satish-seshamani-imprivata opened a new issue, #588:
URL: https://github.com/apache/mina-sshd/issues/588

   ### Version
   
   2.12.1
   
   ### Bug description
   
   Recently migrated sshd-core,sshd-common, sshd-sftp and sshd-putty libraries 
from 2.6.0 to 2.12.1 . Since this update we started noticing scripts executed 
by the sshclient using org.apache.sshd.client.channel.ClientChannel logs all 
commands executed in the history logs. This is a security concern as some of 
our scripts includes updating user passwords which is now visible in plain 
text. We can disable this by first disabling history using "set +o history" or 
unset HISTFILE , but we did not have to do this with the 2.6x version. Is this 
a bug or is there a property we can set to disable history logging?
   
   ### Actual behavior
   
   All commands executed via  org.apache.sshd.client.channel.ClientChannel  is 
logged in bash history 
   
   ### Expected behavior
   
   history logging should be disabled for the clientsession
   
   ### Relevant log output
   
   _No response_
   
   ### Other information
   
   _No response_


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org

Reply via email to