SSH: password cache if SSH-keys are forbidden

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
3
down vote

favorite












I have a server which I have to access frequently via ssh, because I compute on it.
Now, the computing center explicitly forbids SSH-keys because they are "insecure". They feel that typing my password, on a keyboard, everytime, possible in front of other humans, is a much safer way to login.



Now; I cannot change their minds (I tried).



Is there a way to at least temporarily store SSH passwords, the way GIT can store passwords in a cache for some defined time?



I'm on a linux machine.






linux ssh passwords ssh-keys







share|improve this question

























    up vote
    3
    down vote

    favorite












    I have a server which I have to access frequently via ssh, because I compute on it.
    Now, the computing center explicitly forbids SSH-keys because they are "insecure". They feel that typing my password, on a keyboard, everytime, possible in front of other humans, is a much safer way to login.



    Now; I cannot change their minds (I tried).



    Is there a way to at least temporarily store SSH passwords, the way GIT can store passwords in a cache for some defined time?



    I'm on a linux machine.






    linux ssh passwords ssh-keys







    share|improve this question























      up vote
      3
      down vote

      favorite









      up vote
      3
      down vote

      favorite











      I have a server which I have to access frequently via ssh, because I compute on it.
      Now, the computing center explicitly forbids SSH-keys because they are "insecure". They feel that typing my password, on a keyboard, everytime, possible in front of other humans, is a much safer way to login.



      Now; I cannot change their minds (I tried).



      Is there a way to at least temporarily store SSH passwords, the way GIT can store passwords in a cache for some defined time?



      I'm on a linux machine.






      linux ssh passwords ssh-keys







      share|improve this question













      I have a server which I have to access frequently via ssh, because I compute on it.
      Now, the computing center explicitly forbids SSH-keys because they are "insecure". They feel that typing my password, on a keyboard, everytime, possible in front of other humans, is a much safer way to login.



      Now; I cannot change their minds (I tried).



      Is there a way to at least temporarily store SSH passwords, the way GIT can store passwords in a cache for some defined time?



      I'm on a linux machine.






      linux ssh passwords ssh-keys




      linux ssh passwords ssh-keys






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked 55 mins ago









      user2667180

      285




      285




















          1 Answer
          1






          active

          oldest

          votes

















          up vote
          3
          down vote



          accepted










          Connection reuse



          SSHv2 allows the same authenticated connection to establish multiple 'channels' – interactive shell, batch command, SFTP, along with the secondary ones such as agent-forwarding or TCP-forwarding. Your server probably supports connection multiplexing by default. (If your admins complain, it's not caching your password anywhere – it's caching the whole connection.)



          With OpenSSH you have ControlMaster and ControlPath options (-M and -S) to make use of this:




          1. Start a 'master' SSH connection using -M. (Since you don't have a ControlPath in your config yet, you need to specify it in command line using -S. It needs to live long, so I add the -fN options to drop to background; they're technically optional otherwise.)



            $ ssh foo@bar.example.com -fNMS ~/.ssh/bar.socket
            foo@bar.example.com's password:


            You're back to the local shell.




          2. Start a new connection through the master:



            $ ssh foo@bar.example.com -S ~/.ssh/bar.socket


            You're in.




          3. To make this useful for Git/rsync/SFTP, you need to set up ControlPath in your configuration, because you won't be able to specify -S all the time:



            Host *
             ControlPath ~/.ssh/S.%r@%h:%p


          You can automate this – recent OpenSSH versions also have ControlPersist which automatically establishes a master connection in background if there isn't one yet. This allows you to skip step 1 and just use ssh as you normally would.




          1. Configuration in ~/.ssh/config:



            Host *
             ControlPath ~/.ssh/S.%r@%h:%p
             ControlMaster auto
             ControlPersist 15m



          2. First connection asks for password:



            $ ssh foo@bar.example.com
            foo@bar.example.com's password:
            [foo@bar:~]$ exit



          3. The second doesn't:



            $ ssh foo@bar.example.com
            [foo@bar:~]$ yay


          To control the multiplex master (stop it or configure TCP forwardings), use the -O option.



