On November 11, tom@penumbra.be said:

> I've recently discovered a rather nasty bug. My login password is
> visible when I use the following command:
>
> arioch@server ~ $ ssh arioch@192.168.0.1 sudo tail -f /var/log/messages; exit
> Password: ********** (user - masked)
> Password: my_not-so-secret-anymore_password (root - not masked)


This is because when you use ssh with an explicit command (in the
example above, your command is sudo), ssh doesn't bother allocating a
pseudo-tty for your session, which means that sudo's password-hiding
is not done, since it is not running within a terminal, as far as it
knows.

To force ssh to allocate a pseudo-tty, use -t, as in:

ssh -t arioch@192.168.0.1 sudo tail -f /var/log/messages; exit

Use "man ssh" and search for pseudo-tty for more details.

Hope this helps,

--dkg

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
http://www.mindrot.org/mailman/listi...enssh-unix-dev