Keeping Passwords Out of Viewable History



In major *nix distributions (Linux, Unix, and Mac X+), previous commands are kept in the history for a period of time. This is a very helpful feature to speed up repeated tasks and to look back and see what has been done in case a step of a procedure was missed.

However, some users may find that if they look through their history (`history` command), they have passwords entered at the command line, displayed for the world to see. These will be there if the user typed a password into the prompt as part of a regular command (as opposed to when prompted by the system for a password that would not show up at the prompt).


In bash there is a variable named ‘HISTCONTROL’ that is set by the shell when it is loaded. To see the value of HISTCONTROL, use the following command:


If this value is set to either ‘ignoreboth’ or ‘ignorespace’ then it tells bash not to remember commands that start with a space. (‘ignoreboth’ has other functionality, but ‘ignorespace’ is included in that, along with ‘ignoredups’). To use this functionality, just put a space before the command you want to omit from the history. Going back through the history with Ctrl+R, the up arrow, or the ‘history’ command, should not show the most-recent command that was meant to be hidden.

Note that if you are going to reuse a command multiple times it may be a better option to type ‘history -c’ after running the commands so you can reuse the previous commands in the meantime. This clears the entire history list.

(Visited 1 times, 1 visits today)

Leave a Reply

Your email address will not be published. Required fields are marked *

No comments yet