Comment by carodgers

1 day ago

Terminal emulators have taken a very odd attitude toward OSC52. Many (or all?) of them selectively disable either copy, or paste, or both, depending on how cautious the maintainer is.

Yes, it's true that an application that can read system clipboard content may scrape a password, but literally any application running in the terminal can read private keys out of your .ssh folder.

With some heavy reading and a bit of experimentation, you can usually get this working, though.

3 comments

carodgers

Reply
CGamesPlay  17 hours ago

But with OSC 52, any system I ssh into can scrape those passwords. Bigger attack surface, to be sure. And unfortunately there’s no particularly good way of telling if the received escape code originated from the local machine.

  • em-bee  9 hours ago

    only passwords that you type after logging in. but if you can't trust the remote system then i don't think OSC 52 is the only way to do that.

procaryote  15 hours ago

There are lots of ways to secure your private keys though, including passphrases, having a ssh agent that requires interaction to use a key, having them on hardware security keys etc.

Having osc52 paste default off seems very reasonable