sudo password not masked when connecting with ssh
Bug #56755 reported by
Simon
This bug affects 3 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
sudo (Debian) |
Fix Released
|
Unknown
|
|||
sudo (Ubuntu) |
Won't Fix
|
Medium
|
Unassigned |
Bug Description
Binary package hint: sudo
When using keys to connect via ssh to a server, and issuing the command 'ssh someuser@somehost sudo somecommand', the password prompt which appears to ask for the sudo password displays the password on the screen, rather than hiding it. This puts your password at risk of being compromised by anyone who happens to be looking over your shoulder.
(SOLUTION: use "-t" with ssh, see https:/
Changed in sudo: | |
importance: | Medium → High |
status: | Confirmed → In Progress |
Changed in sudo (Ubuntu): | |
assignee: | Martin Pitt (pitti) → nobody |
status: | Confirmed → Triaged |
Changed in sudo (Debian): | |
status: | Unknown → Fix Released |
Changed in sudo (Ubuntu): | |
status: | Triaged → Won't Fix |
description: | updated |
To post a comment you must log in.
> When sudo is used in conjunction with an SSH command, the password
> entered into sudo is not hidden, but shown in plaintext on the terminal.
This is done by ssh, not sudo. You need to use ssh's -t option. In that
case, sudo can tell ssh to disable echoing of the input.
Eric