I’m working on my Thesis where the Python application that connects to other linux servers over SSH is implemented. The question is about storing the passwords in the database (whatever kind, let’s say MySQL for now). For sure keeping them not encrypted is a bad idea. But what can I do to feel comfortable with storing this kind of confidential data and use them later to connect to other servers? When I encrypt the password I’ll not be able to use it to login the other machine.
Is the public/private keys set the only option in this case?
In my opinion using key authentication is the best and safest in my opinion for the SSH part and is easy to implement.
Now to the meat of your question. You want to store these keys, or passwords, into a database and still be able to use them. This requires you to have a master password that can decrypt them from said database. This points a point of failure into a single password which is not ideal. You could come up with any number of fancy schemes to encrypt and store these master passwords, but they are still on the machine that is used to log into the other servers and thus still a weak point.
Instead of looking at this from the password storage point of view, look at it from a server security point of view. If someone has access to the server with the python daemon running on it then they can log into any other server thus this is more of a environment security issue than a password one.
If you can think of a way to get rid of this singular point of failure then encrypting and storing the passwords in a remote database will be fine as long as the key/s used to encrypt them are secure and unavailable to anyone else which is outside the realm of the python/database relationship.