1 |
On Thursday, 14 July 2022 10:04:21 CEST Mickaël Bucas wrote: |
2 |
> Le jeu. 14 juil. 2022 à 08:35, J. Roeleveld <joost@××××××××.org> a écrit : |
3 |
> > Hi All, |
4 |
> > |
5 |
> > I am looking for a way to login to a host and automatically change to root |
6 |
> > using a password provided by an external program. |
7 |
> > |
8 |
> > The root passwords are stored in a vault and I can get passwords out using |
9 |
> > a script after authenticating. |
10 |
> > |
11 |
> > Currently, I need to do a lot of the steps manually: |
12 |
> > ssh <user>@<host> |
13 |
> > su - |
14 |
> > (copy/paste password from vault) |
15 |
> |
16 |
> Why not use directly ssh root@<host> ? |
17 |
> With an SSH key protected by a passphrase that would be a single step |
18 |
> to connect. |
19 |
> You would have a passphrase to manage but you already are using a tool for |
20 |
> that. If you accept the risks, you could also use an SSH key without a |
21 |
> passphrase. |
22 |
> |
23 |
> sshd on the host must be configured with |
24 |
> PermitRootLogin=prohibit-password at minimum, which is the default |
25 |
> value. |
26 |
|
27 |
For security reasons, I do not want direct login to root under any |
28 |
circumstances. This is disabled on all systems and will stay this way. |
29 |
|
30 |
Currently, to login as root, you need to know: |
31 |
- admin user account name |
32 |
- admin user account password |
33 |
- root user account password |
34 |
|
35 |
I do not want to reduce this to a single ssh-key-passphrase. |
36 |
|
37 |
-- |
38 |
Joost |