Re: [Fab-user] Encrypting passwords

fab-user

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fab-user] Encrypting passwords

From:	Jeff Forcier
Subject:	Re: [Fab-user] Encrypting passwords
Date:	Fri, 27 Apr 2012 12:22:40 -0700

Hi J,

env.password is a "lowest common denominator" method of preserving
passwords you'd otherwise enter by hand. It's not designed for
anything greater.

If you want to start getting security conscious, the best practice is
to use SSH private key authentication. Then you simply stop using
env.password entirely and rely on distributing SSH keypair(s) to your
users/servers.

Fabric will load SSH agents and private keys stored in user home
directories by default, and can be told to load additional keys with
the -i flag or the env.key_filename settings -- check the docs for
details.

Best,
Jeff

On Fri, Apr 27, 2012 at 9:46 AM, JA <address@hidden> wrote:
> Hi Everyone;
>
> I am looking for suggestions for the best way to handle passwords in
> fabfiles.  Specifically, I woud like to be able to generate a password
> has of the user's sudo password and store this in the fabfile
> (env.password)
>
> Has anyone done this?  Any suggestions? :)
>
> Thanks!
> J
>
> _______________________________________________
> Fab-user mailing list
> address@hidden
> https://lists.nongnu.org/mailman/listinfo/fab-user

-- 
Jeff Forcier
Unix sysadmin; Python/Ruby engineer
http://bitprophet.org

[Prev in Thread]

Current Thread

[Next in Thread]

[Fab-user] Encrypting passwords, JA, 2012/04/27
- Re: [Fab-user] Encrypting passwords, Jeff Forcier <=
  - Message not available
    - Re: [Fab-user] Encrypting passwords, Jeff Forcier, 2012/04/27

Prev by Date: [Fab-user] Encrypting passwords
Next by Date: Re: [Fab-user] Encrypting passwords
Previous by thread: [Fab-user] Encrypting passwords
Next by thread: Re: [Fab-user] Encrypting passwords
Index(es):
- Date
- Thread