[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: sudo password visible through ssh command line

On Fri, Jul 11, 2008 at 03:26:58PM +0100, Chris Davies wrote:
> Andrew Sackville-West <andrew@farwestbilliards.com> wrote:
> > On Thu, Jul 10, 2008 at 01:04:31PM +0200, Javier Barroso wrote:
> >> In sid with key passwordless auth :
> >> 
> >> ssh user@server "sudo ls"
> >> password: password
> >> 
> >> And password is shown you
> > I definitely consider that a bug. Who to file against? I don't know.
> > Is this new behavior?
> It's not a bug (well, not in the classic sense), and it's not new
> behaviour.
> > Su doesn't work at all. 
> su complains "su: must be run from a terminal", and this helps point
> towards the underlying issue. When you run ssh with a command argument,
> it does not (by default) create a terminal. This means there's no way
> to disable echo, so sudo ends up prompting with a visible password.
> The solution is to force ssh to allocate a pseudo-tty, with the -t flag:
>     ssh -t user@server sudo ls

thanks for the lesson.


Attachment: signature.asc
Description: Digital signature

Reply to: