Package: ssh Version: 1:3.8p1-3 Severity: normal I just went to use ssh-add and noticed that it is now echoing my passphrase directly to the terminal. I'm not sure exactly when this started occuring, it must be within the last couple of days as I probably last used ssh-add two or three days ago, i've just rebooted so had to use it again.
I consider this a critical bug as I couldn't use ssh-add anywhere public and be happy I wasn't sharing my passphrase with other people in the room. Stephen Quinney -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.5 Locale: LANG=C, LC_CTYPE=C Versions of packages ssh depends on: ii adduser 3.52 Add and remove users and groups ii debconf 1.4.22 Debian configuration management sy ii dpkg 1.10.20 Package maintenance system for Deb ii libc6 2.3.2.ds1-12 GNU C Library: Shared libraries an ii libpam-modules 0.76-19 Pluggable Authentication Modules f ii libpam-runtime 0.76-19 Runtime support for the PAM librar ii libpam0g 0.76-19 Pluggable Authentication Modules l ii libssl0.9.7 0.9.7d-1 SSL shared libraries ii libwrap0 7.6-ipv6.1-3 Wietse Venema's TCP wrappers libra ii zlib1g 1:1.2.1-5 compression library - runtime -- debconf information: ssh/insecure_rshd: ssh/privsep_ask: true * ssh/user_environment_tell: * ssh/forward_warning: * ssh/insecure_telnetd: ssh/new_config: true * ssh/use_old_init_script: true ssh/rootlogin_warning: * ssh/upgrade_to_openssh: true * ssh/SUID_client: true * ssh/protocol2_default: * ssh/privsep_tell: * ssh/ssh2_keys_merged: ssh/ancient_version: ssh/protocol2_only: true ssh/encrypted_host_key_but_no_keygen: * ssh/run_sshd: true
