I would like to keep my ssh command hidden/disguised from other users.
Example:
ssh user@host -i /my/private/key
Unfortunately this will come up in the ps listing and other users will be able to see the private key file that I am using. Is there a way around this?
(They are logged in as the same user as I am)
If they're logged in as you, there's basically little you can do to stop them from learning that information. If you're on Linux they'll have access to your /proc entries and can learn this information easily.
They can also:
This is not a viable way to protect yourself. You need to sort out the identical user problem first.
On Linux, you can do something like
strncpy(argv[0], "mynewcmdlinehere", strlen(argv[0]));
Don't know about other Unices, sorry.
Hiding command line would require a script, so it's Catch-22, because other ppl having same user will have access to that script.
The solution is quite simple: Use key with pass-phrase. (howto)
Even if you hide the command line, the user can run lsof to see all the files that your ssh process has open - which will include the identity file. If obscuring the command line is truly the ultimate goal, though, you could start a key agent, load the identity into the agent, and then ssh using that agent. The path to the socket that the agent uses is controleld by an environment variable.
This is by no means security, though. Pax is right - the "logged in as the same user" issue is what really should be solved here. Stop using someone else's account. ;)
Not allowing them to know the location of the private key file isn't much of a security feature - they really shouldn't have read access to it anyway so it doesn't matter if they know where it is or not. In general, if you have control over the source of the application, you can overwrite the memory location holding the command line arguments, so you could modify them to something "innocuous".
From the back of my memory, I remember doing somthing similar a long time ago
First, create a shell script, called ps which runs ps and will grep all lines except those containing ssh (or something matching) and put this in a safe location (~/bin/ps)
Add ~/bin/ to your path as the first location to search.
of course, they could still use /usr/bin/ps (or wherever its location is) explicitly
As a caveat, this is all from memory and I don't have a Unix box to test it on... sorry
You can setup your private key via your ~/.ssh/config file which is secured by 0700. Here is example of ~/.ssh/config:
Host myhost.com
IdentityFile /home/maxcohan/.ssh/github.com.id_rsa
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 混吃等死 的文章《Hide arguments from ps [closed]》','https://www.manongdao.com/article-760878.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}