Re: SSH clients and hiding passwords



Dan <user@xxxxxxxxxxx> wrote:
Ah, I am sensing them that I have a fundamentally wrong approach to
sending commands from my SSH client to a server. The method I have been
using thus far is that my "console" collects user input, which it adds
up into a string. When the user presses the "enter" key, the string is
sent to the SSH stream.

Correct me if I am wrong, but I have just learned that each key that is
pressed by the user at the SSH client is not displayed in the terminal
at that point, but is sent to the server, which echoes the input back to
the user's SSH client, and then it is displayed on the user's SSH
client.

That's right. At least, usually; if the SSH client doesn't allocate
a pty at the server end, it will typically switch to behaving as you
describe in your first paragraph.

On a standard Unix OpenSSH setup, if you type `ssh hostname cat',
then ssh will not allocate a remote terminal, and the client will
echo your input locally and collect a whole line before sending it
(exactly as you describe).

However, if you type `ssh -t hostname cat', then ssh _will_ allocate
a remote terminal, will cease performing local echo or local line
editing, and will instead send your keystrokes one by one to the
server, which will echo them back to you in the course of collecting
a line at a time at _its_ end.

The two cases are visually indistinguishable to the user, but
examining them using `strace' shows a world of difference.
--
Simon Tatham "infinite loop _see_ loop, infinite"
<anakin@xxxxxxxxx> - Index, Borland Pascal Language Guide
.