0

I routinely login to many remote servers through SSH. I use a public/private SSH key to login without having to enter my password (https://linuxize.com/post/how-to-setup-passwordless-ssh-login/).

However, if I need to do some sudo operation in one of the remote servers, I need to remember my password. For security, I usually use distinct randomly generated passwords for each server, so having to find the correct password to copy/paste is a bit annoying.

Is there a better solution?

1
  • Yes, there's Ansible to routinely manage many remote servers. Commented Jun 21 at 10:07

2 Answers 2

4
  1. Change your sudo config to NOT require a password

  2. Disable password based ssh logins (optionally, except for a break-glass account) and break the rules about passwords (use the same, simple password)

  3. Use pam_ssh_agent_auth (the process for configuring for sudo is decribed in the man page). Note the effect of this is VERY similar to 1 with the exception of scripts run outside your session (e.g. via crond, atd etc).

  4. Use a privileged access management platform like CyberArk

1
  • Went for 1. Now I understand is simple and safe (I login with SSH keys).
    – a06e
    Commented Jun 23 at 14:50
2

Host specific passwords for interactive use is difficult for humans, and so is bad policy.

Start with an auth factor better than passwords. Your ssh keys are an obvious example for Linux or POSIX systems, there are others. Personal keys or certificates just for you, so your access can be traced. Use these on every host, such as with a central user directory.

For automated non-human users this single strong auth factor should be enough. Passwords and other people focused secondary auth factors are annoying to automate. They need to be provided plain-text without interaction, which defeats the purpose. Focus instead on improving the processes around automation, ensuring that only the approved scripts run, and not by a person.

For interactive use by a human, passwords still are not great, but may be an easy to implement other auth factor anyway. And so for a person, sudo rules for privileged access might use PASSWD. Use your centrally managed password, again possibly in a user directory.

Yes, you could have host specific passwords for your access, look them up in a secure password manager, and paste them in. But why. You could instead skip the password manager and type a long easy to remember passphrase you use everywhere. As XKCD 936 promised, I cannot forget "Correct horse battery staple" even if I tried.

In theory a password only used on a subset of hosts is less exposure when compromised, but losing any privileged credential is not good. How do you know an attacker has not used that to gain persistent access to your systems?

Separate accounts and passwords could be justified for security critical systems. For example, secret management systems, user directories, backup archival systems. A compromised credential in these could result in data exfiltration and exposure to ransom. So avoid using your regular account for privileged access.

3
  • I am already using SSH keys to login. However, I still need to remember my password when trying to sudo in the remote. I'm not sure how your answer addresses that?
    – a06e
    Commented Jun 21 at 15:06
  • One personal password is easier for you. And contrast the security of one sentence you type so much you have it memorized, versus a frequently accessed password manager that relies on the security of copy paste. Commented Jun 21 at 21:09
  • Yes, that's why I was asking for some sort of automated solution. Like some password manager
    – a06e
    Commented Jun 21 at 23:31

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .