With iOS 12 and the new Siri Shortcuts app, I've been thinking of ways I could leverage the SSH command capability in the app. For those of you who don't know, the app allows you to send a bash file or string to stdin
and returns stdout
as a plain-text file, connecting using password authentication (no token authentication).
What I'd like to do is create a shortcut that executes sudo shutdown [...]
on a remote server via the SSH command action. Since the action is non-interactive and non-tty I can't interactively enter the password, and I'm reluctant to put the password as plaintext in the action input string/stdin
. On the other hand, I don't want to use sudo -n
and NOPASSWD
for the shutdown
command, as that's a security risk that I don't want to deal with. I thought of perhaps requiring a random string for the shutdown
message for NOPASSWD
to be enabled in the sudoers
file (i.e., sudo shutdown -h now
would require a password, but sudo shutdown -h now japos98vh92p3hoab982hfpa
would not), but I don't know if that's any more secure or even possible.
In summary, how can I securely send a shutdown command over SSH using a non-interactive, non-tty session?