From owner-freebsd-questions@FreeBSD.ORG  Thu Aug 14 10:55:43 2014
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 8DF502BF
 for <freebsd-questions@FreeBSD.org>; Thu, 14 Aug 2014 10:55:43 +0000 (UTC)
Received: from ceto.cloudzeeland.nl (cloudzeeland.xs4all.nl [83.161.133.58])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "cloudzeeland.nl", Issuer "PositiveSSL CA 2" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4C3222537
 for <freebsd-questions@FreeBSD.org>; Thu, 14 Aug 2014 10:55:42 +0000 (UTC)
Received: from ceto.cloudzeeland.nl (ceto.cloudzeeland.nl [10.10.10.30])
 by ceto.cloudzeeland.nl (Postfix) with ESMTP id 40ADA47F2206;
 Thu, 14 Aug 2014 12:55:34 +0200 (CEST)
Received: from [10.0.0.200] (unknown [46.44.159.250])
 (using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits))
 (Client did not present a certificate)
 by ceto.cloudzeeland.nl (Postfix) with ESMTPSA id 02D0147F2205;
 Thu, 14 Aug 2014 12:55:33 +0200 (CEST)
Message-ID: <53EC95A6.70400@webrz.net>
Date: Thu, 14 Aug 2014 12:55:34 +0200
From: Jos Chrispijn <kernel@webrz.net>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64;
 rv:24.0) Gecko/20100101 Thunderbird/24.6.0
To: Polytropon <freebsd@edvax.de>
Subject: Re: sftp bug?
References: <53E20808.709@webrz.net> <20140806125140.f6cf5163.freebsd@edvax.de>
In-Reply-To: <20140806125140.f6cf5163.freebsd@edvax.de>
X-Virus-Scanned: ClamAV using ClamSMTP on ceto.cloudzeeland.nl
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1
Cc: "freebsd-questions@FreeBSD.org" <freebsd-questions@FreeBSD.org>
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Aug 2014 10:55:43 -0000

   Problem solved - made a stupid assumption regarding shell commands.
   Instead of using .login, I put commands in .csh which caused output.
   And this cannot be the case with openssh/sftp:
   [1]http://marc.info/?l=openssh-bugs&m=106564883001263&w=1
   BR, Jos Chrispijn

   Polytropon:

Can I bypass this in a configuration file?

The (unsafe) FTP program (ftp) accesses a file called
~/.netrc (see "man ftp" for details), surely sftp can
do the same. In this file, passwords can be stored.
But keep in mind: Those passwords are in _clear text_
inside this file, so make sure permissions are tight!

By completely avoiding passwords and instead relying on
keys the problem could probably be cured. So no password
has to be stored as plain text in a regular file.

References

   1. http://marc.info/?l=openssh-bugs&m=106564883001263&w=1