Keeping Passwords Out of Viewable History

By: ab

March 9, 2006 1:20 pm






In major *nix distributions (Linux, Unix, and Mac X+), previous commands are kept in the history for a period of time. This is a very helpful feature to speed up repeated tasks and to look back and see what has been done in case a step of a procedure was missed.

However, some users may find that if they look through their history (`history` command), they have passwords entered at the command line, displayed for the world to see. These will be there if the user typed a password into the prompt as part of a regular command (as opposed to when prompted by the system for a password that would not show up at the prompt).


In bash there is a variable named ‘HISTCONTROL’ that is set by the shell when it is loaded. To see the value of HISTCONTROL, use the following command:


If this value is set to either ‘ignoreboth’ or ‘ignorespace’ then it tells bash not to remember commands that start with a space. (‘ignoreboth’ has other functionality, but ‘ignorespace’ is included in that, along with ‘ignoredups’). To use this functionality, just put a space before the command you want to omit from the history. Going back through the history with Ctrl+R, the up arrow, or the ‘history’ command, should not show the most-recent command that was meant to be hidden.

Note that if you are going to reuse a command multiple times it may be a better option to type ‘history -c’ after running the commands so you can reuse the previous commands in the meantime. This clears the entire history list.

0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this post.

Categories: Technical Solutions

Disclaimer: As with everything else in the SUSE Blog, this content is definitely not supported by SUSE (so don't even think of calling Support if you try something and it blows up).  It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.