search

PowerShell / SecretStore

MIT License
155 stars 23 forks source link

How to use SecretStore for automatic pwd PSSession to linux? #68

Open kasini3000 opened 3 years ago

kasini3000 commented 3 years ago

For a long time, I didn't know the usefulness of SecretStore. Can it be used to realize automatic password PSSession to linux? (use ssh key-file i known)

How to do it? New-PSSession -HostName 1.1.1.1 -UserName root ? ? ?

PaulHigin commented 3 years ago

SSH does not take a credential argument as far as I am aware. So SecretManagement/SecretStore is not useful in this scenario since there is no way to pass in a credential or token secret to SSH from SecretStore. But using SSH with password is not very secure anyway, since it involves passing the password secret to the target computer.

SSH with key based authentication is better. SecretStore does not currently work with SSH key authentication (like a client side ssh key agent), but this would be interesting to look into as an enhancement.

kasini3000 commented 3 years ago

I developed a tool software for automatic management of win, linux, based on powershell. https://github.com/kasini3000/kasini3000 It is a tool similar to ansible. Currently, it uses nodelist.csv to save passwords in plain text by default. I also provide blacklist functions for win and linux, For win, I used a 16-digit random number password and the password change function. For linux, currently two ssh keys are used, alternately.

I hope that SecretStore and powershell can provide the functions of password storage, reading, and connection to ssh. It is best to also provide sudo password storage and reading functions. This gives the user an additional choice.

Although this is not very secure, I see that commercial software, such as xshell, also provides the function of saving passwords.

For security, I have this idea: 1 The master password must be used to decrypt the sub-password. 2 The master password is saved in a file on the disk. Every time this file is read, the win log will be recorded. The time stamp of reading the master password document and the process of reading the master password document are written in the windows log. 3 It may be possible to restrict the process of reading the master password file.