Usability issue when forced to change password when logging in to a system

Nico Kadel-Garcia nkadel at
Sat Jan 24 13:46:11 AEDT 2015

On Fri, Jan 23, 2015 at 10:50 AM, Peter Stuge <peter at> wrote:
> John Olsson M wrote:
>> it looks like OpenSSH does not cache and copy the authentication password
> ..
>> So I am wondering if there is any reason for doing like this?
> Data hygiene is one.

Also, in my opinion as more of an admin than a developer, any bug in a
routine that stores psswords temporary in plain text is *begging* to
have a bug or get an unexpected modification that publishes the
passwords somewhere else.  Basically, never handle or store dangerous
information that you don't *have* to store.

More information about the openssh-unix-dev mailing list