          A similar method is supported by recent PuTTY versions.






          share|improve this answer






















          • thank you very much for this nice answer. google was not useful on this problem, as it always turned to ssh-keys and I did not know the right keywords. helped me a lot!
            – user2667180
            13 mins ago











          Your Answer







          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "3"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          convertImagesToLinks: true,
          noModals: false,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );













           

          draft saved


          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1362894%2fssh-password-cache-if-ssh-keys-are-forbidden%23new-answer', 'question_page');

          );

          Post as a guest

















          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          up vote
          3
          down vote



          accepted










          Connection reuse



          SSHv2 allows the same authenticated connection to establish multiple 'channels' – interactive shell, batch command, SFTP, along with the secondary ones such as agent-forwarding or TCP-forwarding. Your server probably supports connection multiplexing by default. (If your admins complain, it's not caching your password anywhere – it's caching the whole connection.)



          With OpenSSH you have ControlMaster and ControlPath options (-M and -S) to make use of this:




          1. Start a 'master' SSH connection using -M. (Since you don't have a ControlPath in your config yet, you need to specify it in command line using -S. It needs to live long, so I add the -fN options to drop to background; they're technically optional otherwise.)



            $ ssh foo@bar.example.com -fNMS ~/.ssh/bar.socket
            foo@bar.example.com's password:


            You're back to the local shell.




          2. Start a new connection through the master:



            $ ssh foo@bar.example.com -S ~/.ssh/bar.socket


            You're in.




          3. To make this useful for Git/rsync/SFTP, you need to set up ControlPath in your configuration, because you won't be able to specify -S all the time:



            Host *
             ControlPath ~/.ssh/S.%r@%h:%p


          You can automate this – recent OpenSSH versions also have ControlPersist which automatically establishes a master connection in background if there isn't one yet. This allows you to skip step 1 and just use ssh as you normally would.




          1. Configuration in ~/.ssh/config:



            Host *
             ControlPath ~/.ssh/S.%r@%h:%p
             ControlMaster auto
             ControlPersist 15m



          2. First connection asks for password:



            $ ssh foo@bar.example.com
            foo@bar.example.com's password:
            [foo@bar:~]$ exit



          3. The second doesn't:



            $ ssh foo@bar.example.com
            [foo@bar:~]$ yay


          To control the multiplex master (stop it or configure TCP forwardings), use the -O option.



          A similar method is supported by recent PuTTY versions.






          share|improve this answer






















          • thank you very much for this nice answer. google was not useful on this problem, as it always turned to ssh-keys and I did not know the right keywords. helped me a lot!
            – user2667180
            13 mins ago















          up vote
          3
          down vote



          accepted










          Connection reuse



          SSHv2 allows the same authenticated connection to establish multiple 'channels' – interactive shell, batch command, SFTP, along with the secondary ones such as agent-forwarding or TCP-forwarding. Your server probably supports connection multiplexing by default. (If your admins complain, it's not caching your password anywhere – it's caching the whole connection.)



          With OpenSSH you have ControlMaster and ControlPath options (-M and -S) to make use of this:




          1. Start a 'master' SSH connection using -M. (Since you don't have a ControlPath in your config yet, you need to specify it in command line using -S. It needs to live long, so I add the -fN options to drop to background; they're technically optional otherwise.)



            $ ssh foo@bar.example.com -fNMS ~/.ssh/bar.socket
            foo@bar.example.com's password:


            You're back to the local shell.




          2. Start a new connection through the master:



            $ ssh foo@bar.example.com -S ~/.ssh/bar.socket


            You're in.




          3. To make this useful for Git/rsync/SFTP, you need to set up ControlPath in your configuration, because you won't be able to specify -S all the time:



            Host *
             ControlPath ~/.ssh/S.%r@%h:%p


          You can automate this – recent OpenSSH versions also have ControlPersist which automatically establishes a master connection in background if there isn't one yet. This allows you to skip step 1 and just use ssh as you normally would.




