1.5.3


Old Stuff

 www.your-freedom.net
 www.secure-tunnel.com

Ticket #84 (closed defect: fixed)

Opened 3 years ago

Last modified 3 years ago

SSH password visible in process listing

Reported by: dre@mac.com Assigned to: andrei
Priority: normal Milestone: AlmostVPN 0.9.6
Component: PreferencePanel Version: 0.9
Severity: major Keywords:
Cc:

Description

When using password authentication, the SSH password is visible in clear text in a process listing. This is probably bad. Could we instead retrieve the password from within the expect script, instead of passing the password to the expect script as an argument? If that's not possible, then maybe consider temporarily storing the cleartext password in an environment variable or a mode 600 file.

The problem is that anybody else on the machine could simply do ps auxww to find any SSH passwords in use.

Change History

11/30/05 20:29:40 changed by andrei

  • status changed from new to assigned.
  • version set to 0.9.
  • milestone set to AlmostVPN 0.9.6.

It most certainly should not be visible. On which command do you see the password? Could you please provide an example (you obviously can xxx password)?

11/30/05 20:34:37 changed by andrei

Never mind. I was able to reproduce it.

12/01/05 01:46:51 changed by dre@mac.com

  • status changed from assigned to closed.
  • resolution set to fixed.

Solved in the updated 0.9.5+