SSH Command Line Password Support

Jan-Frode Myklebust janfrode at
Wed Aug 27 22:16:57 EST 2008

On 2008-08-27, djm at <djm at> wrote:
> That being said, there is no way we will add an option like this.
> OpenSSH already has a perfectly good way of "handsfree" authentication
> in the form of public keys. Furthermore, passwords-on-commandlines are
> trivially observable by other users on a shared system and have been
> rightly considered insecure since forever.

Unfortunately not every client can dictate how he's allowed
to authenticate towards an external server. We need to push
some data from non-shared system, to a windows (free-sshd?)
sftp server daily, and the admins there for some reason only
allow password-based authentication.

What would your answer be if you were in this situation ? 
Say "no, this is impossible", or hack around it with expect? 

> If you are thinking that such a hack is okay for your system because
> it is not shared with other users, then consider that any attacker who
> breaks into a low privilege account now has a perfect opportunity to
> steal a password to a different host.

I'd love to use rsa-keys if they would let me. Now they woun't, 
and the lack of client side --password option force me to use an ugly
expect script, which is not very easy to have handle error conditions.


More information about the openssh-unix-dev mailing list