Add support for entering sudo password interactively #257
Conversation
|
Can I also make a suggestion that some refactoring take place? The same pattern is duplicated like ~5-6 times to build a process::Command with the ssh options etc. I think a factory-style function would be helpful here and would make the code significantly more readable. I'm happy to do this in this PR or make another. |
n-hass
changed the title
|
Thanks for your contribution! I'm not sure how I feel about transmitting passwords for sudo. Generally, you should use ssh keys with attached permissions instead. As for the refactoring, feel free to open another PR since it is not related to this one. |
|
Agreed, keys are always safer. However, from a security perspective, I believe this technique is sound. Functionally this is no different than SSH'ing as the non-root user and entering the sudo password interactively through the tty, as deploy-rs would pipe the password to the ssh session after the session has been opened. The password is never transmitted or stored plaintext (apart from when in-memory in deploy-rs). I think some, myself included, are more comfortable with this than widening SSH permissions for root, or using a sudo pam / ssh-agent forwarding workaround. Perhaps a warning/'disclaimer' could be included somewhere to encourage use of keys in a production environment? |
|
Sorry, forgot to tag @PhilTaken . See above |
There was a problem hiding this comment.
First of all, thanks for your contribution:)
Perhaps a warning/'disclaimer' could be included somewhere to encourage use of keys in a production environment?
I agree, it'd be nice to print a warning that interactive sudo is used.
Additionally, I have a single comment regarding the JSON schema update that is affected by your PR
|
Thanks @rvem! Is it okay if I squash? |
|
Yeah, sure |
|
Thanks! |
|
Hi, After reading above comments and other documentation, I still don't understand why this message appears when doing a deployment: I use interactive sudo, but why is it less secure than correctly configured SSH keys? For login, I use SSH keys, do I need to set other SSH keys? The only documentation I see is to either allow root to log in with SSH keys or to allow sudo without password. I think both are less secure than needing both an SSH key to login and a password to become root. Am I missing something? |
This adds a prompt for entering the sudo password interactively, so that system deployments can be activated when using non-root sshUsers. Fixes #78.
I have chosen to handle this locally (in deploy) and pipe the password to stdin of the ssh session, rather than via psuedo-terminal as this is more reliable. This also means that magicRollback works, unlike the "-t" workaround.