SSH Command Line Password Support
Daniel Kahn Gillmor
dkg-openssh.com at fifthhorseman.net
Wed Aug 27 07:06:06 EST 2008
On Sat 2008-08-16 10:04:35 -0400, Dag-Erling Smørgrav wrote:
> GB <gusgl2001 at yahoo.com> writes:
>> I am interested in an ssh that is not interactive in requesting the
>> password, i.e, whereas I can specify the password in the command line
>> when calling SSH.
> ps -fe
> Just use a passphrase-less keypair.
On Tue 2008-08-26 16:12:18 -0400, GB wrote:
> I have successfully implemented the password in the argument line
> for both ssh and scp.
> I would be more than willing to share my code so that it will become
> an official part of ssh and scp to satisfy the needs of users out
> there using scripts and the like.
> I don't consider the code to be the most secure possible, but it
> took 10 minutes to implement in ssh and 20 on scp, so modifications
> by you to make it compliant would be minimal.
What Dag-Erling was pointing out above is that the command line
arguments of any process are visible to all users on most UNIX-style
systems simply by using the "ps" command.
This means that anything you put on the command line is not secure,
and it would be a mistake to for OpenSSH to encourage this behavior in
Dag-Erling also offered you another technique to achieve your stated
goal of "the needs of users out there using scripts", which is to use
a passphrase-less keypair for scripted connections. You might want to
read Brian Hatch's "SSH User Identities" , and Matt Taggart's "Good
practices for using SSH" .
I'm afraid it would be ill-advised for OpenSSH to adopt your proposed
patch, since better, more secure options already exist.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 826 bytes
Desc: not available
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20080826/efa6f7ad/attachment.bin
More information about the openssh-unix-dev