GNU bug report logs -
#79424
30.2; shell-mode doesn't hide password
Previous Next
To reply to this bug, email your comments to 79424 AT debbugs.gnu.org.
There is no need to reopen the bug first.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#79424; Package
emacs.
(Wed, 10 Sep 2025 15:10:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
André A. Gomes <andremegafone <at> gmail.com>:
New bug report received and forwarded. Copy sent to
bug-gnu-emacs <at> gnu.org.
(Wed, 10 Sep 2025 15:10:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
Hello,
I'm using shell-mode to copy a file to a remote machine:
--8<---------------cut here---------------start------------->8---
scp /file/path host-name:/file/path
--8<---------------cut here---------------end--------------->8---
The ssh connection requires inserting the password and I'd expect that
shell-mode would replace each of the characters with a placeholder (like
asterisks). However, it exposes the password on the screen.
In case it matters, the remote machine is a FreeBSD machine running
locally on QEMU, where I am passing the flag "-net
user,hostfwd=tcp::2222-:22".
Thanks.
--
André A. Gomes
"You cannot even find the ruins..."
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#79424; Package
emacs.
(Wed, 10 Sep 2025 16:57:01 GMT)
Full text and
rfc822 format available.
Message #8 received at 79424 <at> debbugs.gnu.org (full text, mbox):
André A. Gomes <andremegafone <at> gmail.com> writes:
> Hello,
Hi André,
> I'm using shell-mode to copy a file to a remote machine:
>
> scp /file/path host-name:/file/path
>
> The ssh connection requires inserting the password and I'd expect that
> shell-mode would replace each of the characters with a placeholder (like
> asterisks). However, it exposes the password on the screen.
In shell-mode, it is tracked whether a password prompt appears. Then the
password is read with hidden characters in the minibuffer. Terchnically,
this is implemented by adding comint-watch-for-password-prompt to
comint-output-filter-functions. What is the value of that variable in
your shell buffer?
The check is performed using comint-password-prompt-regexp. What is the
value of that variable, and the password prompt, in your shell buffer?
> Thanks.
Best regards, Michael.
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#79424; Package
emacs.
(Wed, 10 Sep 2025 17:03:02 GMT)
Full text and
rfc822 format available.
Message #11 received at 79424 <at> debbugs.gnu.org (full text, mbox):
>>>>> André A Gomes <andremegafone <at> gmail.com> writes:
> Hello, I'm using shell-mode to copy a file to a remote machine:
> scp /file/path host-name:/file/path
> The ssh connection requires inserting the password and I'd expect
> that shell-mode would replace each of the characters with a
> placeholder (like asterisks). However, it exposes the password on
> the screen.
> In case it matters, the remote machine is a FreeBSD machine
> running locally on QEMU, where I am passing the flag "-net
> user,hostfwd=tcp::2222-:22".
I can confirm that. Both machines - client and host are debians.
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#79424; Package
emacs.
(Thu, 11 Sep 2025 12:22:01 GMT)
Full text and
rfc822 format available.
Message #14 received at 79424 <at> debbugs.gnu.org (full text, mbox):
Michael Albinus <michael.albinus <at> gmx.de> writes:
> Hi André,
Hi Michael,
> The check is performed using comint-password-prompt-regexp. What is the
> value of that variable, and the password prompt, in your shell buffer?
This helped me understand the problem. I'll send a patch soon, thanks.
--
André A. Gomes
"You cannot even find the ruins..."
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#79424; Package
emacs.
(Thu, 11 Sep 2025 13:05:02 GMT)
Full text and
rfc822 format available.
Message #17 received at 79424 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
André A. Gomes <andremegafone <at> gmail.com> writes:
> This helped me understand the problem. I'll send a patch soon,
> thanks.
Hi Michael,
Please find the patch attached. Feel free to make any necessary
changes, thank you.
--
André A. Gomes
"You cannot even find the ruins..."
[0001-Make-comint-understand-SSH-proxy-password-phrases.patch (text/x-diff, attachment)]
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#79424; Package
emacs.
(Thu, 11 Sep 2025 13:49:01 GMT)
Full text and
rfc822 format available.
Message #20 received at 79424 <at> debbugs.gnu.org (full text, mbox):
André A. Gomes <andremegafone <at> gmail.com> writes:
> Hi Michael,
Hi André,
> Please find the patch attached. Feel free to make any necessary
> changes, thank you.
I'll try to reproduce the problem. I have "OpenSSH_9.9p1, OpenSSL 3.2.4
11 Feb 2025", and it shows me the default "user <at> host's password: "
prompt, although I have configured ProxyJump.
Could you please tell me which ssh version you are using? Could you
please show me an example prompt as it appears to you? Is it the same
prompt, when you connect to another host without a proxy?
Best regards, Michael.
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#79424; Package
emacs.
(Thu, 11 Sep 2025 15:41:01 GMT)
Full text and
rfc822 format available.
Message #23 received at 79424 <at> debbugs.gnu.org (full text, mbox):
Michael Albinus <michael.albinus <at> gmx.de> writes:
> I'll try to reproduce the problem. I have "OpenSSH_9.9p1, OpenSSL 3.2.4
> 11 Feb 2025", and it shows me the default "user <at> host's password: "
> prompt, although I have configured ProxyJump.
>
> Could you please tell me which ssh version you are using? Could you
> please show me an example prompt as it appears to you? Is it the same
> prompt, when you connect to another host without a proxy?
I am using OpenSSH_9.9p1 on the host machine and OpenSSH_9.7p1 on the
VM.
Here's an example of the prompt:
--8<---------------cut here---------------start------------->8---
$ ssh aadcg <at> localhost -p 2222
(aadcg <at> localhost) Password for aadcg <at> freebsd:
--8<---------------cut here---------------end--------------->8---
The prompt above differs from the usual prompt when connecting to
another host. It's the first time I came across a prompt of the form
"(user <at> host) Password for user <at> host:".
