In connection profiles that will be used in non-interactive connections, it is also possible to use passwords stored to the Tectia ConnectSecure configuration or to the system.
In the Connection Broker configuration file
ssh-broker-config.xml
, the stored passwords are
configured with the password
element, with the following
syntax:
<profiles> <profile> <authentication-methods> <auth-password /> </authentication-methods> ... <password file="path/to/file" /> </profile> ... </profiles>
The password
element can be used to specify a
user password that the client will send as a response to password
authentication.
The password can be given directly in the string
attribute, but safer alternatives are to define either a path to a file
containing the password in the file
attribute, or to
use the command
attribute to define a path to a program
or script that outputs the password.
When using the command
attribute to refer to a
shell script, make sure the script also defines the user's shell, and
outputs the actual password. Otherwise the executed program fails,
because it does not know what shell to use for the shell script. For
example, if the password string is defined in a file named
my_password.txt
, and you want to use the bash
shell, include these lines in the script:
#!/usr/bash cat /full/pathname/to/my_password.txt
Caution | |
---|---|
If the password is given using this option, it is
extremely important that the |
Note | |
---|---|
Any password given with the command-line options will override this setting. |
Via the Tectia Connections Configuration GUI, the stored passwords are configured on the Connection profiles → Authentication tab. Select Store password for non-interactive use and define the password or the path to the password file or program.
Caution | |
---|---|
If you choose to use stored passwords, it is extremely important that the Tectia ConnectSecure host and the password file or program are not accessible by anyone else than the intended user. |
To store the password as such in the configuration, enter the password directly in the Password field.
To use a file containing the password, select Password file and enter the path to the file in the field.
To use a program or a script that outputs the password, select Password program and enter the path to the program in the field.
Note | |
---|---|
The user is required to have adequate permissions to the password
file and to the password program. The file or the program executable
must be owned by the user, local administrator or a member in the local
admin group, and the file must have the |