Hello! On my ProxMox server there are several Windows virtual machines that are encrypted with standard BitLocker tools. Every time I restart the server or any virtual machine, I need to enter the decryption password. In order not to connect to the virtual machine console via VNC/Spice every time, I use SSH and the command like "qm sendkey 100 p-a-s-s-ret" (where "100" is VM number and "p-a-s-s-ret" are sended keys to the VM) to send the decryption password to a specific virtual machine. Thus, my password is passed in cleartext in the command. In Linux like Ubuntu, all commands sent via SSH are written to the ".bash_history" file. After checking it, I did not see my command there, but there is a suspicion that the commands with my password may be written to some other bash_history file. Is it so? Or is ProxMox not recording commands sent to QEMU?
hi,
you could write this command into a script and execute that instead. that way the password won't show up in
no it's saved. sometimes you need to logout/login for bash to write the history file. have you tried that?
you could write this command into a script and execute that instead. that way the password won't show up in
.bash_history.
But it is clear text within the file...
I suggest that you do a read-variable for the password and use user interactive input to do that.
Then you fire your command by using the variable for the password.
Once completed you can just null / reset the variable and you won't see anything from the password itself in history.
yes, though OP seems more concerned about the bash history.
using a variable to read it is obviously better
If you don't want a command to be written to history just prepend a space " command" instead of "command"
Given that the password has been written to disk already it can be restored.
Every process on the machine can read the command line arguments anyway, passing a password via arguments is the main problem here.
Last edited: