How to Show Asterisks While Typing Sudo Password in Linux

If You Appreciate What We Do Here On TecMint, You Should Consider:

  1. Stay Connected to: Twitter | Facebook | Google Plus
  2. Subscribe to our email updates: Sign Up Now
  3. Get your own self-hosted blog with a Free Domain at ($3.45/month).
  4. Become a Supporter - Make a contribution via PayPal
  5. Support us by purchasing our premium books in PDF format.
  6. Support us by taking our online Linux courses

We are thankful for your never ending support.

Aaron Kili

Aaron Kili is a Linux and F.O.S.S enthusiast, an upcoming Linux SysAdmin, web developer, and currently a content creator for TecMint who loves working with computers and strongly believes in sharing knowledge.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

15 Responses

  1. anthony says:

    It is possible to get sudo to display stars for password entry WITHOUT modifying the sudo configuration! You first need a program that can read a password while displaying stars…

    For example under most Linux computers you can use systemd-ask-password, next add it to an environment variable:

    # SUDO_ASKPASS=/usr/bin/systemd-ask-password
    

    Now you can use that password input program.

    $ sudo -A command_to_run
    

    OR do it all in the one command (or shell alias)…

    # SUDO_ASKPASS=/usr/bin/systemd-ask-password sudo -A  command_to_run
    

    Instead of systemd-ask-password you can also DIY a program to do the same such as described here, and the final resulting shell script here.

    This script will fall back to using systemd-ask-password, if available while also fixing some annoyances with that command to do with TTY settings when interrupted.

    • Aaron Kili says:

      @anthony

      You will have to modify sudo configuration as shown, to the best of our knowledge. Once we find a way to “get sudo to display stars for password entry WITHOUT modifying the sudo configuration”, we will let you know. Thanks for the feedback.

      • Anthony Thyssen says:

        No configuration changes needed! The echo stars is handled by the external password reader, then passed to sudo.
        I use this technique all the time on Solaris as well as Redhat v5 thru v7.

  2. Stuart Smith says:

    Good job guys. Added this and “Insults” to sudo while I was at it. :)

    Also, Aaron’s comments regarding the potential security risk are spot on. Not everyone believes there’s a cache of password thieves lurking over their shoulders. Virtually every cell phone app and webpage has key-for-key asterisks as feedback when typing your password. This just adds uniformity to the shell. Besides. it’s Linux – you can configure your Linux any way you like,

  3. Caleb Cushing says:

    It might be a good idea for you to mention WHY sudo doesn’t do this. Showing asterisks is a security risk, it allows someone (over the shoulder, or screenshot, etc) to know the number of characters you entered, which allows you to reduce the number of brute force attempts.

    • Caleb Cushing says:

      oh, and more commonly sudo-ing in tmux/screen in a shared session.

    • Aaron Kili says:

      @Caleb

      I suppose you are sharing the same concern as @RTR, in case you are operating computers in security critical environments then you can leave this feature turned off, especially where there are strict security policies in place against such practices. But i believe it is useful on personal computers or home work stations.

  4. RTR says:

    What for? To make sure that nobody is going to be able to look over your shoulder and lift your password? There are far simpler ways of thwarting this particular attack vector. This is an idea that looked virtuous originally, that was never that great, that probably creates more issues than it solves, and that should be ditched, once and for all.

    • Aaron Kili says:

      @RTR

      Good concern, but i believe as long as the password is not seen, there should really be some kind of visual feedback for a user to know the length of a password they have typed, particularly for long passwords.

      However, if you are working in security critical environments then you can disable this feature, especially where there are strict security policies in place against such practices.

  5. reza says:

    it works on my mac too. thanks

  6. Stuart Smith says:

    Use nano much? “Ctrl+x” and “Ctrl + y” does not save a file with nano. “Ctrl+x” then “y” followed by “ENTER” does.

Got something to say? Join the discussion.

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.