sudo password not masked when connecting with ssh

Binary package hint: sudo

When using keys to connect via ssh to a server, and issuing the command 'ssh someuser@somehost sudo somecommand', the password prompt which appears to ask for the sudo password displays the password on the screen, rather than hiding it. This puts your password at risk of being compromised by anyone who happens to be looking over your shoulder.

I don't think this is a bug in sudo.

This is because you're not giving sudo a terminal to ask the password
on. You need to use "ssh -t", which will provide it with a proper virtual
terminal.

Thanks.

sudo shouldn't display a password prompt if its stdin isn't a terminal

I'd agree with Matt (sudo should fail when there is no terminal). However, upstream may disagree. There is an upstream bug that was rejected for this:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=233730

I just tried to fix this with a relatively obvious approach. While this works fine for the ssh case, it completely breaks gksudo, which delivers the passphrase over stdin. To fix this properly, sudo needs something like gpg's --passphrase-from-fd.

I think I'll pass this to upstream for now.

Removing milestone, it's too intrusive to fix this in sudo/gksudo/etc. now.

What about having sudo issue a warning but otherwise not change behavior? For example:

$ ssh remotemachine sudo apt-get update
Warning: not on a terminal -- password will be echoed!
Password:
...

That way tools that are expecting to see "Password:" before continuing won't blow up, and humans will see the warning, and think twice.

This is in the FAQ now, as well: https://wiki.ubuntu.com/SecurityTeam/FAQ#SSH

I just had this same problem happen to me in Karmic (ssh from Karmic to sudo on Jaunty machine). Not the case on a Jaunty machine (ssh from Jaunty to sudo on Karmic). Latter declines to run the command stating there is no askpass specified or no tty.