Bernhard Scheirle


About Me

Hello, my name is Bernhard.
I'm a computer science student at Karlsruher Institute of Technology.

Contact Me



blogroll


Use KWallet for easier ssh root login



Of course you disabled the direct root login on your ssh server (sshd_config: PermitRootLogin no) and set a really secure root password, like a long randomly generated string. In hindsight, maybe something like xkcd: Password Strength would have been better?

So now every time you need root access to your server (Which is nearly all the time I execute the ssh command manually) you do following:

  1. Login as a unprivileged user.
  2. Search for the root password.
    • It's in your brain? Awesome. Quit reading! (I hope it's an "xkcd password" and not a trivial one :p)
    • It's somewhere written down / stored on your disk.
  3. Execute su or sudo to get root privileges.

Let's optimise step two by completely removing it.

The idea is to store the root password in an encrypted wallet (e.g. KWallet) and automatically copy it to the clipboard after login.

Let's say you already have following host configuration in your ~/.ssh/config:

1
2
3
Host example.com
    HostName ssh.example.com
    User unprivileged

Now we add two commands and rename it. The rename is not necessary but it lets other programs (which don't require root) use the old configuration.

So now we have following host configuration:

1
2
3
4
5
Host root.example.com
    HostName ssh.example.com
    User unprivileged
    PermitLocalCommand yes
    LocalCommand kwalletcli -f "kwalletcli" -e "root@example.com" | xclip -selection c

The last line executes a command on the local machine after successfully connecting to the server.

kwalletcli is the KWallet command-line interface which lets us query the wallet. In our case we query the entry root@example.com from the folder kwalletcli and pass the password to xclip to copy it in our clipboard.

Now every time you login via ssh root.example.com you will have your root password in your clipboard.

Step two removed: ✔.

How to put the password in the wallet?

  1. kwalletcli -f "kwalletcli" -e "root@example.com" -P
  2. Enter your passwort (Do Not commit with return)
  3. Commit with Ctrl + D (twice)

You could also use the KWallet GUI, which is self explanatory.

Comments


There are no comments yet. Why aren't you the FIRST and shout something?

Add a Comment

You may format you comment with Markdown.

Comment Atom Feed