osdir.com


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

python3 subprocess run sudo cmd in remote failed


On Tue, Sep 17, 2019 at 3:25 PM Cameron Simpson <cs at cskk.id.au> wrote:
> However, I repeat my recommendation to use a keypair for the
> authentication, as it avoids needing interactive passwords (and having
> your programme know the password has its own suite of problems to do
> with where that password comes from).

Agreed; using a password that's embedded into the script is worse than
useless. The same goes for sudo passwords, if that's a thing; arrange
it so the user that you SSH in as has the power to run that command
without a password (you can do that in the sudoers file, even if it
needs a password for all other usage).

If necessary, create a dedicated SSH keypair *just* for this script.
It's still easier to protect an SSH private key than a password.

ChrisA