On Sat, Apr 24, 2004 at 02:35:42PM -0700, Phil Dibowitz wrote: > Colin Watson wrote: > >On Sat, Apr 24, 2004 at 01:41:00PM -0700, Phil Dibowitz wrote: > >>Both ssh-add and ssh-keygen echo your password to the tty in the new > >>3.8p1-3 version that I just dist-upgraded to. This is a pretty large > >>security problem. > > > >Er. Not for me they don't! What terminal emulator are you using? > > I'm using aterm. I've also heard this in the irc-channel I op in, so I > don't think its just aterm (cause not many people use it). Let me try > xterm.... yes, xterm does it as well: > > bash-2.05b$ ssh-add > Enter passphrase for /home/phil/.ssh/id_rsa: thisis being echoed > > (that's from an xterm).
I can't reproduce this either on i386 or powerpc with either pterm or xterm. Can you get me an strace? Thanks, -- Colin Watson [EMAIL PROTECTED]
