Pseudo-tty allocation and -T option

Giles Constant gilesc at hyperlink.com
Fri Dec 1 02:31:58 EST 2000


On Thu, 30 Nov 2000, Markus Friedl wrote:

> i don't think that a
> 	Password foo
> option will ever be included in OpenSSH.
> 
> it's a bad practice to have plaintext passwords
> in files, commandlines or environment variables
> and i don't want to encourage this in OpenSSH.

It might be bad practice, but in my case it was unavoidable.  The current
implementation of sshd on NT won't allow access without providing a domain
password, and this is unlikely to change, due to the way it works.  When
scripting something to ssh to NT, there has to be some mechanism for
providing the password.  Perhaps it could be included as a compile-time
option?  Having a file with a password in it is no less secure than having
a blank password for your identity.

Actually, there is a way around - perhaps ssh could be extended to run
through some sort of lockable-detachable pipe object, eg :

connect:              slogin foo at bar.com: -oCreateAttachFile ./foo
secure it:            chmod 700 ./foo
attach[1]:            ssh-reattach ./foo
do something:         ls    (runs as foo at bar.com)
detach:               ^D
attach[2]:            ssh-reattach ./foo
do something else:    echo hello
detach:               ^D
close connection: ssh-close-attachment ./foo

[1] and [2] connect to the attached link, and fire up a remote shell in
the process.  Detaching will close the shell, but will maintain the link.

If this could be implemented in a way such that it has a similar
feature-set to rpc, et all, it would get around my problem and possibly
many others.








More information about the openssh-unix-dev mailing list