Storing Credentials

35 views
Skip to first unread message

Joe Percival

unread,
Dec 22, 2017, 4:47:04 PM12/22/17
to weewx-user
I am writing an extension that requires login credentials for a remote machine.  What is the best mechanism for doing this that does not require hard coding in the python script?
thanks in advance!
joe

mwall

unread,
Dec 22, 2017, 5:04:11 PM12/22/17
to weewx-user
On Friday, December 22, 2017 at 4:47:04 PM UTC-5, Joe Percival wrote:
I am writing an extension that requires login credentials for a remote machine.  What is the best mechanism for doing this that does not require hard coding in the python script?

if it is ssh-related (e.g., scp, rsync) then use PKI (a public/private key pair).

if you must provide username/password, then put those in a configuration file then have the python code read the configuration file.

if you are really paranoid, have the python read the file each time it needs to authenticate (so that the values are not retained in memory).  but if you're that paranoid, there are probably plenty of other things than a username/password that keep you up...

m

Joe Percival

unread,
Dec 22, 2017, 5:09:24 PM12/22/17
to weewx...@googlegroups.com
it is for use of sftp through pysftp.

--
You received this message because you are subscribed to a topic in the Google Groups "weewx-user" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/weewx-user/uFsf5r_gEYw/unsubscribe.
To unsubscribe from this group and all its topics, send an email to weewx-user+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

mwall

unread,
Dec 22, 2017, 5:11:18 PM12/22/17
to weewx-user
btw, ssh is really awesome for remote access, and not just for interactive shells.

you can limit a user to run only a single application

you can chroot a user into a jail that limits his/her access to the file system

you can enable a remote user to have sudo rights, but only for specific binaries or groups

it makes automation of tasks easy.

perhaps best of all, it is really easy to test.  the biggest gotchas are usually when you put everything into a shell script - getting nested quotes and variable expansion can be tricky.

m

Joe Percival

unread,
Dec 22, 2017, 5:51:52 PM12/22/17
to weewx...@googlegroups.com
I have and executable python script on a remote raspberry pi that will get snow depth data from a MaxBotix TTL ultrasonic sensor (I hope)  I have tested from the “local” machine where weewx resides using pysftp and exectute the program.
The extension I’m writing merely has to connect via sftp, use the connection.execute() method and a list of strings is returned which I will process in the weewx extension to populate the new database.
I’m using a modified version of the MaxBotix sample script on the remote machine.  Modification was required for use with raspbian stretch on a RPi3
I am heavily modifying the mem extension that you, Vince, and Tom put together for my extension. 
thanks,
joe

Joe Percival

unread,
Dec 22, 2017, 6:26:23 PM12/22/17
to weewx...@googlegroups.com
Can I use this mechanism to store and retrieve credentials and other parameters?
In the extension’s skin include an [Extras] field under which I could have various parameters. for example:
[Extras]
snowIP=‘192.168.1.###’
snowUser=‘me’
snowPW=‘password’
snowMAXmm=2438

then, in the extension I can grab the parameters using something like:
snowIP=self.skin_dict['Extras'][’snowIP’]
etc
thanks once more!

mwall

unread,
Dec 22, 2017, 7:10:43 PM12/22/17
to weewx-user


On Friday, December 22, 2017 at 6:26:23 PM UTC-5, Joe Percival wrote:
Can I use this mechanism to store and retrieve credentials and other parameters?
In the extension’s skin include an [Extras] field under which I could have various parameters. for example:
[Extras]
snowIP=‘192.168.1.###’
snowUser=‘me’
snowPW=‘password’
snowMAXmm=2438

then, in the extension I can grab the parameters using something like:
snowIP=self.skin_dict['Extras'][’snowIP’]

that would work if the extension is a skin, or a skin component such as a search list extension or a generator.

but if the extension is a service, you probably want this in the config:

[SnowService]
    address = 192.168.1.55
    username = theuser
    password = thepassword
    max_mm = 2438

then in the snow service code (python) you'll have something like this:

class SnowService(StdService):
    def __init__(self, engine, config_dict):
        super(SnowService, self).__init__(engine, config_dict)
        snow_dict = config_dict.get('SnowService', {})
        self.max_mm = int(snow_dict.get('max_mm', 2000))
        try:
            self.address = snow_dict['address']
            self.username = snow_dict['username']
            self.password = snow_dict['password']
        except KeyError, e:
            raise Exception("missing parameter '%s'" % e)

 then you can use self.address, self.username, etc wherever you need them in the other methods of SnowService.

m

Joe Percival

unread,
Dec 23, 2017, 9:20:00 AM12/23/17
to weewx...@googlegroups.com
Thank you so much!
I kind of suspected the skin config file might not work for a service.  
joe

Reply all
Reply to author
Forward
0 new messages