Crazy question: Storing an encrypted user password

Hi,

I'm no expert at all on security, but today I was pondering an interesting idea about storing passwords for use across a network connection.

Here's the scenario:

You have an application you want to deploy via Capistrano and there are some commands to be run with sudo, but you don't want to provide the password each time you do that, so...

What if you store a password encrypted with the sudoer's public key on your application (say config/deploy/user.pw), and when you need to provide a password you do something like:

run "sudo ls" do |channel, stream, data|   if data =~ /^Password:/     # decrypt user.pw using user's private key     channel.send_data "#{decrypted_password}\n"   end end

Of course this would work only if the private key doesn't have a passphrase...

So, security-wise, what do you think of this approach?

Regards, Ivan V.

Hi,

I'm no expert at all on security, but today I was pondering an interesting idea about storing passwords for use across a network connection.

Here's the scenario:

You have an application you want to deploy via Capistrano and there are some commands to be run with sudo, but you don't want to provide the password each time you do that, so...

In my experience, I only have to provide the password upon logging into the remote machine... the sudo password is the same and I don't get prompts after that.

Depends on your threat model. The problem here is that anyone who is able to gain access to the private key file now has the user's password. Generally speaking, this is considered bad and is why passwords on Unix/Windows systems aren't encrypted- they're hashed so the plain text password is unrecoverable. Honestly, this just changes what file you have to protect (the private key instead of your script with the password embedded).

You're probably better off prompting for the password, caching it and re-using it multiple times. Alternatively, you can edit the /etc/sudoers file to give your user access to the necessary commands without prompting for a password (and to prompt for any other command).