Public bug reported: run sshpass as following
SSHPASS="password" /usr/bin/sshpass -e ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null user@localhost user@Ubuntu14-VM:/proc/49571$ cat environ SSHPASS=password ... password is leaked here. Recommendation: SSHPASS should be cleared after use. ProblemType: Bug DistroRelease: Ubuntu 14.04 Package: sshpass 1.05-1 ProcVersionSignature: Ubuntu 3.13.0-39.66-generic 3.13.11.8 Uname: Linux 3.13.0-39-generic x86_64 ApportVersion: 2.14.1-0ubuntu3.5 Architecture: amd64 Date: Mon Dec 12 13:44:35 2016 Dependencies: gcc-4.9-base 4.9.1-0ubuntu1 libc6 2.19-0ubuntu6.3 libgcc1 1:4.9.1-0ubuntu1 multiarch-support 2.19-0ubuntu6.3 InstallationDate: Installed on 2014-04-22 (965 days ago) InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Release amd64 (20140417) ProcEnviron: TERM=xterm PATH=(custom, no username) XDG_RUNTIME_DIR=<set> LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: sshpass UpgradeStatus: No upgrade log present (probably fresh install) ** Affects: sshpass (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug trusty -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1649374 Title: password passed through -e by environment is leaked in /proc To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sshpass/+bug/1649374/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs