Re: Regarding feature "Option to skip Password-Dialog for identity file"

On Tue, Sep 30, 2025 at 11:41 AM Aditya Toshniwal <
aditya(dot)toshniwal(at)enterprisedb(dot)com> wrote:

> Hi Akshay,
>
> On Tue, Sep 30, 2025 at 11:36 AM Akshay Joshi <
> akshay(dot)joshi(at)enterprisedb(dot)com> wrote:
>
>>
>>
>> On Tue, Sep 30, 2025 at 11:29 AM Aditya Toshniwal <
>> aditya(dot)toshniwal(at)enterprisedb(dot)com> wrote:
>>
>>> Hi Akshay,
>>>
>>> Even if you show the password dialog for the first time, the above
>>> scenarios are applicable.
>>> For the context of showing the password prompt first time or not - I'm
>>> suggesting we try first and then show the password prompt.
>>>
>>
>> I tried that implementation, but what if the user doesn’t want a
>> password prompt at all when the identity file has no password? Do you think
>> the solution you provided fully meets the user’s requirements?
>>
> It will work the same as the existing flow. Users can proceed without
> entering any password.
>

That’s exactly what the user doesn’t want. The feature request has a
clear subject line: *“Option to skip Password-Dialog for identity file.”*
Similar requests have been raised by other users in the past, which we
closed as duplicates.

>
>>> On Tue, Sep 30, 2025 at 11:16 AM Akshay Joshi <
>>> akshay(dot)joshi(at)enterprisedb(dot)com> wrote:
>>>
>>>> Hi Aditya,
>>>>
>>>> I already mentioned that I tried the same solution you suggested, but
>>>> there are a few combinations where it’s unclear when exactly we should
>>>> prompt for the tunnel password. For example, assuming an SSH tunnel with an
>>>> identity file that does not have a password:
>>>>
>>>> 1.
>>>>
>>>> When a user connects to the server for the first time, the password
>>>> dialog for the database server appears if the password has not been saved.
>>>> If the user enters the wrong password, the error we receive is “SSHTunnel
>>>> failed to create.” In this case, it’s unclear whether we should prompt for
>>>> the tunnel password or not.
>>>> 2.
>>>>
>>>> If the SSH tunnel fails to create for reasons other than
>>>> authentication, the error from the sshtunnel library is not descriptive
>>>> enough. Again, we don’t know whether prompting for the password is
>>>> appropriate.
>>>>
>>>> Suppose we always prompt for the password after a connection attempt.
>>>> In that case, the original issue remains; users don’t want to see a prompt
>>>> if an identity file without a password is provided.
>>>>
>>>> That’s why I believe the solution I proposed is the simplest and most
>>>> user-friendly: if users don’t want to be prompted, they can simply disable
>>>> the prompt option from the server dialog.
>>>>
>>>> On Tue, Sep 30, 2025 at 10:33 AM Aditya Toshniwal <
>>>> aditya(dot)toshniwal(at)enterprisedb(dot)com> wrote:
>>>>
>>>>> Hi Akshay,
>>>>>
>>>>> How about we prompt for password irrespective of what is the error
>>>>> from sshtunnel library?
>>>>> Try to connect without a password for identity file based, if any
>>>>> error comes then ask for password along with displaying the error message.
>>>>> No need to bother what the error is about.
>>>>>
>>>>> On Mon, Sep 29, 2025 at 7:27 PM Akshay Joshi <
>>>>> akshay(dot)joshi(at)enterprisedb(dot)com> wrote:
>>>>>
>>>>>> Hi Dave/Hackers,
>>>>>>
>>>>>> I am working on the feature "Option to Skip Password Dialog for
>>>>>> Identity File" #6996
>>>>>> <https://github.com/pgadmin-org/pgadmin4/issues/6996>.
>>>>>>
>>>>>> I initially tried implementing it so that the tunnel password would
>>>>>> not be requested upfront, and would only be prompted on error. However, the
>>>>>> *sshtunnel* library currently returns a generic error message, for
>>>>>> which I have created an issue on the SSHTunnel GitHub repository #305
>>>>>> <https://github.com/pahaz/sshtunnel/issues/305>.
>>>>>>
>>>>>> This approach introduces multiple scenarios for when to prompt for
>>>>>> the tunnel password, making the code more complex and harder to maintain.
>>>>>>
>>>>>> *Proposed solution:*
>>>>>> Add a new switch *"Prompt for password?"* in the server dialog under
>>>>>> the *SSHTunnel* tab. By default, the switch is set to *false* and is
>>>>>> enabled only when the authentication method is *Identity File*. See
>>>>>> the screenshot below for reference.
>>>>>> [image: Screenshot 2025-09-29 at 7.12.17 PM.png]
>>>>>>
>>>>>> Thoughts/suggestions?
>>>>>>
>>>>>>
>>>>>> Akshay Joshi
>>>>>>
>>>>>> Principal Engineer | Engineering Manager | pgAdmin Hacker
>>>>>>
>>>>>> enterprisedb.com
>>>>>>
>>>>>> * Blog*: https://www.enterprisedb.com/akshay-joshi
>>>>>> * GitHub*: https://github.com/akshay-joshi
>>>>>> * LinkedIn*: https:// <http://goog_373708537>
>>>>>> www.linkedin.com/in/akshay-joshi-a9317b14
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Thanks,
>>>>> Aditya Toshniwal
>>>>> pgAdmin Hacker | Sr. Staff SDE II | *enterprisedb.com*
>>>>> <https://www.enterprisedb.com/>
>>>>> "Don't Complain about Heat, Plant a TREE"
>>>>>
>>>>
>>>
>>> --
>>> Thanks,
>>> Aditya Toshniwal
>>> pgAdmin Hacker | Sr. Staff SDE II | *enterprisedb.com*
>>> <https://www.enterprisedb.com/>
>>> "Don't Complain about Heat, Plant a TREE"
>>>
>>
>
> --
> Thanks,
> Aditya Toshniwal
> pgAdmin Hacker | Sr. Staff SDE II | *enterprisedb.com*
> <https://www.enterprisedb.com/>
> "Don't Complain about Heat, Plant a TREE"
>