bugfixes:
  - user module - do not pass ssh_key_passphrase on cmdline (CVE-2018-16837)