Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

is Interactive sudo is enabled! Using a sudo password is less secure than correctly configured SSH keys. warranted in my case ? #299

Open
teto opened this issue Nov 9, 2024 · 2 comments
Open

is Interactive sudo is enabled! Using a sudo password is less secure than correctly configured SSH keys. warranted in my case ? #299

teto opened this issue Nov 9, 2024 · 2 comments

Comments

@teto
Copy link

teto commented Nov 9, 2024

So when I use deploy-rs, I get the following warning:

🚀 ℹ️ [deploy] [INFO] Evaluating flake in .
🚀 ⚠️ [deploy] [WARN] Interactive sudo is enabled! Using a sudo password is less secure than correctly configured SSH keys.
Please use keys in production environments.
🚀 ℹ️ [deploy] [INFO] You will now be prompted for the sudo password for redacted.com.

I do use ssh keys to authenticate to the server with a plain user. I have root ssh access disabled for security reasons. And I dont want my plain user to run passwordless sudo commands so I need the password to run the nixos-rebuild switch.
I feel the warning is targeted at users using password-based ssh ? which is not my case but I still get the warning.
Also the password is asked right at the start of deploy-rs, I would prefer for it to be asked last second, right before doing the switch to avoid the process holding onto it.
@amalgame21
Copy link

Ya I think sudo password, ssh key passphrase and ssh password authentication are different things. I don't know why I use ssh key with passphrase and sudo password with normal user, still get this warning message.

@n-hass
Copy link

n-hass commented Feb 20, 2025
edited
Loading

I wrote this feature and we included this warning because there are technically ‘safer’ ways to escalate privileges to root from a non-root user after ssh, regardless of password auth for root ssh. Personally, I agree it’s overkill and is fine in most scenarios (hence, the feature exists...). But from memory, I think this warning exists because… well, just assume a naive user who probably doesn’t understand the implications of leaving password-based authentication and sudo on a production host.

Consider this which I use to manage a fleet of devices:

  • deploy-rs is configured to ssh to host as a normal user (lets call them deploy)
  • Forward my SSH agent to the host
  • PAM configured on the host to allow SSH agent authentication for sudo
  • sudo configured to only allow the required programs for deployment to be ran with sudo for the deploy user (something like activate-rs, rm, and nix)

With this method, your SSH client controls keys (which can [or should] be password-protected) that are used to raise privileges.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@teto @n-hass @amalgame21