Re: sudo password visible through ssh command line

To: debian-user@lists.debian.org
Subject: Re: sudo password visible through ssh command line
From: Chris Davies <chris-usenet@roaima.co.uk>
Date: Fri, 11 Jul 2008 15:26:58 +0100
Message-id: <[🔎] i67kk5xnpi.ln2@news.roaima.co.uk>
Reply-to: chris@roaima.co.uk
References: <aO2cn-7kf-29@gated-at.bofh.it> <aO88g-1tN-33@gated-at.bofh.it>

Andrew Sackville-West <andrew@farwestbilliards.com> wrote:
> On Thu, Jul 10, 2008 at 01:04:31PM +0200, Javier Barroso wrote:
>> In sid with key passwordless auth :
>> 
>> ssh user@server "sudo ls"
>> password: password
>> 
>> And password is shown you

> I definitely consider that a bug. Who to file against? I don't know.
> Is this new behavior?

It's not a bug (well, not in the classic sense), and it's not new
behaviour.

> Su doesn't work at all. 

su complains "su: must be run from a terminal", and this helps point
towards the underlying issue. When you run ssh with a command argument,
it does not (by default) create a terminal. This means there's no way
to disable echo, so sudo ends up prompting with a visible password.

The solution is to force ssh to allocate a pseudo-tty, with the -t flag:

    ssh -t user@server sudo ls

Chris

Reply to:

Follow-Ups:
- Re: sudo password visible through ssh command line
  - From: Andrew Sackville-West <andrew@farwestbilliards.com>

Prev by Date: snapshot.debian.net lost packages again?
Next by Date: Re: P2P clients for debian etch
Previous by thread: Re: sudo password visible through ssh command line
Next by thread: Re: sudo password visible through ssh command line
Index(es):
- Date
- Thread