note
samwyse
A couple of things... First, I think that the passwd command opens /dev/tty to make sure that no one has hijacked stdin/stdout/stderr. Second, the SSH protocol supports changing a password without using an external command. If you look at RFC 4252, the SSH_MSG_USERAUTH_REQUEST packet has an optional field to hold a new password. I found this node while looking to see if anyone's done this before; I'll be implementing it myself if I can't find anything.
524074
524074