Script called from ~/.ssh/config loses TTY

Question

I'm using a site-specific authentication script that issues a 24-hour certificate for password-less login. What I'm trying to do is rig my ~/.ssh/config so ssh triggers the script if the certificate has expired:

Match originalhost remotehost.site exec "test $(file.age ~/.ssh/certificate) -ge 86400" exec ~/bin/authentication_script

This almost works -- it tests the age of the latest certificate file ok, and invokes the authentication_script if it's out-of-date. The problem is that this script is using TTY read operations to take the password input, and giving these errors:

stty: 'standard input': Inappropriate ioctl for device
stty: 'standard input': Inappropriate ioctl for device
authentication_script: The sshproxy server said: Authentication failed. Failed login: myname: 
authentication_script: This usually means you did not enter the correct password or OTP: 
stty: 'standard input': Inappropriate ioctl for device
stty: 'standard input': Inappropriate ioctl for device
stty: 'standard input': Inappropriate ioctl for device
authentication_script: The sshproxy server said: Authentication failed. Failed login: myname: 
authentication_script: This usually means you did not enter the correct password or OTP: 
stty: 'standard input': Inappropriate ioctl for device

This doesn't happen when I run the script on the command-line from a regular login session. Is there some mode that I can flip to get it to work?

Answer 1

I've been told that exec disables the stdin/stdout, and referred to here:

https://unix.stackexchange.com/questions/674759/how-to-make-ssh-config-match-host-exec-inherit-current-shells-tty-name

But for my purposes, I am able to use PTY operations to control the I/O:

 PTY=$(ps --no-headers $$ | xargs index 2)
 printf "Enter the password}: " > /dev/$PTY
 read -r -s pw < /dev/$PTY

(The index operation is just my script to return the nth item from a list)