Make ssh credentials secure

[RobertTLange]

Currently the credentials for ssh-ing into remote clusters (SGE/Slurm) have to be provided in the .toml config file in plain text. This is really bad for security reasons. Use some form of encryption/hashing and private/public key setup to store credentials.

[RobertTLange]

For encryption - check out these two links:

• https://stackoverflow.com/questions/12042724/securely-storing-passwords-for-use-in-python-script
• https://stackoverflow.com/questions/7014953/i-need-to-securely-store-a-username-and-password-in-python-what-are-my-options

[denisalevi]

From a user friendliness perspective, it might be good to leave the choice about storing passwords or not to the user? You could just ask for a password every time that you connect via ssh (there are certainly people who don't want any passwordless ssh connects for security reasons). I would make sure that all ssh commands use the ~/.ssh/config configurations and point people to passwordless ssh key-pairs if they want passwordless connects. And if they don't they have to type the password everytime. Or was there a reason this doesn't work?

[RobertTLange]

Good point. I need to double check how the paramiko ssh client works. I don't believe that it is using ~/.ssh/config by default but you would have to manually parse it. Just for later reference - this looks like a good starting point: https://gist.github.com/liuyenting/582bcf4b0e75d3591c30af419d4ee059

And adding an option for "auto-ssh" vs manual password supply is definitely a good thing, which could also be asked/supplied in the mle-init setup command.

Only reason why it doesn't exist yet is that I didn't need/want it :smile: