Gallopsled · peace-maker · Apr 29, 2026 · Mar 23, 2026 · Mar 23, 2026 · Apr 15, 2026
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -129,6 +129,7 @@ The table below shows which release corresponds to each branch, and what date th
 - [#2689][2689] Refactor zsh completion script and deprecate `-e` in `pwn asm`
 - [#2713][2713] Remove python-dateutil dependency
 - [#2720][2720] ssh: resolve PermissionError on Windows during SFTP upload
+- [#2702][2702] ssh: Don't cache username in ssh checksec output
 
 [2675]: https://github.com/Gallopsled/pwntools/pull/2675
 [2652]: https://github.com/Gallopsled/pwntools/pull/2652
@@ -183,6 +184,7 @@ The table below shows which release corresponds to each branch, and what date th
 [2689]: https://github.com/Gallopsled/pwntools/pull/2689
 [2713]: https://github.com/Gallopsled/pwntools/pull/2713
 [2720]: https://github.com/Gallopsled/pwntools/pull/2720
+[2702]: https://github.com/Gallopsled/pwntools/pull/2702
 
 ## 4.15.1
 

diff --git a/pwnlib/tubes/ssh.py b/pwnlib/tubes/ssh.py
@@ -775,6 +775,8 @@ def __init__(self, user=None, host=None, port=22, password=None, key=None,
             self.transport = self.client.get_transport()
             self.transport.use_compression(True)
 
+            self.fingerprint = self.transport.get_remote_server_key().get_fingerprint().hex()
+
             atexit.register(self.close)
             h.success()
 
@@ -1472,7 +1474,7 @@ def _download_to_cache(self, remote, p, fingerprint=True):
         if fingerprint is None:
             local = os.path.normpath(remote)
             local = os.path.basename(local)
-            local += time.strftime('-%Y-%m-%d-%H:%M:%S')
+            local += time.strftime('-%Y-%m-%d-%H%M%S')
             local = os.path.join(self._cachedir, local)
 
             self._download_raw(remote, local, p)
@@ -2186,7 +2188,7 @@ def ibt(self):
         return self._ibt
 
     def _checksec_cache(self, value=None):
-        path = self._get_cachefile('%s-%s' % (self.host, self.port))
+        path = self._get_cachefile('%s-%s-%s' % (self.host, self.port, self.fingerprint))
 
         if value is not None:
             with open(path, 'w+') as f:
@@ -2204,16 +2206,18 @@ def checksec(self, banner=True):
             banner(bool): Whether to print the path to the ELF binary.
         """
         cached = self._checksec_cache()
+        checksec_header = "%s@%s:" % (self.user, self.host)
+
         if cached:
-            return cached
+            return '\n'.join((checksec_header, cached))
+
 
         red    = text.red
         green  = text.green
         yellow = text.yellow
 
         res = [
-            "%s@%s:" % (self.user, self.host),
-            "Distro".ljust(10) + ' '.join(self.distro),
+            "Distro:".ljust(10) + ' '.join(self.distro),
             "OS:".ljust(10) + self.os,
             "Arch:".ljust(10) + self.arch,
             "Version:".ljust(10) + '.'.join(map(str, self.version)),
@@ -2237,4 +2241,5 @@ def checksec(self, banner=True):
 
         cached = '\n'.join(res)
         self._checksec_cache(cached)
-        return cached
+
+        return '\n'.join((checksec_header, cached))