PasswordSafe SSH Session - auto-login to sudo mode

Question

Hello! Is there a way to achieve auto-login to sudo mode without entering the password when logging in via PasswordSafe.

I see there is a different workflow for login-account where commands & password are injected after SSH session is initiated e.g. Launch ssh session as login-account and then switch to root .

Is there any way to configure PasswordSafe such that a managed-account logs in over SSH and a predefined sudo command is run , Passwordsafe injects the password for same account so that user doesn’t have to go back to browser where PasswordSafe is open , go back to open request or create one for password, copy the password, make sure they clicked inside SSH session, and then paste the password.

I see an alternative is to allow sudo commands to run passwordless on managed systems. I think this is less secure approach than the above.

jchandler · Answer

Hello ​@bt101Currently password safe is not able to perform inline credential injection after login.As you mentioned you could use a low privilege account to ssh into the box (Login Account) then switch to run or another NOPASSWD account.Or you could make the password available to the user to type in when needed with sudo.Using NOPASSWD for specific commands and "session only access from Password Safe" would be more secure than giving the *nix administratoraccess to the managed account password.For finer control over sudo elevation BeyondTrust does have "Privilege Management for Unix and Linux" onPrem and cloud that can centralize elevation based on policy.You can find the EPML doc’s here if your interested.Welcome to Endpoint Privilege Management for Linux (EPM-L) | EPM-LRegards,John

PasswordSafe SSH Session - auto-login to sudo mode

1 reply

Badge Earners

Badge Earners

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded