Simple question. How safe are passwords while using prompt? For example logging through SSH.
ssh user@server
and then you have question for password - of course hidden but... what's going "under hood"? It is stored somewhere?
Simple question. How safe are passwords while using prompt? For example logging through SSH.
ssh user@server
and then you have question for password - of course hidden but... what's going "under hood"? It is stored somewhere?
It depends:
I would generally say yes. SSH is a secure protocol. You can expect the major open source clients to focus on security (since the source is available, it's easily verifiable).
However, if your machine runs a malicious program that scans your memory in real time, or store your key presses (keylogger), then the answer is no.
The basic ssh protocol is:
Establish an encrypted connection between client and host (transport layer)
Supply password within the encrypted connection (user authentication layer)
Host checks pasword supplied (Terminate connection if wrong, after multiple tries)
Establish encrypted channel (connection layer)
Host discards password as it is no longer needed or used. (Password Not Stored)