#28 Hide password on "ps aux| grep {process name}"

[Guilherme Rodrigues Cunha]

I'm reaching out because I'm having some difficulty with my code that I saw you solved in sshpass. I was wondering if you could help me or point me to the section of code in the repository that solves the problem.

I developed a script that is triggered via cli and logs into microtik routerboards. It receives the password and username as parameters, but I have a problem where if the user uses "ps aux | grep {process name}", the password passed is visible to them. I noticed that in sshpass some time ago with the same command, the visible password would be displayed as "zzzzzzz", but in the latest versions, it displays as a blank field. Could you explain to me how this was done?

[Cálestyo]

I don't think sshpass could ever guarantee that a passphrase given as argument cannot be viewed by others, even if it would overwrite it.

The OS might still export the original command line somehow and even if it wouldn't there's always the small time frame between starting the process (where the passphrase would be visible) and overwriting it, where an attacker could see it.

Your only chance is if the OS prohibits users to see the command arguments of processes from other users.

[Shachar Shemesh]

The bug system isn't the proper place to ask these types of questions.