migrate unix cli, option to run with SSH key instead of password?

[Andrej_Walilko]

I'm currently formulating an automated bash script for my team to perform plesk-to-plesk migrations with plesk 12 as the target. I'm very happy that I found the `migrate` command line tool, so I no longer have to mess with creating subscription backups and restoring them roughshod on the new machine, but having the root password for another server in the bash history of the server I am migrating to is a huge security hole. It is simpler to set up a temporary SSH key to the old server that I can remove later. Is it possible for the `migrate` utility to use this SSH key instead of a username and password?

http://download1.parallels.com/Plesk/Doc/de-DE/online/plesk-unix-cli/index.htm?fileName=73526.htm

 

[IgorG]

I have checked it and found that it doesn't work as expected:

Connected with SSH key as root:

[root@ppu12-0 ~]# ssh 10.58.103.100
Last login: Wed Apr 22 10:59:45 2015 from 10.58.103.102
[root@ppu12-1 ~]#
[root@ppu12-1 ~]# logout
Connection to 10.58.103.100 closed.

Tried to migrate subscription without success:

[root@ppu12-0 ~]# plesk bin migrate --migrate-subscription eichmanndouglas.ppu12-0.demo.pp.plesk.ru -host 10.58.103.100 -login root
Migration started at: 2015-04-22 11:01:16
[2015-04-22 11:01:16] DEBUG [util_exec] [55372b1cb9033] Starting: pmmcli /usr/local/psa/admin/bin/pmmcli '--get-scout-info'
[2015-04-22 11:01:16] DEBUG [util_exec] [55372b1cb9033] Finished in 0.00209s, Result: TRUE
[2015-04-22 11:01:17] DEBUG [util_exec] [55372b1d02f99] Starting: send-error-report /usr/local/psa/admin/bin/send-error-report
[2015-04-22 11:01:17] DEBUG [util_exec] [55372b1d02f99] Finished in 0.00097s, Result: TRUE
Incorrect user name or password.

I think that as possible workaround you may temporary disable bash history in your script before starting migration with something like

# export HISTFILE=/dev/null

and then return it back after completing migration process.

 

[Andrej_Walilko]

Thanks for looking into this. Regardless of what the bash history file is, it is still possible to see the password when it is stored as a variable in the script by checking /proc/$pid, or to see the actual migrate command running (with the plaintext password) with `ps`. Even if this command were not run inside a script, the second security flaw would be present, because you have to include the password as part of the command. My thought was that PMM communicates over SSH, so it might try to use any SSH access method available to it, including keys.

For now, I'll have it disable the bash history for this script per your suggestion, and mask the password entry with `read -s`.

Would this thread be sufficient to act as a feature request for this functionality? Also, if it is possible to pass SSH variables to the script (such as -o or -i $keyfile), that would be very useful as well.

 

[IgorG]

You can describe your business case in detail and submit corresponding feature request here http://plesk.uservoice.com/

 

[Andrej_Walilko]

found a request for this exact feature already in there, as well as a few other things i would like to see. commented and voted. Thanks!

http://plesk.uservoice.com/forums/1...94992-add-keyfile-option-to-migration-manager