On Thursday, 14 July 2022 10:04:21 CEST Mickaël Bucas wrote: > Le jeu. 14 juil. 2022 à 08:35, J. Roeleveld <jo...@antarean.org> a écrit : > > Hi All, > > > > I am looking for a way to login to a host and automatically change to root > > using a password provided by an external program. > > > > The root passwords are stored in a vault and I can get passwords out using > > a script after authenticating. > > > > Currently, I need to do a lot of the steps manually: > > ssh <user>@<host> > > su - > > (copy/paste password from vault) > > Why not use directly ssh root@<host> ? > With an SSH key protected by a passphrase that would be a single step > to connect. > You would have a passphrase to manage but you already are using a tool for > that. If you accept the risks, you could also use an SSH key without a > passphrase. > > sshd on the host must be configured with > PermitRootLogin=prohibit-password at minimum, which is the default > value.
For security reasons, I do not want direct login to root under any circumstances. This is disabled on all systems and will stay this way. Currently, to login as root, you need to know: - admin user account name - admin user account password - root user account password I do not want to reduce this to a single ssh-key-passphrase. -- Joost
