SSH Password

ID

ssh_password

Severity

high

Vendor

-

Family

Generic secret

Description

The SSH protocol (also referred to as Secure Shell) is a method for secure remote login from one computer to another. It provides several alternative options for strong authentication, and it protects the communications security and integrity with strong encryption.

Security

This detector looks for ssh password, typically in a command line, using a username separated by a @ from a host.

Accidentally checking-in the password to source control repositories could compromise your credentials.

Examples

sshpass -p 'p@assworD' ssh baduser@$domain.com

Mitigation / Fix

  1. Remove the credentials from the source code or committed configuration file.

  2. If under a git repository, you may remove unwanted files from the repository history using tools like git filter-repo or BFG Repo-Cleaner. You may follow the procedure listed here for GitHub.

You should consider any sensitive data in commits with secrets as compromised.

Remember that secrets may be removed from history in your projects, but not in other users' cloned or forked repositories.

Reference

https://tools.ietf.org/html/rfc4251