A switch to lsh permitting password field
17 Aug 2004 13:12:06 +0200
Pontus Freyhult <firstname.lastname@example.org> writes:
> This functionality, or kind of the same, at least, was implemented
> some time ago and is available in lsh 1.5.2 and newer. I'm referring
> to the askpass options, which lets you specify a binary that should
> output the requested password/phrase on stdout (what is requested is
> supplied in argv).
And the reason we do it this more cumberswome way, instead of simply
letting you give a password on the command line, is that command line
options are visible to other users (just use ps with the right
arguments). Passing the password via a file descriptor is safer.
If you for some reason need to provide a fixed password "gazonk" to
lsh, for some scripting or whatever, write an askpass script (which
should *not* be readable for other users) like
and use lsh --askpass path-to-that-script.
/Niels (just back to the net after a four-week vacation)