Why public key authentication is preferred for automated scripts?

Question

I found the following claim in the documentation for Net::OpenSSH :

Note that using password authentication in automated scripts is a very bad idea. When possible, you should use public key authentication instead.

What's flawed in using password authentication in automated scripts?

Answer 1

Passwords are easier to guess/brute force than private keys (unless you are running Debian ;)

Imagine you have a user account which runs 120 different automated scripts. If you hardcode password into each of them you now have 120 places to change it.

If you place the password into a config file and have all 120 scripts read it from the file sooner or later somebody will accidentally make that file world readable. ssh won't work when the private key is not 600.

Somebody can decide to change user's password without thinking about the possibility of it being hardcoded in some script. You are more likely to stop and think before changing the private key.

Answer 2

Probably because with password authentication, you have to hard code the password itself into the script or at least into some sort of configuration file. It's never a good idea to hard code your plain ssh password i think :)

Answer 3

Public key authentication should always be preferred for any remote resource. It is statistically impossible to guess the challenge response and can thwart MITM attacks. Although this does not rule out the possibility of the attacker being extremely lucky.

If the attacker can read files on the remote system, the password or the private key must be in plain text and there for can be read. Asymmetric cryptography isn't a magic wand that solves all problems.

One possibility for this warning in the docs is that if you use a password and the script isn't checking the sshd's public key then a MITM attack could obtain the clear text password. You should be checking the remote servers authentication by hard-coding the public key. The ssh command on the cli does this automatically and will throw a warning if a server's key changes. If you aren't checking the authentication credentials of the remote server and you are using public key authentication then an attacker can only MITM that session because the attacker will not be able to obtain the client's private key to re-auth.