Add -pwfile option, a more secure version of -pw.

Similarly to cmdgen's passphrase options, this replaces the password on the command line with a filename to read the password out of, which means it can't show up in 'ps' or the Windows task manager.
2025-07-18 11:31:00 -05:00 · 2021-09-28 18:04:15 +01:00
parent d489c64f48
commit 44ee7b9e76
10 changed files with 63 additions and 15 deletions
--- a/cmdline.c
+++ b/cmdline.c
@ -584,6 +584,32 @@ int cmdline_process_param(const char *p, char *value,
        }
    }

+    if (!strcmp(p, "-pwfile")) {
+        RETURN(2);
+        UNAVAILABLE_IN(TOOLTYPE_NONNETWORK);
+        SAVEABLE(1);
+        /* We delay evaluating this until after the protocol is decided,
+         * so that we can warn if it's of no use with the selected protocol */
+        if (conf_get_int(conf, CONF_protocol) != PROT_SSH)
+            cmdline_error("the -pwfile option can only be used with the "
+                          "SSH protocol");
+        else {
+            Filename *fn = filename_from_str(value);
+            FILE *fp = f_open(fn, "r", false);
+            if (!fp) {
+                cmdline_error("unable to open password file '%s'", value);
+            } else {
+                cmdline_password = chomp(fgetline(fp));
+                if (!cmdline_password) {
+                    cmdline_error("unable to read a password from file '%s'",
+                                  value);
+                }
+                fclose(fp);
+            }
+            filename_free(fn);
+        }
+    }
+
    if (!strcmp(p, "-agent") || !strcmp(p, "-pagent") ||
        !strcmp(p, "-pageant")) {
        RETURN(1);