          1. Configuration in ~/.ssh/config:



            Host *
             ControlPath ~/.ssh/S.%r@%h:%p
             ControlMaster auto
             ControlPersist 15m



          2. First connection asks for password:



            $ ssh foo@bar.example.com
            foo@bar.example.com's password:
            [foo@bar:~]$ exit



          3. The second doesn't:



            $ ssh foo@bar.example.com
            [foo@bar:~]$ yay


          To control the multiplex master (stop it or configure TCP forwardings), use the -O option.



          A similar method is supported by recent PuTTY versions.






          share|improve this answer






















          • thank you very much for this nice answer. google was not useful on this problem, as it always turned to ssh-keys and I did not know the right keywords. helped me a lot!
            – user2667180
            13 mins ago













          up vote
          3
          down vote



          accepted







          up vote
          3
          down vote



          accepted






          Connection reuse



          SSHv2 allows the same authenticated connection to establish multiple 'channels' – interactive shell, batch command, SFTP, along with the secondary ones such as agent-forwarding or TCP-forwarding. Your server probably supports connection multiplexing by default. (If your admins complain, it's not caching your password anywhere – it's caching the whole connection.)



          With OpenSSH you have ControlMaster and ControlPath options (-M and -S) to make use of this:




          1. Start a 'master' SSH connection using -M. (Since you don't have a ControlPath in your config yet, you need to specify it in command line using -S. It needs to live long, so I add the -fN options to drop to background; they're technically optional otherwise.)



            $ ssh foo@bar.example.com -fNMS ~/.ssh/bar.socket
            foo@bar.example.com's password:


            You're back to the local shell.




          2. Start a new connection through the master:



            $ ssh foo@bar.example.com -S ~/.ssh/bar.socket


            You're in.




          3. To make this useful for Git/rsync/SFTP, you need to set up ControlPath in your configuration, because you won't be able to specify -S all the time:



            Host *
             ControlPath ~/.ssh/S.%r@%h:%p


          You can automate this – recent OpenSSH versions also have ControlPersist which automatically establishes a master connection in background if there isn't one yet. This allows you to skip step 1 and just use ssh as you normally would.




          1. Configuration in ~/.ssh/config:



            Host *
             ControlPath ~/.ssh/S.%r@%h:%p
             ControlMaster auto
             ControlPersist 15m



          2. First connection asks for password:



            $ ssh foo@bar.example.com
            foo@bar.example.com's password:
            [foo@bar:~]$ exit



          3. The second doesn't:



            $ ssh foo@bar.example.com
            [foo@bar:~]$ yay


          To control the multiplex master (stop it or configure TCP forwardings), use the -O option.



          A similar method is supported by recent PuTTY versions.






          share|improve this answer














          Connection reuse



          SSHv2 allows the same authenticated connection to establish multiple 'channels' – interactive shell, batch command, SFTP, along with the secondary ones such as agent-forwarding or TCP-forwarding. Your server probably supports connection multiplexing by default. (If your admins complain, it's not caching your password anywhere – it's caching the whole connection.)



          With OpenSSH you have ControlMaster and ControlPath options (-M and -S) to make use of this:




          1. Start a 'master' SSH connection using -M. (Since you don't have a ControlPath in your config yet, you need to specify it in command line using -S. It needs to live long, so I add the -fN options to drop to background; they're technically optional otherwise.)



            $ ssh foo@bar.example.com -fNMS ~/.ssh/bar.socket
            foo@bar.example.com's password:


            You're back to the local shell.




          2. Start a new connection through the master:



            $ ssh foo@bar.example.com -S ~/.ssh/bar.socket


            You're in.




          3. To make this useful for Git/rsync/SFTP, you need to set up ControlPath in your configuration, because you won't be able to specify -S all the time:



            Host *
             ControlPath ~/.ssh/S.%r@%h:%p


          You can automate this – recent OpenSSH versions also have ControlPersist which automatically establishes a master connection in background if there isn't one yet. This allows you to skip step 1 and just use ssh as you normally would.




