rails ssh password security

Question

We have a rails app that needs to ssh to a remote server (unix) and do some command line stuff. I don't know a lot about security, so looking for advice. Currently, the controller receives a submit from the view, with a password in the params hash (not hashed, or anything). Then we use Net::SSH gem to ssh to the remote server and do stuff. This seems all kinds of un-safe. Our thoughts were:

• Setting up public key authentication over SSH, so no pw would be required (we have a small number of users, so setting this up would be no problem)

OR

• hash the password in the view, decode in the controller and then invoke the ssh commands

OR

• hash and salt the pw in the view? (don't really know how this works, just an idea)

Any links to articles or explanations, greatly appreciated. Thanks!

Answer 1

With public key authentication, you're just authenticating between your webserver and the server you're ssh'ing to. So if I understand your layout, then anyone who goes to the page doesn't need a password to get in. If you are passing a password via post, you can simply filter it from your logs with something like this

filter_parameter_logging :password

in your Application controller. Then its just being passed around in memory, not stored anywhere static. Though hashing and salting in the view via javascript and then decoding in the controller is probably still a good idea if you aren't using SSL. I'm certainly not going to recommend against an extra security measure that is fairly simple to implement...

Edit: Looks like the way to filter parameters in Rails 3 is

config.filter_parameters += [:password]

in config/application.rb

Answer 2

I would vote for your first option -- public key authentication. The fewer passwords that are required for people to know, the better. Unless your form is displayed with HTTPS (SSL) that password is somewhat insecure, and as @Scott S points out in his answer, it will indeed show up in unexpected places like logs, unless you filter it.

The most common way to set up public key authentication with ssh is to use a key having an empty passphrase. A more secure way may be to use ssh-agent , as long as the servers themselves are well secured, (in particular, the private key of the requesting server) that's probably not necessary.