How do I open an incognito bash session?

Question

Is it possible to open an incognito session in bash?

For example, when we need to enter passwords in commands and don't want bash to add them to history.

cat | bash will run a non-interactive bash without prompt, command-line editing (just the line discipline's internal editor) or history. — Stéphane Chazelas, Oct 02 '14 at 20:47
Write a space in front of your command: ' secretcommand'. Now secrectcommand will not be in bash history. — Martin Thoma, Oct 09 '14 at 20:34

score 87 · Accepted Answer · edited Oct 02 '14 at 23:02

87

When you want bash to stop logging your commands, just unset the HISTFILE variable:

HISTFILE=

All further commands should then no longer be logged to .bash_history.

On the other hand, if you are actually supplying passwords as arguments to commands, you're already doing something wrong. .bash_history is not world-readable and therefore not the biggest threat in this situation:

ps and /proc are the big problem. All users on the system can see the commands you're currently running with all of their arguments. Passing passwords as command line arguments is therefore inherently insecure. Use environment variables or config files (that you have chmodded 600) to securely supply passwords.

edited Oct 02 '14 at 23:02

Kevin

40,767

answered Oct 02 '14 at 20:13

Martin von Wittich

14,187

5

I've been using Linux 10+ years and never thought to do this +1 – eyoung100 Oct 02 '14 at 20:21
4

unset HISTFILE has a similar effect. I have a function for this: n() { HISTFILE=; PS1="~${PS1#\~}"; }. That way I can clearly see whether I am in "incognito mode" or not. – Lekensteyn Oct 03 '14 at 17:05
14

+1 for addressing the real problem rather than merely answering the question. An additional option for passing around credentials are Unix domain sockets. – Nathan Osman Oct 04 '14 at 21:15
2

Another useful tip would be to put a space before i.e. " HISTFILE=". any command with space before does not gets logged. – FUD Nov 14 '17 at 08:22
Another cool thing about this is that even previous commands on that window are also ignores. It is like turning existing session to incognito :p – Uzumaki D. Ichigo Mar 23 '18 at 07:49
@FUD that with thespace is really cool. Regarding passwords in the shell, what are you supposed to do when something expects a token, password or other kinda secret in a command? although those usually only run for a short time to set themselves up or whatever so PS isnt a huge issue – My1 Jan 12 '23 at 00:00

score 40 · Answer 2 · edited Apr 13 '17 at 12:36

40

HISTCONTROL=ignorespace

If this option is not already set for bash, it may be just what you need. It is less debilitating than disabling all history. With that set, any commandline starting with a space character will not be saved to the history list.

From these related links:

Why does bash have a HISTCONTROL=ignorespace option?

Why is bash not storing commands that start with spaces?

edited Apr 13 '17 at 12:36

Community

1

answered Oct 02 '14 at 20:39

Timothy Martin

8,595

6

Note this is often the default. – Ángel Oct 03 '14 at 08:49

score 5 · Answer 3 · answered Jun 21 '15 at 06:35

You can temporarily disable history: set +o history

set +o history
...
set -o history

There is a difference between disabling history and unsetting HISTFILE:

HISTFILE=
date
ls
HISTFILE=~/.bash_history
history

outputs something like this:

84  HISTFILE=
85  date
87  ls
88  HISTFILE=~/.bash_history
89  history

i.e. all commands are saved in the history list. Type exit to save it.
But

set +o history
date
ls
set -o history
history

outputs something like this:

115  set +o history
116  history

Summary:
set +o history for long sessions.
HISTCONTROL and <space>command at other time.

How do I open an incognito bash session?

3 Answers3

Linked