I've just tried logging into a Fedora (release 13 Goddard) server using SSH (PuTTY, Windows). For some reason the Enter after typing my username didn't go through and I typed in my password and hit Enter again. I only realized my mistake when the server greeted me with a happy
myusername MYPASSWORD@server.example.com's password:
I broke off the connection at this point and changed my password on that machine (through a separate SSH connection).
... now my question is: Is such a failed login stored in plain text in any logfile? In other words, have I just forced my (now-outdated) password in front of the eyes of the remote admin the next time he scans his logs?
Update
Thanks for all the comments about the implied question "what to do to prevent this in the future". For quick, one-off connections I'll use this PuTTY feature now:
to replace the where-was-it-again "auto-login username" option
I'll also start using ssh keys more often, as explained in the PuTTY docs.
In short: yes.
If i remember well, it is indeed registered in log if the log level is set to DEBUG or TRACE.
EDIT : It is confirmed, i tried to log into my server and found this in my logs.
Note : IP's are hidden
Or for both additional safety and convenience, you should really consider setting up SSH keys...
and you get...
Side-Note: you can rename your key files if you add ~/.ssh/config with something like the following contents:
Cat the contents of your public key (will be a single line):
Now log into the target box and paste that line into ~/.ssh/authorized_keys.
Side-Note: the pubkey line ends in a human readable string like "ddopson@hostname". You can change this to be more descriptive of the key you are using (eg, if you have lots of keys). That string is NOT used as a part of authentication, and is only to describe the key to other human beings.
That's it. Now when you ssh to the host, you won't even be prompted for a password.
If you are worried about storing your private key (id_rsa), you can add a passphrase to the key itself (see ssh-keygen), protecting it from use by anyone who has access to your files. You can then use ssh-agent to decrypt the key and securely store it in memory so it can be used for multiple SSH connections.
The password was encrypted when transmitted. Yes, it's possible that your password was compromised because it was printed in the log on the destination server. However, I would also say that every time you enter your password on your computer it may be compromised since there may be spyware software on your computer or a keylogger attached to your computer.
If you are the only administrator of that system and you believe that that system has not been compromised then you can with relative certainty assume that your password has not been compromised just as you normally assume that there's no spyware on your computer because you haven't witnessed anything suspicious. You can edit the log on that server and remove the reference to your password.
This incident is one reason why using SSH keys instead of passwords is better. Then, even if somebody gets the password you enter on your computer to decrypt the private key on your computer they still won't be able to access the remote server; they need the private key file itself as well. Security is all about layers. Nothing is perfect, but if you add enough layers then it's difficult enough that the attacker will just move on or you'll catch them because it takes more time.
I wouldn't do the above if your password protects very sensitive information or critical resources. It depends on how sensitive your password is.