wood burning stoves 2.0*
The moose likes Linux / UNIX and the fly likes show ssh passwords as I type? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Engineering » Linux / UNIX
Bookmark "show ssh passwords as I type?" Watch "show ssh passwords as I type?" New topic
Author

show ssh passwords as I type?

Jennifer O'Donnell
Greenhorn

Joined: Sep 30, 2008
Posts: 4
My keyboard sometimes sticks and on days when I'm entering ssh passwords all day (and there is nobody standing behind me - I checked), is there a way linux will let me see the passwords I enter on the command line?
Charles Lyons
Author
Ranch Hand

Joined: Mar 27, 2003
Posts: 836
I would guess not as the OpenSSH guys in particular are very hot on security. Usually this works by temporarily disabling terminal echo, so it isn't possible to override it without patching the source code.

Alternatively, have you considered setting up PKC certs? You only need one to identify yourself by, then install it on every machine you use in your home directory. SSH will then authenticate you by certs rather than password. You can secure the private key on your machine with a password---type it once and get immediate access to all other machines. Linux SSH clients and Putty both support it. See for example, here.


Charles Lyons (SCJP 1.4, April 2003; SCJP 5, Dec 2006; SCWCD 1.4b, April 2004)
Author of OCEJWCD Study Companion for Oracle Exam 1Z0-899 (ISBN 0955160340 / Amazon Amazon UK )
Pat Farrell
Rancher

Joined: Aug 11, 2007
Posts: 4646
    
    5

Get a new keyboard.

Showing passwords is bad security, and the SSH, OpenSSL, and similar folks are serious about good security.
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

in 'the old days', some terminal emulators had a setting to allow a 'local echo'. Any character printed locally gets printed, and then printed again when returned from the server. When the remote machine doesn't send the character (such as when logging in) you still get the locally created copy.
Pat Farrell
Rancher

Joined: Aug 11, 2007
Posts: 4646
    
    5

Originally posted by David O'Meara:
in 'the old days', some terminal emulators had a setting to allow a 'local echo'.

Actually, I worked on terminals, not terminal emulators in the olden days.

But for password fields, the system would typically output six or eight random characters, a return, six or eight more, a return, etc. until there was a random wad of ink on each character position. This kept folks from retrieving the password. This worked with either local echo, or remote echo.
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 15960
    
  19

Originally posted by Pat Farrell:
Get a new keyboard.

Showing passwords is bad security, and the SSH, OpenSSL, and similar folks are serious about good security.


Actually, ALL Unix/Linux system developers are serious about good security. It's why in order to get Linux to demonstrate "more security problems than Windows", they have to include all the free applications in the security error count on Linux but just the core Windows on Windows.

Unix grew up in a rough neighborhood. Keeping yourself safe was essential. These days, everywhere is a rough neighborhood.


Customer surveys are for companies who didn't pay proper attention to begin with.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: show ssh passwords as I type?
 
Similar Threads
Connecting to telnet server from ssh server
linux ssh help
Linux Remotely
IntelliJ+CVS+SSH
Callling a Script from a java program