NetworkManager-ssh calls sshpass with the -p swich exposing the password via /proc. Verified using systemtap. Man sshpass reads: The -p option should be considered the least secure of all of sshpass's options. The sshpass itself was packaged primarily for QA purposes with no security impact.
(In reply to Martin Cermak from comment #0) > NetworkManager-ssh calls sshpass with the -p swich exposing the password via > /proc. Verified using systemtap. Man sshpass reads: The -p option should be > considered the least secure of all of sshpass's options. The sshpass itself > was packaged primarily for QA purposes with no security impact. Martin, thanks for that. I already had a bug for that upstream: https://github.com/danfruehauf/NetworkManager-ssh/issues/27 I just have to get to it (hopefully soon).
NetworkManager-ssh-0.9.2-0.2.20140209git46247c2.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/NetworkManager-ssh-0.9.2-0.2.20140209git46247c2.fc20
Package NetworkManager-ssh-0.9.2-0.2.20140209git46247c2.fc20: * should fix your issue, * was pushed to the Fedora 20 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing NetworkManager-ssh-0.9.2-0.2.20140209git46247c2.fc20' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-2221/NetworkManager-ssh-0.9.2-0.2.20140209git46247c2.fc20 then log in and leave karma (feedback).
NetworkManager-ssh-0.9.2-0.2.20140209git46247c2.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.