Add --sudo-password flag for automated sudo authentication

[inureyes]

Problem

Currently, bssh cannot automatically respond to sudo password prompts when executing commands that require sudo privileges across multiple cluster nodes. Users must resort to workarounds such as:

• Configuring NOPASSWD in sudoers
• Using echo password | sudo -S which exposes passwords in shell history
• Manual password entry per node (not practical for parallel execution)

This limitation makes it difficult to perform automated administrative tasks like system updates, service restarts, or configuration changes across clusters that require sudo authentication.

Proposed Solution

Add a --sudo-password (or -S) flag that:

1. Prompts for sudo password securely (no echo in terminal)
2. Detects sudo password prompts from command output
3. Automatically sends the password to all nodes when sudo prompts are detected
4. Works seamlessly with parallel execution across multiple nodes

Implementation Details

CLI Changes

• Add --sudo-password flag to CLI (boolean)
• When flag is present, securely prompt for password before command execution
• Support environment variable BSSH_SUDO_PASSWORD as alternative input method

Core Logic

1. Password Input (in src/cli.rs):

   • Use rpassword crate for secure password input (no terminal echo)
   • Validate password is provided before execution begins

2. Prompt Detection (in src/ssh/client/command.rs):

   • Monitor SSH channel output for sudo password prompts:
     • [sudo] password for {user}:
     • Password:
     • {user}'s password:
   • Pattern matching should be case-insensitive and handle variations

3. Password Injection (in src/executor/parallel.rs):

   • When sudo prompt detected, write password + newline to stdin
   • Handle timeout if prompt doesn't appear within reasonable time
   • Clear password from memory after use (use zeroize crate)

4. Error Handling:

   • Detect "incorrect password" responses
   • Provide clear error messages per node
   • Continue execution on other nodes if one fails authentication

Usage Examples

# Interactive password prompt
bssh -C production --sudo-password "sudo apt update && sudo apt upgrade -y"
Enter sudo password: ******

# Using environment variable (not recommended for production)
export BSSH_SUDO_PASSWORD='mypassword'
bssh -C production --sudo-password "sudo systemctl restart nginx"

# Combined with other options
bssh -C staging -i ~/.ssh/key --sudo-password "sudo reboot"

# With TUI mode
bssh -C production --sudo-password "sudo tail -f /var/log/syslog"

Security Considerations

Must implement:

• ✅ Zero-copy password handling with zeroize crate
• ✅ Never log or print sudo password
• ✅ Clear password from memory immediately after use
• ✅ Warn users about environment variable security risks in documentation
• ✅ No password in command history (prompt-based input)

Documentation requirements:

• Security best practices for sudo password usage
• Recommendation to use NOPASSWD sudoers when possible
• Warning about BSSH_SUDO_PASSWORD environment variable risks
• Comparison with alternative approaches

Files to Modify

src/
├── cli.rs                    # Add --sudo-password flag
├── commands/exec.rs          # Handle sudo password parameter
├── executor/parallel.rs      # Pass password to execution logic
└── ssh/
    ├── client/
    │   └── command.rs        # Detect sudo prompts, inject password
    └── tokio_client/
        └── channel_manager.rs # Low-level stdin writing

Cargo.toml                    # Add dependencies: rpassword, zeroize
README.md                     # Document new feature
ARCHITECTURE.md               # Document implementation approach

Dependencies to Add

[dependencies]
rpassword = "7.4"            # Secure password input
zeroize = "1.8"              # Secure password clearing

Testing Plan

1. Unit Tests:

   • Sudo prompt pattern matching
   • Password injection logic
   • Error handling for incorrect passwords

2. Integration Tests:

   • Execute sudo command with correct password
   • Handle incorrect password gracefully
   • Multi-node parallel execution
   • Timeout scenarios

3. Manual Testing Scenarios:

   • Single node sudo command
   • Multi-node cluster update
   • Interactive mode with sudo
   • Various sudo prompt formats
   • Password rejection handling

Related Issues/PRs

• Related to authentication improvements
• Complements existing password authentication (--password flag)
• Part of broader automation capabilities

Priority

Medium - This is a quality-of-life improvement that makes cluster administration significantly easier, though workarounds exist.

Additional Notes

• Consider adding --sudo-user flag for sudo -u scenarios in future
• May want to support different sudo prompt patterns per cluster in config file
• Could extend to support doas (OpenBSD sudo alternative) in future

[inureyes]

Implementation Complete ✅

PR #78 has been created with all requested functionality:

Features Implemented

• -S/--sudo-password CLI flag for secure password prompting
• BSSH_SUDO_PASSWORD environment variable support
• Sudo prompt detection for various Linux distributions
• Password injection via PTY for proper sudo interaction
• Works with both streaming and non-streaming execution paths

Security Measures

• secrecy::SecretString for secure memory handling
• zeroize crate for automatic memory clearing
• Empty password validation with clear error messages
• 64KB buffer limit to prevent memory exhaustion
• Password never logged or printed in any output
• Debug output properly redacts password content

Documentation

• Updated README.md with usage examples and security warnings
• Updated ARCHITECTURE.md with implementation details

See PR #78: #78