[CPANEL-21776] Mask passphrase when using cPanel to import SSH keys

Willfosho

Registered
Jun 18, 2018
3
0
1
Sydney
cPanel Access Level
DataCenter Provider
Hi Guys,

I'd consider this a bug in the new Git feature in cPanel72, but i guess it depends on your perspective! I guess you could also call it a feature?

When importing keys for a repo, the passpharse field is a text field instead of a password field. This isn't overly annoying in itself, unless you're super paranoid people are looking over your shoulder. However Chrome, and most other browsers, will try to be helpful and pre-fill that passphrase in the future. It's a bit of a security concern for any shared machines.

Is there a reason it wasn't set as a password field, or has it just been overlooked? This isn't the case when importing root ssh keys, for example.
 

cPanelMichael

Technical Support Community Manager
Staff member
Apr 11, 2011
47,910
2,233
363
cPanel Access Level
DataCenter Provider
Twitter
Hello @Willfosho,

I've opened internal case CPANEL-21776 to report that characters entered in the "Passphrase" field in "cPanel >> SSH Access >> Manage SSH Keys >> Import Key" are not masked, as this is contrary to the behavior observed "WHM >> Manage root's SSH Keys”. I'll monitor this case and update this thread with more information as it becomes available.

Thank you.