On Tue, Sep 17, 2019 at 3:25 PM Cameron Simpson <c...@cskk.id.au> wrote: > However, I repeat my recommendation to use a keypair for the > authentication, as it avoids needing interactive passwords (and having > your programme know the password has its own suite of problems to do > with where that password comes from).
Agreed; using a password that's embedded into the script is worse than useless. The same goes for sudo passwords, if that's a thing; arrange it so the user that you SSH in as has the power to run that command without a password (you can do that in the sudoers file, even if it needs a password for all other usage). If necessary, create a dedicated SSH keypair *just* for this script. It's still easier to protect an SSH private key than a password. ChrisA -- https://mail.python.org/mailman/listinfo/python-list
