LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Blogs > Musings on technology, philosophy, and life in the corporate world
User Name
Password

Notices

Hi. I'm a Unix Administrator, mathematics enthusiast, and amateur philosopher. This is where I rant about that which upsets me, laugh about that which amuses me, and jabber about that which holds my interest most: Unix.
Rate this Entry

Silly trick to keep cleartext passwords off your hard-drive...

Posted 12-15-2008 at 03:08 PM by rocket357
Updated 12-15-2008 at 03:19 PM by rocket357

I "inherited" a password list for the servers I maintain. It's huge. I don't think I could memorize them all if I tried. Seriously, 200+ something machines, each with a root or administrator password, postgres or sa password, and user passwords for standard services? I'd do good to remember the passwords for *one* machine...

So I get this bright idea...I certainly don't want to store them electronically in plaintext without some safety mechanism...my desktop machine is running OpenBSD 4.4 so I'm not terribly worried about remote break-ins, but I do sometimes forget to lock my workstation when I wander off to get coffee...so I wrote a little script to guard against the office gnomes...

Say hello to pycrypto (if you read my first post, you'd know I love Python heh). A quick "build script" that uses pickle, Crypto.Cipher and Crypto.Hash, and I have an encrypted on-disk dictionary of host_user:encrypted_password pairs. Another script to allow other scripts access to the passphrase challenge, and I'm in business.

I can now access any of my machines via a simple import, __init__(), get_site(<host_user>) script. It works beautifully, and it beats storing the passwords in an Excel file. I'll post the source for the build script and decrypt script if anyone wants to see.


Now the weak link is the master passphrase...which I could encrypt in *another* script which could have.....

heh, just kidding =)
Posted in Uncategorized
Views 920 Comments 0
« Prev     Main     Next »
Total Comments 0

Comments

 

  



All times are GMT -5. The time now is 08:28 AM.

Main Menu
Advertisement

My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration