Your message dated Fri, 6 Sep 2013 15:38:56 +0200
with message-id <[email protected]>
and subject line Re: Bug#721954: passwd: displays password when called via ssh
directly
has caused the Debian Bug report #721954,
regarding passwd: displays password when called via ssh directly
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
721954: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721954
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: passwd
Version: 1:4.1.5.1-1
Severity: normal
When trying to change a passphrase over an ssh connection, normally the
passphrase isn't displayed:
vagrant@local:~$ ssh server
vagrant@server:~$ passwd
Changing password for vagrant.
(current) UNIX password:
When called via ssh directly, it echoes the passphrase:
vagrant@local:~$ ssh server passwd
(current) UNIX password: dlkgfjsdgfkjsd
I'm not sure if this is expected and correct behavior, but it seems prone to
shoulder-surfing and whatnot.
live well,
vagrant
-- System Information:
Debian Release: 7.1
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'oldstable-updates'), (500,
'stable'), (500, 'oldstable'), (120, 'unstable'), (110, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 3.2.0-4-686-pae (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages passwd depends on:
ii debianutils 4.3.2
ii libc6 2.13-38
ii libpam-modules 1.1.3-7.1
ii libpam0g 1.1.3-7.1
ii libselinux1 2.1.9-5
ii libsemanage1 2.1.6-6
passwd recommends no packages.
passwd suggests no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Alexander Gattin wrote:
> Vagrant Cascadian wrote:
> > When called via ssh directly, it echoes the passphrase:
> > vagrant@local:~$ ssh server passwd
> > (current) UNIX password: dlkgfjsdgfkjsd
>
> You should use ssh -t <user@server> <command> instead.
Agreed. You should use -t if you need a tty allocated. And commands
like passwd want a tty. Along with others that Alexander mentioned
like screen and vim/emacs and others.
> ssh <user@server> <command> doesn't allocate
> pseudo terminal, therefore tcgetattr() + &=~ECHO +
> tcsetattr() won't work.
And passwd does not *need* the tty. It will function within the
ability to do so without it. Therefore this is not a bug. It is a
feature of graceful degradation. It will turn off echo if it has the
ability to do so. If it does not have the ability to do so then it
will gracefully degrade and operate without it.
> Some programs refuse to be started without a TTY,
> e.g. screen:
> > xrgtn@ux280p:~$ ssh [email protected] screen
> > Must be connected to a terminal.
> > xrgtn@ux280p:~$
>
> I think this is the only thing we can do (refuse
> to start passwd without a terminal).
That would break any scripts that have been written to update passwds
remotely from scripts in non-interactive batch mode from working.
(Those scripts would normally redirect output to /dev/null.)
Since I think 'ssh -t' completely addresses this issue and that it
isn't a bug but an ssh use case I am going to mark this bug as closed.
Bob
signature.asc
Description: Digital signature
--- End Message ---
