1 |
Le jeu. 14 juil. 2022 à 08:35, J. Roeleveld <joost@××××××××.org> a écrit : |
2 |
> |
3 |
> Hi All, |
4 |
> |
5 |
> I am looking for a way to login to a host and automatically change to root |
6 |
> using a password provided by an external program. |
7 |
> |
8 |
> The root passwords are stored in a vault and I can get passwords out using a |
9 |
> script after authenticating. |
10 |
> |
11 |
> Currently, I need to do a lot of the steps manually: |
12 |
> ssh <user>@<host> |
13 |
> su - |
14 |
> (copy/paste password from vault) |
15 |
|
16 |
Why not use directly ssh root@<host> ? |
17 |
With an SSH key protected by a passphrase that would be a single step |
18 |
to connect. |
19 |
You would have a passphrase to manage but you already are using a tool for that. |
20 |
If you accept the risks, you could also use an SSH key without a passphrase. |
21 |
|
22 |
sshd on the host must be configured with |
23 |
PermitRootLogin=prohibit-password at minimum, which is the default |
24 |
value. |
25 |
|
26 |
> I would like to change this to: |
27 |
> <some-script> <host> |
28 |
> |
29 |
> Does anyone have any hints on how to achieve this without adding a "NOPASSWD" |
30 |
> entry into /etc/sudoers ? |
31 |
> |
32 |
> Thanks in advance, |
33 |
> |
34 |
> Joost |
35 |
|
36 |
Best regards |
37 |
|
38 |
Mickaël Bucas |