SSH Command Line Password Support

djm at mindrot.org djm at mindrot.org
Wed Aug 27 14:05:52 EST 2008


On Wed, 27 Aug 2008, Dag-Erling Smørgrav wrote:

> GB <gusgl2001 at yahoo.com> writes: > I have successfully implemented the
> password in the argument line for > both ssh and scp.
>
> Firstly, it's not a -portable issue. The patch should go upstream (to
> OpenBSD), if anywhere.
>
> Secondly, I can tell you already that they will not accept it. It's a
> very, very bad idea. Just use passphrase-less keys.

The upstream developers mostly read this list, so anything posted here
will be considered for both versions (likewise bugzilla, which has the
added advantage of remembering patches more clearly).

That being said, there is no way we will add an option like this.
OpenSSH already has a perfectly good way of "handsfree" authentication
in the form of public keys. Furthermore, passwords-on-commandlines are
trivially observable by other users on a shared system and have been
rightly considered insecure since forever.

If you are thinking that such a hack is okay for your system because
it is not shared with other users, then consider that any attacker who
breaks into a low privilege account now has a perfect opportunity to
steal a password to a different host.

-d


More information about the openssh-unix-dev mailing list