I'm working on a C project that commonly involves making connections to remote servers. Commonly, this involves using some small terminal macros I've added to my makefile to scp an executable to that remote server. While convenient, the only part of this I've not been able to readily streamline is the part where I need to enter the password.
Additionally, in my code, I'm already using system() calls to accomplish some minor terminal commands (like sort). I'd ALSO like to be able to enter a password if necessary here. For instance, if I wanted to build a string in my code to scp a local file to my remote server, it'd be really nice to have my code pull (and use) a password from somewhere so it can actually access that server.
Does anyone a little more experienced with Make know a way to build passwords into a makefile and/or a system() call in C? Bonus points if I can do it without any third-party software/libraries. I'm trying to keep this as self-contained as possible.
CodePudding user response:
The solution is to not use a password. SSH, and thus SCP, has, among many many others, public key authentication, which is described all over the internet. Use that.
Generally, the problem you're trying to solve is called secret management, and the takeaway is that your authentication tokens (passwords, public keys, API keys…) should not be owned by your application software, but by something instructing the authenticating layer. In other words, the way forward really is that you enable SSH to connect on its own without you entering a password by choosing something that happens to not be an interactive authentication method. So, using a password here is less elegant than just using the generally favorable method of using a public key to authenticate with your server.
Passing passwords as command line option is generally a bad idea – that leaks these passwords into things like process listings, potentially log entries and so on. Don't do it.
CodePudding user response:
Running ssh-keygen
to create the keys. Then, adding/appending the local system's (e.g) .ssh/id_rsa.pub
file to the remote's .ssh/authorized_keys
file is the best way to go.
But, I had remote systems to access without passwords but the file was not installed on the remote (needing ssh-keygen
to be run on the remote). Or, the remote .ssh/authorized_keys
files did not have the public key from my local system in it.
I wanted a one-time automated/unattended script to add it. A chicken-and-the-egg problem.
I found sshpass
It will work like ssh
and provide the password (similar to what expect
does).
I installed it once on the local system.
Using this, the script would:
- run
ssh-keygen
on the remote [if necessary] - Append the local
.ssh/id_rsa.pub
public key file to the remote's.ssh/authorized_keys
- Copy back the remote's
.ssh/id_rsa.pub
file to the local system's.ssh/authorized_keys
file [if desired]
Then, ssh
etc. worked without any passwords.