bugfixes:
  - user: do not pass ssh_key_passphrase on cmdline (CVE-2018-16837)