Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Cheers for your response - so having a korn script with these lines how to implement it properly
echo "login name: "; read INPUT; if [ "" != "$INPUT" ]; then LOGIN=$INPUT; fi # this input needs to be shown on terminal
echo "password: "; read INPUT; if [ "" != "$INPUT" ]; then PASS=$INPUT; fi # input needs to be replaced with '*' on terminal
Oh, I think ksh doesn't support the -p option to read, but that's just a nicety of bash - you can simply echo the prompt, although you should send it to stderr to prevent line buffering fro hiding it until after the function completes.
Look at this post and see if it works for you. Change the interpreter from bash to ksh and strip out the -p option from the read statement, since it is not supported by ksh (as matthewg42 already pointed out) or better it has a different behaviour. For example you can substitute:
Code:
read -p "please enter username and press [enter]: " username
with
Code:
echo -n "please enter username and press [enter]: "
read username
Stars are a bad idea anyhow - some shoulder surfer who sneaks a peak at your fingers as you type can get extra information by counting how many characters you typed by looking as the asterisks, to validate when he thinks you typed - why give them that extra information?
The only use for asterisks which I can think of is where the password is a fixed length pin and the keys do not provide good tactile feedback - e.g. an ATM. For regular computer passwords, I think they are not a good idea.
Furthermore, AFAIK the shell doesn't provide a mechanism to do this - you can't detect raw key presses because the shell is line buffered. Either the terminal echos the typed input, or it does not.
You could write a small program to get the password with some language which direct character access to the keyboard.
Stars are a bad idea anyhow - some shoulder surfer who sneaks a peak at your fingers as you type can get extra information by counting how many characters you typed by looking as the asterisks
A trained eye behind your shoulder could read the password from your key presses!
That reminds me of something I saw a long time ago. A Lotus Notes installation at a place I once worked did something strange when users entered their passwords... It displayed four little graphics. No asterisks, but instead these little graphics in the four corners of the password entry box.
The choice of these icons seemed somehow deterministic - with the correct password, the same icons would always be visible at the end of the entry.
Does anyone know the rationale behind this? I assumed it was some sort of confirmation that user has not fat-fingered their password, but it seems like a silly idea to me.... It occurred to me that if the icons displayed were somehow deterministic based on the entry so far, wouldn't a simple video recording of the screen as the password was entered allow an attacker to verify each keypress?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.