Bug 503

Summary: Password is echoed when running passwd via ssh
Product: Portable OpenSSH Reporter: Klaus Jaehne <kj>
Component: sshdAssignee: OpenSSH Bugzilla mailing list <openssh-bugs>
Status: CLOSED FIXED    
Severity: security    
Priority: P2    
Version: -current   
Hardware: ix86   
OS: Linux   

Description Klaus Jaehne 2003-03-08 01:48:52 AEDT 
client and server systems are RedHat 7.2 with openssh-3.1p1-6. When running "ssh
<otherhost> passwd <username>", the password is visible on the console:

[root@host1 root]# ssh host2 passwd user1
New password: <password visible here!>
Retype new password: <password visible here!>
Changing password for user user1
passwd: all authentication tokens updated successfully

I also ran tests with v3.4p1 on RedHat 8.0 as well as with and without public
key authentication, where this problem also occured.
Comment 1 Klaus Jaehne 2003-03-08 02:04:55 AEDT 
just use ssh -t...
Comment 2 Damien Miller 2004-04-14 12:24:18 AEST 
Mass change of RESOLVED bugs to CLOSED