          1. Configuration in ~/.ssh/config:



            Host *
             ControlPath ~/.ssh/S.%r@%h:%p
             ControlMaster auto
             ControlPersist 15m



          2. First connection asks for password:



            $ ssh foo@bar.example.com
            foo@bar.example.com's password:
            [foo@bar:~]$ exit



          3. The second doesn't:



            $ ssh foo@bar.example.com
            [foo@bar:~]$ yay


          To control the multiplex master (stop it or configure TCP forwardings), use the -O option.



          A similar method is supported by recent PuTTY versions.







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited 12 mins ago

























          answered 20 mins ago









          grawity

          219k32446512




          219k32446512











          • thank you very much for this nice answer. google was not useful on this problem, as it always turned to ssh-keys and I did not know the right keywords. helped me a lot!
            – user2667180
            13 mins ago

















          • thank you very much for this nice answer. google was not useful on this problem, as it always turned to ssh-keys and I did not know the right keywords. helped me a lot!
            – user2667180
            13 mins ago
















          thank you very much for this nice answer. google was not useful on this problem, as it always turned to ssh-keys and I did not know the right keywords. helped me a lot!
          – user2667180
          13 mins ago





          thank you very much for this nice answer. google was not useful on this problem, as it always turned to ssh-keys and I did not know the right keywords. helped me a lot!
          – user2667180
          13 mins ago


















           

          draft saved


          draft discarded















































           


          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1362894%2fssh-password-cache-if-ssh-keys-are-forbidden%23new-answer', 'question_page');

          );

          Post as a guest
































































          Comments

          Post a Comment

          Popular posts from this blog

          White Anglo-Saxon Protestant

          Image
          White Anglo-Saxon Protestants ( WASPs ) are a social group of wealthy and well-connected white Americans, of Protestant and predominantly British ancestry, who trace their ancestry to the American colonial period. Until at least the 1960s, this group has dominated American society and culture and dominated in the leadership of the Whig and Republican parties. They usually are very well placed in major financial, business, legal and academic institutions and had close to a monopoly of elite society due to intermarriage and nepotism. [1] During the latter half of the twentieth century, outsider ethnic and racial groups grew in influence and WASP dominance weakened. Americans are increasingly criticizing the WASP hegemony and disparaging WASPs as the epitome of "the Establishment". The Random House Unabridged Dictionary (1998) says the term is "Sometimes Disparaging and Offensive". [2] [3] The term WASP is often used as a pejorative to classify their historical dom...
          Read more

          BuddyTV

          BuddyTV Owner David Niu, Andy Liu Created by Various contributors Website www.buddytv.com Launched July 31, 2007 Current status Offline BuddyTV was an entertainment-based website based in Seattle, Washington, which generated content about television programs and sporting events. The website published information about celebrity and related entertainment news through a series of articles, entertainment profiles, actor biographies and user forums. [1] On 31 December 2014, Smart TV manufacturer VIZIO acquired BuddyTV's parent Advanced Media Research Group, Inc., in order to expand content and service offerings. [2] The site was shut down on 22 May 2018. [3] Contents 1 History 2 Business model 3 Impact 4 See also 5 References 6 External links History BuddyTV was co-founded in 2005 by Andy Liu and David Niu. The pair graduated from the University of Pennsylvania with a Master of Business Administration. They sold their previous company, NetConversions, to aQuantive in 2004...
          Read more

          Conflict (narrative)

          Image
          Conflict in narrative comes in many forms. "Man versus man", such as is depicted here in the battle between King Arthur and Mordred, is particularly common in traditional literature, fairy tales and myths. [1] In works of narrative, conflict is the challenge main characters need to solve to achieve their goals. Traditionally, conflict is a major literary element that creates challenges in a story by adding uncertainty to if the goal would be achieved. A narrative is not limited to a single conflict. While conflicts may not always resolve in narrative, the resolution of a conflict creates closure or fulfillment, which may or may not occur at a story's end. Contents 1 Basic nature 2 Classification 2.1 Man against man 2.2 Man against nature 2.3 Man against self 2.4 Man against society 3 History 4 See also 5 References 6 External links Basic nature Conflict in literature refers to the different drives of the characters or forces involved. Conflict may be internal o...
          Read more