demr6508257e87.52.1759219845426; Tue, 30 Sep 2025 01:10:45 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Dave Page Date: Tue, 30 Sep 2025 09:10:33 +0100 X-Gm-Features: AS18NWCaiHycqKLVLFEs0zy3FLr8MPGajiV5D5xdDX17jFGOOGp5v9sdneNE9iQ Message-ID: Subject: Re: Regarding feature "Option to skip Password-Dialog for identity file" To: Akshay Joshi Cc: Aditya Toshniwal , pgadmin-hackers Content-Type: multipart/alternative; boundary="000000000000f802d40640004994" List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --000000000000f802d40640004994 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Tue, 30 Sept 2025 at 08:37, Akshay Joshi wrote: > > > On Tue, Sep 30, 2025 at 11:56=E2=80=AFAM Aditya Toshniwal < > aditya.toshniwal@enterprisedb.com> wrote: > >> Hi Akshay, >> >> On Tue, Sep 30, 2025 at 11:50=E2=80=AFAM Akshay Joshi < >> akshay.joshi@enterprisedb.com> wrote: >> >>> >>> >>> On Tue, Sep 30, 2025 at 11:41=E2=80=AFAM Aditya Toshniwal < >>> aditya.toshniwal@enterprisedb.com> wrote: >>> >>>> Hi Akshay, >>>> >>>> On Tue, Sep 30, 2025 at 11:36=E2=80=AFAM Akshay Joshi < >>>> akshay.joshi@enterprisedb.com> wrote: >>>> >>>>> >>>>> >>>>> On Tue, Sep 30, 2025 at 11:29=E2=80=AFAM Aditya Toshniwal < >>>>> aditya.toshniwal@enterprisedb.com> wrote: >>>>> >>>>>> Hi Akshay, >>>>>> >>>>>> Even if you show the password dialog for the first time, the above >>>>>> scenarios are applicable. >>>>>> For the context of showing the password prompt first time or not - >>>>>> I'm suggesting we try first and then show the password prompt. >>>>>> >>>>> >>>>> I tried that implementation, but what if the user doesn=E2=80=99t = want a >>>>> password prompt at all when the identity file has no password? Do you= think >>>>> the solution you provided fully meets the user=E2=80=99s requirements= ? >>>>> >>>> It will work the same as the existing flow. Users can proceed without >>>> entering any password. >>>> >>> >>> That=E2=80=99s exactly what the user doesn=E2=80=99t want. The featu= re request has a >>> clear subject line: *=E2=80=9COption to skip Password-Dialog for identi= ty >>> file.=E2=80=9D* Similar requests have been raised by other users in the= past, >>> which we closed as duplicates. >>> >> The request is to skip the password initially when connecting if an >> identity file is used. Subsequent prompts cannot be avoided if the >> connection fails. >> Later this can be improved further in future once sshtunnel provide more >> details. >> > I=E2=80=99m not convinced by this solution. Could you explain what issues= you see > with the approach I proposed? To me, it seems simple: if a user has an > identity file without a password, disable the prompt; if the identity fil= e > has a password, enable the prompt. Straightforward. > I=E2=80=99ll wait for Dave or others to share their thoughts on this. > I'd prefer to try to handle this more as Aditya suggests, to avoid having an additional config option. However, it certainly sounds like the ssh library makes this impractical and potentially confusing, so I think the cleanest and most usable solution is likely to add the "Prompt for password" checkbox that Akshay suggests. --=20 Dave Page pgAdmin: https://www.pgadmin.org PostgreSQL: https://www.postgresql.org pgEdge: https://www.pgedge.com --000000000000f802d40640004994 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


On Tue, 30 Sept= 2025 at 08:37, Akshay Joshi <akshay.joshi@enterprisedb.com> wrote:


On Tue, Sep 30, 2025 at 11:56=E2= =80=AFAM Aditya Toshniwal <aditya.toshniwal@enterprisedb.com> wrote:<= br>
Hi=C2=A0Akshay,

On Tue, Sep 30, 2025 at= 11:50=E2=80=AFAM Akshay Joshi <akshay.joshi@enterprisedb.com> wrote:
=


On Tue, Sep 30= , 2025 at 11:41=E2=80=AFAM Aditya Toshniwal <aditya.toshniwal@enterprisedb.c= om> wrote:
Hi Akshay,

=
On Tue, Se= p 30, 2025 at 11:36=E2=80=AFAM Akshay Joshi <akshay.joshi@enterprisedb.com&g= t; wrote:

<= /div>
O= n Tue, Sep 30, 2025 at 11:29=E2=80=AFAM Aditya Toshniwal <aditya.toshniwal@e= nterprisedb.com> wrote:
<= div style=3D"font-family:verdana,sans-serif">Hi=C2=A0Akshay,

Even if you show the password dialog for the first time, = the above scenarios are applicable.
For the context of showing the=C2=A0password prompt first time = or not - I'm suggesting we try first and then show the password prompt.=

=C2=A0 =C2=A0I tried that implementation, but what if the user = doesn=E2=80=99t want a password prompt at all when the identity file has no= password? Do you think the solution you provided fully meets the user=E2= =80=99s requirements?
It will work the same = as the existing flow. Users can proceed without entering any password.
=C2=A0 =C2=A0That=E2=80= =99s exactly what the user doesn=E2=80=99t want. The feature request has a = clear subject line: =E2=80=9COption to skip Password-Dialog for ide= ntity file.=E2=80=9D Similar requests have been raised by other us= ers in the past, which we closed as duplicates.
The request is to skip the= password initially when connecting if an identity file is used. Subsequent= prompts cannot be avoided if the connection fails.
Later this can be improved further in future on= ce sshtunnel=C2=A0provide more details.
=

I=E2=80=99m not convinced by this solution. Could you explain what issue= s you see with the approach I proposed? To me, it seems simple: if a user h= as an identity file without a password, disable the prompt; if the identity= file has a password, enable the prompt. Straightforward.

I=E2=80=99ll wait for Dave or others to share their thoughts on this.
=

I'd prefer to try to handl= e this more as Aditya suggests, to avoid having an additional config option= . However, it certainly sounds like the ssh library makes this impractical = and potentially confusing, so I think the cleanest and most usable solution= is likely to add the "Prompt for password" checkbox that Akshay = suggests.
=C2=A0
--
--000000000000f802d40640004994--