Read Password from Stdin

How to get a password from a shell script without echoing

Here is another way to do it:

#!/bin/bash
# Read Password
echo -n Password: 
read -s password
echo
# Run Command
echo $password

The read -s will turn off echo for you. Just replace the echo on the last line with the command you want to run.

In some shells (e.g. bash) read supports -p prompt-string which will allow the echo and read commands to be combined.

read -s -p "Password: " password

Read password from stdin

>>> import getpass
>>> pw = getpass.getpass()

Bash: How to read password from stdin without echoing over SSH

The problem here lies with the -tt option to ssh. You are forcing it to allocate a pseudo-terminal. This pseudo-terminal reads stdin and doesn't know whether what it reads comes from your keyboard or a redirection (echo "$sudo_pass" | ssh ...). So it acts like a terminal and echoes what it receives (because it receives it before sudo has the time to run and capture stdin).

You are experiencing one of the drawbacks of the -t option. Another one that hasn't hit you yet is that if your password starts with an ssh escape sequence (~C, ~?, etc) this won't work as expected either.

Easy and best solution: do not use the -tt option.

If you really cannot do without it - because e.g. your remote script adamantly wants a terminal - one (ugly) solution would be to "eat" the first line that is sent back by ssh, since you know for sure it will always be your password that is echoed back:

echo "$sudo_pass" | ssh -tt myhost ... | ( read; cat )

Personally, I wouldn't be so sure that the first line would always be the password and I don't recommend this. A far better alternative, is to add a small delay before sending the password, in order to let sudo start remotely and capture stdin:

( sleep 1; echo "$sudo_pass" ) | ssh -tt myhost ...

But this still is a hack and the best solution is of course to not use ssh's -tt option.

How do I echo stars (*) when reading password with `read`?

As Mark Rushakoff pointed out, read -s will suppress the echoing of characters typed at the prompt. You can make use of that feature as part of this script to echo asterisks for each character typed:

#!/bin/bash
unset password
prompt="Enter Password:"
while IFS= read -p "$prompt" -r -s -n 1 char
do
    if [[ $char == $'\0' ]]
    then
        break
    fi
    prompt='*'
    password+="$char"
done
echo
echo "Done. Password=$password"

Hiding user input on terminal in Linux script

Just supply -s to your read call like so:

$ read -s PASSWORD
$ echo $PASSWORD

PHP: How to use STDIN to get secret input for passwords on Linux based systems

You could do that if terminal has stty available

<?php

shell_exec('stty -echo');

echo 'Enter pw: ';
$value = fgets(STDIN, 4096);

shell_exec('stty echo');

var_dump($value);

If you need the fancy asterisk you could use systemd-ask-password if that's available

<?php

$value = shell_exec('systemd-ask-password "Enter pw:"');

var_dump($value);

Read more here: https://learnfromnoobs.com/hide-user-input-password/

Getting a hidden password input

Use getpass.getpass():

from getpass import getpass
password = getpass()

An optional prompt can be passed as parameter; the default is "Password: ".

Note that this function requires a proper terminal, so it can turn off echoing of typed characters – see “GetPassWarning: Can not control echo on the terminal” when running from IDLE for further details.

How to make ssh receive the password from stdin

You can't with most SSH clients. You can work around it with by using SSH API's, like Paramiko for Python. Be careful not to overrule all security policies.

Bsign: read password from stdin

bsign knows -P flag which passes parameters to gpg.

--passphrase-fd 0 will enable you to read the passphrase from stdin. Alternatively you could use --passphrase-file for reading it from a file or even --passphrase string for directly passing it.

bsign -P '--passphrase-fd 0' ...                       # Read from STDIN
bsign -P '--passphrase-file /path/to/file-or-pipe' ... # Read from a file
bsign -P '--passphrase "my password"' ...              # Pass password as parameter

If the second or third option, make sure you're escaping properly as the parameter's contents will be parsed again (eg. \\\\ if your password contains a single backslash).