SSH Username is considered sensitive?

Why is the data type for the username of the ssh plugin considered sensitive with a type of credential_secret_key? I wouldn’t think a username would need to be obfuscated.

Hey @brandon_mcclure, thanks for calling this out. I would agree, I think we tipped the balance here on the “security vs practicality” scale. We can get this updated so it’s easer to keep track of the username.

Let us know if you have any other issues with the SSH plugin. It’s an older plugin so we would love to hear additional things if you have feedback.

Thanks and I will do.

Hey @brandon_mcclure, we pushed a fix out based on your feedback. https://extensions.rapid7.com/extension/ssh/v3.0.0

Thanks

1 Like

I think a line was missed in the connection
Got an Error when recreating the Connection

connecting rapid7/SSH:3.0.0. Step name: run connecting via password 'str' object has no attribute 'get' Traceback (most recent call last): File "/usr/local/lib/python3.6/site-packages/komand-1.0.1-py3.6.egg/komand/plugin.py", line 307, in handle_step output = self.start_step(input_message['body'], 'action', logger, log_stream, is_test, is_debug) File "/usr/local/lib/python3.6/site-packages/komand-1.0.1-py3.6.egg/komand/plugin.py", line 417, in start_step output = func() File "/usr/local/lib/python3.6/site-packages/ssh_rapid7_plugin-3.0.0-py3.6.egg/komand_ssh/connection/connection.py", line 60, in test client = self.client(self.host) File "/usr/local/lib/python3.6/site-packages/ssh_rapid7_plugin-3.0.0-py3.6.egg/komand_ssh/connection/connection.py", line 53, in client return self.connect_password(self.parameters) File "/usr/local/lib/python3.6/site-packages/ssh_rapid7_plugin-3.0.0-py3.6.egg/komand_ssh/connection/connection.py", line 42, in connect_password params.get('username').get('secretKey'), AttributeError: 'str' object has no attribute 'get'

Hey @brandon_mcclure, sorry about that, we shouldn’t have released a broken plugin. We’re investigating how that happened. In the meantime, we pushed a fix available at https://extensions.rapid7.com/extension/ssh/v3.0.1

:+1: That fixed it