Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

How to use SecretStore for automatic pwd PSSession to linux? #68

Open
kasini3000 opened this issue Jun 10, 2021 · 2 comments
Open

How to use SecretStore for automatic pwd PSSession to linux? #68

kasini3000 opened this issue Jun 10, 2021 · 2 comments
Labels
enhancement New feature or request

Comments

@kasini3000
Copy link

For a long time, I didn't know the usefulness of SecretStore.
Can it be used to realize automatic password PSSession to linux?
(use ssh key-file i known)

How to do it?
New-PSSession -HostName 1.1.1.1 -UserName root ? ? ?

@PaulHigin
Copy link
Contributor

SSH does not take a credential argument as far as I am aware. So SecretManagement/SecretStore is not useful in this scenario since there is no way to pass in a credential or token secret to SSH from SecretStore. But using SSH with password is not very secure anyway, since it involves passing the password secret to the target computer.

SSH with key based authentication is better. SecretStore does not currently work with SSH key authentication (like a client side ssh key agent), but this would be interesting to look into as an enhancement.

@PaulHigin PaulHigin added the enhancement New feature or request label Jun 10, 2021
@kasini3000
Copy link
Author

I developed a tool software for automatic management of win, linux, based on powershell.
https://github.com/kasini3000/kasini3000
It is a tool similar to ansible.
Currently, it uses nodelist.csv to save passwords in plain text by default.
I also provide blacklist functions for win and linux,
For win, I used a 16-digit random number password and the password change function.
For linux, currently two ssh keys are used, alternately.

I hope that SecretStore and powershell can provide the functions of password storage, reading, and connection to ssh. It is best to also provide sudo password storage and reading functions. This gives the user an additional choice.

Although this is not very secure, I see that commercial software, such as xshell, also provides the function of saving passwords.

For security, I have this idea:
1 The master password must be used to decrypt the sub-password.
2 The master password is saved in a file on the disk. Every time this file is read, the win log will be recorded. The time stamp of reading the master password document and the process of reading the master password document are written in the windows log.
3 It may be possible to restrict the process of reading the master password file.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

2 participants