Delete entered password in hidden password prompt (Linux) with shortcut

106

24

Is there a way to delete all characters that I entered in a hidden password prompt in Linux? For example, when I SSH to a server, it asks for my password where the entered keys are not shown:

$ ssh root@somehost
root@somehost's password:

Is there a way to delete all my entered text without having to press backspace for an unknown amount of time? When I think I entered something wrong I want to start over and pressing backspace for a few seconds is annoying. I tried Esc, CtrlA to hopefully select the whole text and Home. CtrlC cancels the whole command and I have to send the command again to retry. This is almost the best and fastest solution but still not satisfying. Insert does not work in my shell either.

bugybunny

Posted 2017-11-01T14:05:29.010

Reputation: 1 202

7Regarding Ctrl+A, in the terminal this usually means "go to start of line". The set of keys used in the terminal (especially bash) is often closer to Emacs than to Windows. – Score_Under – 2017-11-01T14:20:07.607

18Sshing as root is generally considered a very very bad practice. – Sam – 2017-11-01T15:18:18.553

To delete characters from the screen, you will need to use cursor control sequences (if your terminal supports them). By running ssh from a script, you can analyse the parameter string before you run it. – AFH – 2017-11-01T15:25:05.070

4Please pay attention to what @Sam told. You should disable root logins everywhere. Log in as a regular user with a complicated password and then su to become root. The next step is to disable password-based authentication schemes in SSH and use keys for login. – kostix – 2017-11-02T08:29:32.367

@kostix I'm pretty sure disabling passwords should be the first step. If you are using passwords, then with su and disabled root, it's just a matter of entering the password which the attacker already guessed a second time after login, so you only gain something if the user name is hard to guess (which it often isn't, I assume without having statistics). And without password login it adds a second secret, the password, but this is worth less than the private key which is a longer secret. – Nobody – 2017-11-03T17:17:04.470

@Sam I remember I had an installation once where I bypassed my router and enabled root access via ssh with a dictionary password. Within a couple weeks, someone online had hijacked my PC. You live, you learn... – sig_seg_v – 2017-11-04T00:38:55.307

@Sam: Not with public key authentication (and passwords disabled). – user541686 – 2017-11-04T19:37:46.763

Answers

163

You can delete the entire typed password with Ctrl+U.

Ipor Sircer

Posted 2017-11-01T14:05:29.010

Reputation: 3 578

6This also works in the regular terminal prompt too! – MoonRunestar – 2017-11-01T16:16:34.753

35

For reference, this is the default key-binding in readline's "emacs mode" for unix-line-discard, described as "Kill backward from the cursor to the beginning of the current line." Ref: https://cnswww.cns.cwru.edu/php/chet/readline/rluserman.html#SEC17 GNU readline is the input library used by most shells and many other interactive programs (but is not built into the tty, so this won't work everywhere).

– IMSoP – 2017-11-01T16:35:25.927

22@IMSoP However, Ctrl-U itself is built into the tty (as the default character for the stty kill function), which is why it works with the ssh password prompt. – Random832 – 2017-11-01T23:53:36.103

5BTW, Ctrl+K is the equivalent for deleting from the cursor to the end of the line. – wjandrea – 2017-11-02T03:40:57.660

A minor note is that some GUI programs also try to play nicely with us the old farts and implement support for C-u in their prompts. As one example, the i3lock program allows hitting C-u to zap the invalid input. – kostix – 2017-11-02T08:27:18.227

@Random832 Well, you learn something every day. Thanks! – IMSoP – 2017-11-02T09:26:04.560

@IMSoP: I wrote an answer to explain more about why this works, and how it's different from line-editing with readline in bash. – Peter Cordes – 2017-11-02T16:26:53.103

1@wjandrea: ctrl+k is readline/emacs only, not something you can do on a POSIX tty in canonical mode. – Peter Cordes – 2017-11-02T16:27:21.193

1Warning: This will only clear everything if your cursor is at the end of what you typed, otherwise incomplete deletes may occur! (For instance because you wanted to change the first character, and then decided to clear everything). – Dennis Jaheruddin – 2017-11-03T12:21:31.163

2@DennisJaheruddin: That's not possible, ssh doesn't use readline to provide line-editing. See my answer. – Peter Cordes – 2017-11-05T13:45:59.017

14

Unlike bash, ssh's password prompt doesn't use any special terminal-input library like readline. The line-editing features are just the baseline POSIX TTY line-editing features.

So you have a POSIX TTY in "cooked" mode (not raw), aka canonical mode, and the only line editing that's available is what's provided by the kernel. See stty(1), and notice that
kill = ^U. This is also where the backspace character is defined (erase = ^?). Word-erase (^W) is convenient when you're not typing blind.

lnext = ^V means you can type control-v then anything (including control-c) to get a literal control-c.

To debug what you were trying to do blindly, run cat or cat > /dev/null in your terminal. Type stuff, then see what works and what doesn't to edit it.

readline (used by bash) reads raw character and does the line-editing in user-space. Its default bindings are compatible with the default TTY control characters, though, for the subset of editing features that they both provide.

readline goes way beyond the simple line editing of a plain TTY. (e.g. a TTY can only delete characters at the end of the line, so there's no ^a and delete or left/right arrow)

When bash runs a command in the foreground, it puts the TTY into canonical mode first (because that's the default). So running stty -a (with no redirection) will always see its own terminal in canonical mode. But if you redirect input from some other TTY that has bash running on it, you can see what terminal settings bash + readline applied. e.g. stty -a < /dev/pts/12 shows -icanon for raw mode because I have a bash running on that terminal. (I switched to another tab and ran tty, then used that device file path from the first terminal). If I ran cat in that other terminal, I'd see icanon for canonical mode.

Related: The TTY demystified

https://www.gnu.org/software/libc/manual/html_node/Canonical-or-Not.html

https://en.wikipedia.org/wiki/POSIX_terminal_interface

Peter Cordes

Posted 2017-11-01T14:05:29.010

Reputation: 3 141

You can actually just type 'stty' to see all the current settings. Using 'stty rows ##' or 'stty cols ##' will let you change on the Fly how many rows or columns the terminal window has available to it. Which is especially handy when you're working in a window in a window through something like VNC which doesn't necessarily catch how big your exterior window is properly. You can basically Define your active area to be smaller than the window it's in and then not have to scroll around. Allowing VI and other things to still work properly. It can also remap backspace and delete on the Fly. – Rowan Hawkins – 2017-11-02T14:18:56.450

@RowanHawkins: my last paragraph was poorly edited. Fixed now. I was trying to make the point that by redirecting from another tty, you can see the stty / ioctl settings that bash+readline itself has applied in raw mode. (And the fact that it's in raw mode at all, where most of the special characters don't apply) – Peter Cordes – 2017-11-02T14:26:25.740

Asked: 2017-11-01T14:05:29.010

Viewed: 6 587 times

Active: 2017-11-05T13:51:37.727