How to manage passwords on Linux without a Desktop Environment?

Question

How do you manage, unlock and access sensitive data on Linux when you don't have a Desktop Environment?

Gnome and co. all provide a keychain that gets unlocked when you log in, and that you can only read from after login. So the actual secrets are never saved on disk in plaintext.

However, how do you do such a thing on a machine that does not have a DE, but for example only receives logins via SSH? Does such a keychain exist, and can it be unlocked by SSH?

score 0 · Answer 1 · answered Jan 24 '22 at 12:04

There are several approaches to managing secrets.

The standard unix password manager, or pass is a popular solution.

SSH logins are either done with user passwords, public keys stored in ~/.ssh, or some PAM config.
pubkeys and the .ssh directory must have access restrictions set, so nobody but the owner can access them.

How to manage passwords on Linux without a Desktop Environment?

1 Answers1