I remind you that I am running a VM with qemu where I'm passing "-net
user,hostfwd=tcp::2222-:22". This maps the localhost port 2222 to port
22 on the VM, so that I can connect to the VM via "ssh user <at> host -p
2222". Let me know if you understood the setup.
Thank you again.
--
André A. Gomes
"You cannot even find the ruins..."
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#79424; Package
emacs.
(Fri, 12 Sep 2025 12:55:02 GMT)
Full text and
rfc822 format available.
Message #26 received at 79424 <at> debbugs.gnu.org (full text, mbox):
André A. Gomes <andremegafone <at> gmail.com> writes:
> Michael Albinus <michael.albinus <at> gmx.de> writes:
>
>> I'll try to reproduce the problem. I have "OpenSSH_9.9p1, OpenSSL 3.2.4
>> 11 Feb 2025", and it shows me the default "user <at> host's password: "
>> prompt, although I have configured ProxyJump.
>>
>> Could you please tell me which ssh version you are using? Could you
>> please show me an example prompt as it appears to you? Is it the same
>> prompt, when you connect to another host without a proxy?
>
> I am using OpenSSH_9.9p1 on the host machine and OpenSSH_9.7p1 on the
> VM.
>
> Here's an example of the prompt:
>
> $ ssh aadcg <at> localhost -p 2222
> (aadcg <at> localhost) Password for aadcg <at> freebsd:
>
> The prompt above differs from the usual prompt when connecting to
> another host. It's the first time I came across a prompt of the form
> "(user <at> host) Password for user <at> host:".
Thanks. However, I don't understand what you mean with your commit subject
"Subject: [PATCH] Make comint understand SSH proxy password phrases."
Which kind of proxy do you have configured in ssh?
> I remind you that I am running a VM with qemu where I'm passing "-net
> user,hostfwd=tcp::2222-:22". This maps the localhost port 2222 to port
> 22 on the VM, so that I can connect to the VM via "ssh user <at> host -p
> 2222". Let me know if you understood the setup.
I understand, but I cannot set it up locally w/o too much effort. And
I'd like to know whether the changed password prompt comes from this
port forwarding, or from something else you have configured in ssh.
> Thank you again.
Best regards, Michael.
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#79424; Package
emacs.
(Fri, 12 Sep 2025 14:16:02 GMT)
Full text and
rfc822 format available.
Message #29 received at 79424 <at> debbugs.gnu.org (full text, mbox):
Michael Albinus <michael.albinus <at> gmx.de> writes:
>> I am using OpenSSH_9.9p1 on the host machine and OpenSSH_9.7p1 on the
>> VM.
>>
>> Here's an example of the prompt:
>>
>> $ ssh aadcg <at> localhost -p 2222
>> (aadcg <at> localhost) Password for aadcg <at> freebsd:
>>
>> The prompt above differs from the usual prompt when connecting to
>> another host. It's the first time I came across a prompt of the form
>> "(user <at> host) Password for user <at> host:".
>
> Thanks. However, I don't understand what you mean with your commit subject
>
> "Subject: [PATCH] Make comint understand SSH proxy password phrases."
>
> Which kind of proxy do you have configured in ssh?
What I called "proxy" (perhaps incorrectly) is the port forwarding
mentioned below. I can refactor the commit message, or you may edit it
as you see fit.
>> I remind you that I am running a VM with qemu where I'm passing "-net
>> user,hostfwd=tcp::2222-:22". This maps the localhost port 2222 to port
>> 22 on the VM, so that I can connect to the VM via "ssh user <at> host -p
>> 2222". Let me know if you understood the setup.
>
> I understand, but I cannot set it up locally w/o too much effort. And
> I'd like to know whether the changed password prompt comes from this
> port forwarding, or from something else you have configured in ssh.
I haven't configured ssh in any particular way, so it comes from the
port forwarding. Note that, earlier in this thread, a user confirmed my
bug report. In short, the patch enriches comint-password-prompt-regexp
to take this password prompt into account. Maybe there is a simpler way
to reproduce it, but I am unaware of it.
Does that make sense?
--
André A. Gomes
"You cannot even find the ruins..."
Reply sent
to
Michael Albinus <michael.albinus <at> gmx.de>:
You have taken responsibility.
(Sat, 13 Sep 2025 07:26:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
André A. Gomes <andremegafone <at> gmail.com>:
bug acknowledged by developer.
(Sat, 13 Sep 2025 07:26:02 GMT)
Full text and
rfc822 format available.
Message #34 received at 79424-done <at> debbugs.gnu.org (full text, mbox):
Version: 31.1
André A. Gomes <andremegafone <at> gmail.com> writes:
Hi André,
>>> I remind you that I am running a VM with qemu where I'm passing "-net
>>> user,hostfwd=tcp::2222-:22". This maps the localhost port 2222 to port
>>> 22 on the VM, so that I can connect to the VM via "ssh user <at> host -p
>>> 2222". Let me know if you understood the setup.
>>
>> I understand, but I cannot set it up locally w/o too much effort. And
>> I'd like to know whether the changed password prompt comes from this
>> port forwarding, or from something else you have configured in ssh.
>
> I haven't configured ssh in any particular way, so it comes from the
> port forwarding. Note that, earlier in this thread, a user confirmed my
> bug report. In short, the patch enriches comint-password-prompt-regexp
> to take this password prompt into account. Maybe there is a simpler way
> to reproduce it, but I am unaware of it.
>
> Does that make sense?
Yep. I've pushed your patch to the master branch, closing the bug.
Best regards, Michael.
This bug report was last modified today.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.