Of course you disabled the direct root login on your ssh server (
sshd_config: PermitRootLogin no) and set a really secure root password, like a long randomly generated string.
In hindsight, maybe something like xkcd: Password Strength would have been better?
So now every time you need root access to your server (Which is nearly all the time I execute the ssh command manually) you do following:
- Login as a unprivileged user.
- Search for the root password.
- It's in your brain? Awesome. Quit reading! (I hope it's an "xkcd password" and not a trivial one :p)
- It's somewhere written down / stored on your disk.
- Execute su or sudo to get root privileges.
Let's optimise step two by completely removing it.
The idea is to store the root password in an encrypted wallet (e.g. KWallet) and automatically copy it to the clipboard after login.
Let's say you already have following host configuration in your
1 2 3
Host example.com HostName ssh.example.com User unprivileged
Now we add two commands and rename it. The rename is not necessary but it lets other programs (which don't require root) use the old configuration.
So now we have following host configuration:
1 2 3 4 5
Host root.example.com HostName ssh.example.com User unprivileged PermitLocalCommand yes LocalCommand kwalletcli -f "kwalletcli" -e "email@example.com" | xclip -selection c
The last line executes a command on the local machine after successfully connecting to the server.
kwalletcli is the KWallet command-line interface which lets us query the wallet.
In our case we query the entry
firstname.lastname@example.org from the folder
kwalletcli and pass the password to
xclip to copy it in our clipboard.
Now every time you login via ssh root.example.com you will have your root password in your clipboard.
Step two removed: ✔.
How to put the password in the wallet?
- kwalletcli -f "kwalletcli" -e "email@example.com" -P
- Enter your passwort (Do Not commit with return)
- Commit with Ctrl + D (twice)
You could also use the KWallet GUI, which is self explanatory.