Good ssh manager with password storage?

finferflu · 2008-09-05 18:47:02

Given the fact that I have to daily log in and off several machines, I am looking for a handy ssh manager that allows me to store passwords. It is useless for me to save some work of looking up IPs if I then have to go and look up passwords.
I have no option of using auth keys, so the most straight forward way is that of storing passwords in some way.

Do you know of any app or good way to do this?

Thanks!

Daenyth · 2008-09-05 19:14:08

I think ssh-agent can do this, but I am not sure.

finferflu · 2008-09-05 19:16:16

I think ssh-agent has more to do with RSA/DSA keys, but I cannot afford adding those keys on the remote servers.

tam1138 · 2008-09-05 19:25:54

Please be more specific about what you are trying to do. You need to ssh from your (single) machine to multiple other machines, and you're tired of typing your password in each time you ssh? If this is the case, keys and ssh-agent is the correct answer, and if you believe you "cannot afford adding those keys on the remote servers" you probably need to learn a bit more about how public-key cryptography works. In a nutshell, the public key can be littered about anywhere, anyone can know it, and disseminating it only allows the holder of the private key more privileges. Obviously, you need to be careful with the private key, but that's not a huge deal under most circumstances.

finferflu · 2008-09-05 19:31:47

Sorry about that.
I meant that, to my knowledge, in order to authorise my key on the server I will need to edit the authorized_keys file, which I cannot do.

Daenyth · 2008-09-05 19:49:22

But the authorized_keys file is in your home directory... Are you sure you can't edit it?

finferflu · 2008-09-05 19:52:35

Well, this is what I usually do, and the file is server side, rather than client side.

tam1138 · 2008-09-05 20:20:12

I'm confused. Which of these commands will fail:

client$ ssh-keygen -t rsa
server$ mkdir ~/.ssh
client$ scp ~/.ssh/id_rsa.pub server:.ssh/authorized_keys

finferflu · 2008-09-05 20:25:27

It's not that they would fail, it's that I don't want to touch the authorized_keys file. Sorry if I didn't make it clear enough.
In short, I want to operate client-side only.

.:B:. · 2008-09-05 21:07:15

You don't. See, that's the whole point of security: double checks. When the server confirms you are who you pretend to be, you get in. SSH, when keys are mandatory, needs to have the key in the authorised keys file, if not, you're not getting in.

Why don't you want to touch the keys file?

finferflu · 2008-09-05 21:10:45

Because those servers are not mine, and I don't want to interfere with their settings.

tam1138 · 2008-09-05 21:30:19

You don't have your own user account and home directory on these servers?

Last edited by tam1138 (2008-09-05 21:31:18)

finferflu · 2008-09-05 21:32:43

No I don't, I operate only as sysadmin.

tam1138 · 2008-09-05 22:00:20

That's bullshit, that is. Please tell me you don't ssh as root.

.:B:. · 2008-09-05 22:30:29

finferflu wrote:

Because those servers are not mine, and I don't want to interfere with their settings.

If they're not yours but you have legal access to them, request the system administrator to add your keys to the trusted pool. If you have sufficient rights just do it yourself.

And if they allow root login, ask them to disable it .

Last edited by B (2008-09-05 22:31:49)

finferflu · 2008-09-05 22:47:03

That's how it works over there. I could add those keys myself, but I would prefer not to touch anything server-side. On a side note, why would I request something for which I have no legal access?

.:B:. · 2008-09-05 22:51:07

You don't sound like the guy who'd do something like that (and you're a forum mod after all ) but you never know with people.

I just don't get why you're so up tight (nofi) about not modifying files. Look at it like this: a regular SSH connection is less secure than one with SSH keys, so you have a tradeoff: you change a tiny bit on the server, but you gain security .

tam1138 · 2008-09-05 22:58:13

Seriously. I consider password authentication via the network to be unacceptable for my machines. Not only that, but it's easier to revoke access to a particular user by nuking their key instead of having to notify everybody else with access to that account of a new password.

Orthogonal to that, sharing accounts is Bad in the first place. Everybody should have a separate account and use sudo, which provides way better support for auditing than the free-for-all that seems to be in place now.

finferflu · 2008-09-05 23:05:51

For now I have to stick to what is already there, so there's no point in discussing whether it's good or bad.

My topic question is whether there is a client that supports password storage, but as I understand there seems to be none, as it seems to be a bad security practice.

Thanks for your informative replies anyway

tam1138 · 2008-09-05 23:29:23

Yeah, sorry, I know of no such software (which does not remotely imply it does not exist). Sorry also for being perhaps overly enthusiastic; I know what it's like to be stuck in lame situations, unable to substantively improve them.

.:B:. · 2008-09-06 00:33:05

SSH agent can cache the keys, but not automatically (believe me, I tried). Once you cache them they stay stored for as long as you're logged in to the client though.

[stijn@hermes ~]$ ssh-add -l
2048 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx /home/stijn/.ssh/id_rsa-amalthea (RSA)
2048 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx /home/stijn/.ssh/id_rsa-zeus (RSA)

This is how I have the ssh-agent starting up with my session (I use Openbox):

This goes in your ~/.bashrc:

SSHAGENT=/usr/bin/ssh-agent
SSHAGENTARGS="-s"
if [ -z "$SSH_AUTH_SOCK" -a -x "$SSHAGENT" ]; then
  eval `$SSHAGENT $SSHAGENTARGS`
  trap "kill $SSH_AGENT_PID" 0
fi

This goes in your ~/.logout file (necessary to kill the ssh-agent instance):

if ( "$SSH_AGENT_PID" != "" ); then 
  eval `ssh-agent -k`
fi

Last edited by B (2008-09-06 00:39:52)

Arch Linux

#1 2008-09-05 18:47:02

Good ssh manager with password storage?

#2 2008-09-05 19:14:08

Re: Good ssh manager with password storage?

#3 2008-09-05 19:16:16

Re: Good ssh manager with password storage?

#4 2008-09-05 19:25:54

Re: Good ssh manager with password storage?

#5 2008-09-05 19:31:47

Re: Good ssh manager with password storage?

#6 2008-09-05 19:49:22

Re: Good ssh manager with password storage?

#7 2008-09-05 19:52:35

Re: Good ssh manager with password storage?

#8 2008-09-05 20:20:12

Re: Good ssh manager with password storage?

#9 2008-09-05 20:25:27

Re: Good ssh manager with password storage?

#10 2008-09-05 21:07:15

Re: Good ssh manager with password storage?

#11 2008-09-05 21:10:45

Re: Good ssh manager with password storage?

#12 2008-09-05 21:30:19

Re: Good ssh manager with password storage?

#13 2008-09-05 21:32:43

Re: Good ssh manager with password storage?

#14 2008-09-05 22:00:20

Re: Good ssh manager with password storage?

#15 2008-09-05 22:30:29

Re: Good ssh manager with password storage?

#16 2008-09-05 22:47:03

Re: Good ssh manager with password storage?

#17 2008-09-05 22:51:07

Re: Good ssh manager with password storage?

#18 2008-09-05 22:58:13

Re: Good ssh manager with password storage?

#19 2008-09-05 23:05:51

Re: Good ssh manager with password storage?

#20 2008-09-05 23:29:23

Re: Good ssh manager with password storage?

#21 2008-09-06 00:33:05

Re: Good ssh manager with password storage?

Board footer