Prevent passwords from being recorded when ssh session recording is enabled
To ensure that passwords are not recorded when ssh session recording feature is enabled on the ssh gateway server, simply set the ssh session recording to Output only which means only STDOUT is recorded. This would record only what is displayed on the users screen or terminal which is the STDOUT, so the user input when he runs a command on the ssh session and the output of the command executed is recorded. This is a must for meeting security compliance like PCI DSS, HIPPA, SOC, SOC2, FFIEC, NERC, NIST, CIP, ISO 27001.
Navigate to Settings->General->SSH Session Logging to select ssh session recording mode.
Output - Refer to the STDOUT file descriptor in linux. In this mode, what you see on your screen is recorded.
Input- Refers to the STDIN file descriptor in linux. In this mode,only what you type on the keyboard is recorded, hence when you set a password which is not visible in your monitor gets recorded. Avoid this mode of recording if you DO NOT want the passwords to be recorded.
Both- In this mode both, the STDIN and STDOUT is recorded.