Skip to content
This repository has been archived by the owner on Dec 21, 2022. It is now read-only.

Why there's no password management? #3

Closed
fjcaetano opened this issue May 21, 2013 · 9 comments
Closed

Why there's no password management? #3

fjcaetano opened this issue May 21, 2013 · 9 comments

Comments

@fjcaetano
Copy link

First of all, this tool is awesome! Thank you very much! It's a life saver.

But I couldn't help myself wondering why there's no password management. Remembering all passwords from different connections is a pain and I think it could help a lot if storm could store them.

I don't know if Windows and Linux have a password management program, but Mac has the Keychain where all passwords, certificates, etc are stored. You could use one of these tools to persist the user's passwords.

@dmuth
Copy link

dmuth commented May 21, 2013

You should really give ssh keys a try. Here's a primer: https://help.ubuntu.com/community/SSH/OpenSSH/Keys

Since that's long, I'll provide a TL;DR:

  • On the client
    • Run ssh-keygen
    • Copy the keyfile to $HOME/.ssh/id_rsa and $HOME/.ssh/id_rsa.pub
    • chmod 700 $HOME/.ssh
    • chmod 600 $HOME/.ssh/id_rsa.*
    • Copy the id_rsa.pub key to the server you want to log into
  • On the server:
    • Move that file to $HOME/.ssh/authorize
    • chmod 700 $HOME/.ssh
    • chmod 600 $HOME/.ssh/authorized_keys

From there, you can normally play around with ssh-agent and key several keys in memory. EXCEPT, with Storm, you don't need to do that. :-)

I know it's a little complicated, as I used to use passwords everywhere too. But it scales in the long run, goes great with automation (think deployments and backups), and is the standard with popular systems like AWS.

-- Doug

@fjcaetano
Copy link
Author

I know ssh keys are safer and better, but I have access to some servers that are no mine and my access was set with passwords, not keys, and I can't change it.

@emre
Copy link
Owner

emre commented May 21, 2013

First of all, this tool is awesome! Thank you very much! It's a life saver.

thank you, happy to hear it :)

But I couldn't help myself wondering why there's no password management. Remembering all passwords from different connections is a pain and I think it could help a lot if storm could store them.

storm uses basically standart sshconfig files, and there is no support built-in for automatic logins with password authentication in ssh.

I want to make storm simple so I don't want to get out of the scope of sshconfig files.

moreover, storing passwords is always tricky since it comes with a lot of security concerns. I can't imagine a good way to implement this into storm at this time. maybe, I'm just missing something :)

I use keys as @dmuth mentioned for like 15 servers and working good.

I know ssh keys are safer and better, but I have access to some servers that are no mine and my access was set with passwords, not keys, and I can't change it.

interesting case. normally, you should be able to set your key to your user's .authorized_keys if you can login.

@fjcaetano
Copy link
Author

moreover, storing passwords is always tricky since it comes with a lot of security concerns. I can't imagine a good way to implement this into storm at this time. maybe, I'm just missing something :)

Take a look at https://pypi.python.org/pypi/keyring and sshpass: http://sourceforge.net/projects/sshpass/

interesting case. normally, you should be able to set your key to your user's .authorized_keys if you can login.

I could do that to some servers, but there's one, specifically, where my user only has read access. I can't write/edit anything. All I can do is access the log files from webservices.

@emre
Copy link
Owner

emre commented May 21, 2013

okay, thanks for the links.

I keep this issue opened and see what I can do for next releases.

@Bengt
Copy link
Contributor

Bengt commented May 29, 2013

Using password managers of the operating system seems to be the proper way of storing passwords, storm would give up on being a manager for the ~/.ssh/config file, because it would store configuration for SSH in more than one place. Note that the .ssh/config has support for comments so, storm could use magic comments to store passwords directly in the config file. E.g. like this:

$ storm add bengt_Bengt-Laptop:22 bengt@Bengt-Laptop:22 --password topSecret
success  bengt_Bengt-Laptop:22 added to your ssh config. you can connect it by typing "ssh bengt_Bengt-Laptop:22".
$ cat ~/.ssh/config
Host bengt_Bengt-Laptop:22
    hostname Bengt-Laptop
    user bengt
    port 22
    #storm.password: topSecret
$

As with password managers of operating systems, storm would need to wrap around ssh and pass the passwords by interacting with it (e.g. by using sshpass). So either way, storm would need to give up on being a manager for the ssh config. In turn it is probably better to go with the proper solution and use the password managers of the operating system (e.g. using pipy/keyring).

@ldusan84
Copy link

ldusan84 commented Jun 5, 2013

This would be a great addition. I think the tool is great, but it's of little use when you have to type passwords every time.

@emre
Copy link
Owner

emre commented Jun 6, 2013

I have plans and ideas (including optional password management) for taking storm out from "ssh config wrapper" scope but that requires free time which I don't have nowadays.

@emre
Copy link
Owner

emre commented Jul 17, 2013

closed.

@emre emre closed this as completed Jul 17, 2013
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

5 participants