Bug 513788

Summary: ksshaspass is error prone and susceptible to misuse, steals the keyboard focus and input from other windows.
Product: [Applications] ksshaskpass Reporter: hadmut
Component: generalAssignee: Jeremy Whiting <jpwhiting>
Status: REPORTED ---    
Severity: normal CC: kde
Priority: NOR    
Version First Reported In: unspecified   
Target Milestone: ---   
Platform: Other   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:

Description hadmut 2025-12-24 21:40:13 UTC 
KDE distributions such as Kubuntu 25.10 do come with 

SSH_ASKPASS=/usr/bin/ksshaskpass


which is suitable only if you do use manually launched single ssh connections. Once you do use ssh from within a script or launched from another program with some delay, e.g. when using Ansible, or some scripts which first generate some file(s) and then scp or rsync them, this goes wrong:

When doing some other work, e.g. using a web browser or writing into an editor, while running a program makeing use of ssh (e.g. Ansible), ksshaskpass pops up suddenly and *immediately*, faster than the user can respond and interrupt, graps the keyboard focus. Keystrokes, meant for e.g. the editor or web browser, go directly to ksshaskpass, and if it was a return key, the use of the ssh key is unintentionally – and without a chance to read the request – confirmed. This neutralizes the function of using ssh-agent confirmation to increase security, if the confirmation requester steals input given to other programs and accepts them as confirmation.

It can even stack password requests, and then fail. e.g. if the pasword is "123456", it can happen, e.g. when programs like Ansible use ssh to login to several machines simultaneously, that the user enters "1", a second requester opens on top, the user continues to enter the password, thus entering "23456" into a new requester, which then fails.
Comment 1 Kai Uwe Broulik 2025-12-25 08:21:32 UTC 
Right now window activation under Wayland (which I assume is the default in 25.10) is a bit of an unsolved issue, especially the integration between Terminal and GUI.

There’s an ongoing effort to improve this: https://invent.kde.org/plasma/kwin/-/issues/186 and https://invent.kde.org/plasma/kwin/-/merge_requests/7952

Plasma 6.5 and 6.6 improve this situation a lot, but I believe Kubuntu 25.10 ships 6.4 out of the box so it doesn’t have much “focus stealing prevention” yet.

You can try adding the backports PPA (which includes 6.5) and then changing the focus stealing prevention setting in System Settings → Window Behavior → Focus Stealing Prevention to e.g. “High”.