10

So, I've got a command that I'm issuing that is essentially 'ssh'ing into various hosts: 

 command 2&>1 | grep "desired output"

Every once in a while, in the midst of the command, it'll run into a host where I don't have my keys setup. When that happens, I get this output: 

 Password:

Since I'm redirecting STDERR into STDOUT, then filtering STDOUT to only give me "desired output" (which doesn't include "Password:"), how is the password prompt being presented to me?

Matt Simmons
  • 765
  • 1
  • 7
  • 11
  • Also happens when using the Cisco anyconnect vpn CLI. You can pass in the password from a config file, but the password prompt will always get sent to the terminal. Until I found your question I thought I was going insane. – Cornelius Roemer Jun 29 '21 at 19:16

1 Answers1

13

ssh opens /dev/tty for read and write to prompt for the password.

I guess this a security feature, the input has to be from the tty rather than stdin.

If you run strace ssh <host> strace will show you the system calls the command is making.

I get:

open("/dev/tty", O_RDWR|O_LARGEFILE)    = 4
...
write(4, "dave@host"..., 16dave's password: ) = 16
read(4,
parkydr
  • 2,297
  • 1
  • 18
  • 18
  • 2
    From my understanding that's also the reason, why you can't simply pass the password to ssh from a script with a redirect. You'll need `expect` (http://expect.sourceforge.net and see also http://stackoverflow.com/questions/459182/using-expect-to-pass-a-password-to-ssh) – mpy Mar 21 '13 at 15:04
  • Terrific. I didn't think to dig in and strace it, since it was a passing curiosity, but thanks for that. I'm sure the knowledge will come in useful! – Matt Simmons Mar 21 '13 at 15:08
  • @terdon - the command you want (I think) is in the middle of the answer posted by parkydr: `strace ssh ` – Kevin Fegan Mar 21 '13 at 18:22
  • @KevinFegan thanks, I know. The post has been edited since I posted my comment. Check the [editing log](http://superuser.com/posts/569437/revisions). – terdon Mar 21 '13 at 18:24