Is my password compromised because I forgot to hit Enter after ssh username?
Solution 1:
In short: yes.
# ssh 192.168.1.1 -l "myuser mypassword"
^C
# egrep "mypassword" /var/log/auth.log
Oct 19 14:33:58 host sshd[19787]: Invalid user myuser mypassword from 192.168.111.78
Oct 19 14:33:58 host sshd[19787]: Failed none for invalid user myuser mypassword from 192.168.111.78 port 53030 ssh2
Solution 2:
If i remember well, it is indeed registered in log if the log level is set to DEBUG or TRACE.
EDIT : It is confirmed, i tried to log into my server and found this in my logs.
Oct 19 14:34:24 sd-xxxx sshd[26563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=xxx-xxx-xxx-xxx.rev.numericable.fr
Oct 19 14:34:26 sd-xxxx sshd[26563]: Failed password for invalid user toto from xxx.xxx.xxx.xxx port 56685 ssh2
Note : IP's are hidden
Solution 3:
Or for both additional safety and convenience, you should really consider setting up SSH keys...
# ssh-keyget -t rsa (accept all defaults)
and you get...
~/.ssh/id_rsa ~/.ssh/id_rsa.pub
Side-Note: you can rename your key files if you add ~/.ssh/config with something like the following contents:
# cat ~/.ssh/config Host * IdentityFile ~/.ssh/ddopson_employer_id_rsa
Cat the contents of your public key (will be a single line):
# cat ~/.ssh/id_dsa.pub ssh-rsa AAAAB3NzaC1kc3MAAACBAOOVBqYHAMQ8J ... BbCGGaeBpcqlALYvA== ddopson@hostname
Now log into the target box and paste that line into ~/.ssh/authorized_keys.
Side-Note: the pubkey line ends in a human readable string like "ddopson@hostname". You can change this to be more descriptive of the key you are using (eg, if you have lots of keys). That string is NOT used as a part of authentication, and is only to describe the key to other human beings.
That's it. Now when you ssh to the host, you won't even be prompted for a password.
If you are worried about storing your private key (id_rsa), you can add a passphrase to the key itself (see ssh-keygen), protecting it from use by anyone who has access to your files. You can then use ssh-agent to decrypt the key and securely store it in memory so it can be used for multiple SSH connections.