I'm trying to safely (relatively speaking) store login credentials in bash scripts that start a remote desktop client for managing some servers. (Motivation: I want to get away from using Remmina. I don't like it.)
My first thought was to keep the passwords in an encrypted password manager, but this proved to be impracticably inconvenient after a time.
My second thought was to include the passwords in the scripts themselves but then secure the scripts in a way that might require my system password but not generally be readable or executable as a regular user. To this end, I created a script like this:
Code: Select all
HOST=<hostname>:<port>
USER=<username>
PASS=<password>
DOMAIN=<domain>
RESOLUTION="2550x1350"
sudo -uparticle xfreerdp /u:${USER} /d:"${DOMAIN}" /p:"${PASSWORD}" /rfx +compression +clipboard +fonts /size:${RESOLUTION} /cert-ignore /sec:nla /v:${HOST}
Is there perhaps a change I can make to resolve this deficiency in my approach? Is this an unavoidable consequence of calling a program with sudo?