SSHm, the shameless bash ssh manager

finferflu · 2008-12-25 20:15:33

EDIT:
Oops, I found a little glitch. If you had already downloaded the sshm script, please re-download it.

---------------

So I was looking for a flexible ssh manager that would allow me to also store passwords, but couldn't find any. I perfectly know that storing passwords is a BAD BAD practice, and that I should always rely on RSA keys, but there may be instances where a password is needed as last resort.

Thus I tried to create a relatively secure method to store passwords, namely encrypting them through a hash key generated by a password. In short, a password to rule them all.

My ssh manager also allows listing and editing of registered servers:

     Usage: sshm [options] [serverID]
       or: sshm [serverID]
 
    -a [serverID]     Register new server
    -d [serverID]    Delete registered server
    -e [serverID]    Edit registered server
    -l [serverID]    List all or specified registered servers
    -s [serverID]     List (short form) all or specified registered server IDs
    -L [serverID]   List all or specified servers including passwords (careful there)
    -p         Change current encryption password
    -h        Show this help

So even if you don't plan to store your passwords there (and you are encouraged to do so) you can still use it as a classic ssh manager (again, you are encouraged to do so).
Please notice that in order to use all of its features you will need to install expect and openssl (this is only needed for password storage, so if you follow the advice, you won't need them).

All in all, putting this together has been a good challenge and great fun for me, since I'm not a coder. If you want to have a look at the code, please do so, and I will very much welcome your feedback, either positive or negative.

Grab the files here:
- sshm (the main script)
- sshlogin.exp (the expect script to get connected through stored passwords).

Hope you like it

Dieter@be · 2008-12-25 21:51:45

Can you explain what you mean with "listing/editing" registered servers? Do you mean managing host keys [ of certain servers] or just hostname-password pairs?
edit: I just googled a bit for 'ssh manager' , it seems to be about hostnames, and their associated options like username, port etc.

Also, I think there are some commonly accepted "keyring tools" which basically use one master password to unlock several other passwords, and you should be able to query them programatically (although I'm not 100% sure of that) . eg gnome-keyring, kwallet ,...

Last edited by Dieter@be (2008-12-25 21:55:56)

finferflu · 2008-12-25 22:00:04

Dieter@be wrote:

Can you explain what you mean with "listing/editing" registered servers? Do you mean managing host keys [ of certain servers] or just hostname-password pairs?

Not the host keys (I wouln't know how to do it at this time, but it might be a good idea). You can "register" a server in the sense that you can associate a name to an IP, user, port and password. So you can list those details and edit them.

Also, I think there are some commonly accepted "keyring tools" which basically use one master password to unlock several other passwords, and you should be able to query them programatically (although I'm not 100% sure of that) . eg gnome-keyring, kwallet ,...

I know abot gnome-keyring, but I would rather use a keyring to store this one encryption password. I think it's easier to manage.

Thanks for your feedback

Dieter@be · 2008-12-25 22:02:29

Hmm if dns is not enough to associate a host name to an ip, i would use /etc/hosts. If you want to customize the ip for ssh, you probably want to customize it for all network services.

finferflu · 2008-12-25 22:11:13

What do you mean? This isn't about hostnames only. There are other variables too, username and port (and password for those who care). So I can connect by using:

sshm serverid

Dieter@be · 2008-12-25 22:16:47

Yes I understand that storing properties such as username, port etc are very handy.
However, in your 2nd post you say:

You can "register" a server in the sense that you can associate a name to an IP

I think that coupling hostnames to IP addresses should not be done in an ssh manager. It should be done by a correctly configured dns. If the answer you get from your dns server is incorrect or not to be trusted, you can override the dns mappings (hostname to ip) in /etc/hosts. This way, any network operations such as ping, telnet, http,... benefit from the overridden dns entry in /etc/hosts, not just ssh

finferflu · 2008-12-25 22:23:16

Sure, but I'm not even attempting to create an hostname-like feature, even though it resembles it.

Even if I could use a hostname (which I can, apart from those machines for which you need to store the password - the expect script doesn't work with hostnames), I would still need to associate an ID to it.

But what you suggest could surely be a convenient add-on to this. I might consider adding it

Arch Linux

#1 2008-12-25 20:15:33

SSHm, the shameless bash ssh manager

#2 2008-12-25 21:51:45

Re: SSHm, the shameless bash ssh manager

#3 2008-12-25 22:00:04

Re: SSHm, the shameless bash ssh manager

#4 2008-12-25 22:02:29

Re: SSHm, the shameless bash ssh manager

#5 2008-12-25 22:11:13

Re: SSHm, the shameless bash ssh manager

#6 2008-12-25 22:16:47

Re: SSHm, the shameless bash ssh manager

#7 2008-12-25 22:23:16

Re: SSHm, the shameless bash ssh manager

Board footer