Muli Ben-Yehuda's journal

August 31, 2003

making xemacs shell mode not display ssh passwords

Filed under: Uncategorized — Muli Ben-Yehuda @ 2:01 AM

I keep a list of things to code for fun. Things that annoy me, things
that I feel could be done better, things that have non trivial hack
value and things that people ask me to do. Tonight I fixed one of the
most annoying bugs on the list – yay me! For your geeky perusal
pleasure, here are the details, from an email I sent to friends who
might appreciate the fix:

I use xemacs's shell mode constantly, and the biggest qualm I had with
it is that sometimes it wouldn't hide ssh passwords and force me to
input them in clear text. I finally got fed up with it tonight and
fixed it. Here's how to fix it, in case you use shell mode as
well. (Oleg, you're cc'd as my (e)lisp guru for constructive criticism

First of all, it can be done manually, by calling M-x send-invisible
before inputting the password. But that's troublesome, and why do by
hand something that can be done automatically?

The right way to do it is to add these elisp snippets to your
.xemacs/init.el or equivalent: 

(add-hook 'comint-output-filter-functions

; make shell mode recognize ssh password prompts 
(setq comint-password-prompt-regexp 
      "\\(\\([Oo]ld \\|[Nn]ew \\|^\\|'s \\)[Pp]assword\\|pass?phrase\\):\\s *\\'")


the regexp above should be all on one line. 

Explanation: shell mode uses the comint module for processing process
output. In the comint module, there is a hook,
'comint-output-filter-functions' that is called on each line of
output. Whatever functions are part of that hook will be called on
each line of output. The first elisp snippet above adds
'comint-watch-for-password-prompt' to the functions to be called. 

'comint-watch-for-password-prompt' is a pretty simple function: 

(defun comint-watch-for-password-prompt (string)
  (if (string-match comint-password-prompt-regexp string)
      (send-invisible nil)))

That is, if the string we got as an input parameter matches the
regular expression commint-password-prompt-regexp, call
'send-invisible'. This is where the second snippet above comes into
play - it modifies the default password regexp to recognize ssh's
passwd prompt, which looks something like this's password: 

The regexp originally looked for (ignoring case for simplicity) 'old'
or 'new' or 'beginning of line' and then 'password'. I added "'s" to
the list of prefixes. 

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at

%d bloggers like this: