LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - General (http://www.linuxquestions.org/questions/linux-general-1/)
-   -   crypt() perl function to encrypt Password in shell scripts or How Encrypt passwords ? (http://www.linuxquestions.org/questions/linux-general-1/crypt-perl-function-to-encrypt-password-in-shell-scripts-or-how-encrypt-passwords-780792/)

balakrishnay 01-08-2010 03:21 AM

crypt() perl function to encrypt Password in shell scripts or How Encrypt passwords ?
 
Hi All,

I Have shell script like this

Code:

#!/usr/bin/expect
set password "XXXXXXXX"
set ipaddr "XX.XX.XX.XX"
set script "/apps12i/send_file.sh"
spawn ssh oracle@$ipaddr $script
expect "*password:*"
send -- "$password\r"
interact

I have hard coded my password in set password "XXXXXXXX" like this . I want to encrypt password over there it should not be visible at all.
I have tried using crypt() .. but i am not able to understand how to use that ..

Can any one help me in giving some sample example to encrypt password in shell script please.

Regards

Bala

datopdog 01-08-2010 05:38 AM

That is not possible, you will have to decrypt the password with in the script anyway. why don't you use ssh keys if you want to secure your password.

You can use keys and set the remote side to only allow that login to execute specific commands.

balakrishnay 01-08-2010 05:42 AM

Hi,

I have tried using SSH keys but its not working for me .. its again and again prompting me to enter password.

Infact i have tried a lot to debug also for SSH keys no LUCK !!.

Is there any other way to encrypt Hardcoded passwords in shell scripts ?

Regards

Bala

Quote:

Originally Posted by datopdog (Post 3818657)
That is not possible, you will have to decrypt the password with in the script anyway. why don't you use ssh keys if you want to secure your password.

You can use keys and set the remote side to only allow that login to execute specific commands.


datopdog 01-08-2010 05:44 AM

What distros are you using on the client and server side ? It is usually a permissions problem which causes the key to be rejected.

balakrishnay 01-08-2010 05:52 AM

Hi,

I am not able to understand this distros

Regards


Quote:

Originally Posted by datopdog (Post 3818670)
What distros are you using on the client and server side ? It is usually a permissions problem which causes the key to be rejected.


datopdog 01-08-2010 05:53 AM

Quote:

Originally Posted by balakrishnay (Post 3818682)
Hi,

I am not able to understand this distros

Regards

What kind of Linux (Fedora|RHEL|Slackware|debian|etc) are you using ?

balakrishnay 01-08-2010 06:06 AM

XXXXXXXXXXXX/apps12i]cat /etc/redhat-release
Red Hat Enterprise Linux AS release 4 (Nahant Update 7)

Regards

Quote:

Originally Posted by datopdog (Post 3818684)
What kind of Linux (Fedora|RHEL|Slackware|debian|etc) are you using ?


jschiwal 01-08-2010 06:09 AM

Did you read the instructions for configuring public key authentication for ssh in the sshd_config file?
Code:

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'
.
UsePAM yes

I'm not certain from your post whether you are prompted for the password by ssh, or whether it is an oracle account password or both.

If you have a script or config file that contains a password, you need to take care who has read access to the file. Also if a script contains a password, check if the environment for its process is readible (if it is contained in a variable). A command that takes a password often deletes or blanks out the password argument from the commands argument list as soon as it's read in by the program.

datopdog 01-08-2010 06:09 AM

Try
Code:

restorecon -r ~/.ssh
if you have selinux on and make sure the permissions on your .ssh are correct ie 0600

balakrishnay 01-08-2010 06:41 AM

I am accessing both the test servers from Putty session .. i have closed the session to restart my session freshly .. i am not able to connect now .. i have to change the config again in sshd_config file .

Normally we access servers though putty only on my machine .. it should prompt for password but it is not ?

I appreciate your response very much .. thank you.

this requirement is only for ssh .. but i have written lots shell scripts to run my oracle scripts to connect to database , Even there also i have hard coded my password .. i would like to encrypt can this be done ?

Regards

Bala



Quote:

Originally Posted by datopdog (Post 3818703)
Try
Code:

restorecon -r ~/.ssh
if you have selinux on and make sure the permissions on your .ssh are correct ie 0600


datopdog 01-08-2010 06:45 AM

No it cannot be done the remote side does not accept an encrypted password. The best option is to get your keys working.

jschiwal 01-08-2010 07:43 AM

If you load your private key in the putty keygen program, an openssh style public key is printed near the top of the dialog. However, if I had to use a windows client, I would install cygwin and use cygwin's ssh client.

Running "ssh -vv" will print out debug information. Also check the logs on the server. They may indicate a problem such as permissions.
The permissions of the user's home directory may cause a failure as well.

I had a situation where I used a "AllowUsers" entry using user@host which failed, but user@host.domain worked. It was the reverse DNS lookup phase that caused the the authentication failure.

balakrishnay 01-09-2010 12:05 AM

Hi,

Same issue

ssobtest3.koel.co.in/apps12i]ssh -v oracle@ssobtest1
OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to ssobtest1 [10.1.1.71] port 22.
debug1: Connection established.
debug1: identity file /apps12i/.ssh/identity type -1
debug1: identity file /apps12i/.ssh/id_rsa type -1
debug1: identity file /apps12i/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.9p1
debug1: match: OpenSSH_3.9p1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.9p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'ssobtest1' is known and matches the RSA host key.
debug1: Found key in /apps12i/.ssh/known_hosts:4
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug1: Authentications that can continue: publickey,gssapi-with-mic
debug1: Authentications that can continue: publickey,gssapi-with-mic
debug1: Next authentication method: publickey
debug1: Trying private key: /apps12i/.ssh/identity
debug1: Trying private key: /apps12i/.ssh/id_rsa
debug1: Trying private key: /apps12i/.ssh/id_dsa
debug1: No more authentication methods to try.
Permission denied (publickey,gssapi-with-mic).

Regards

Bala
Quote:

Originally Posted by jschiwal (Post 3818804)
If you load your private key in the putty keygen program, an openssh style public key is printed near the top of the dialog. However, if I had to use a windows client, I would install cygwin and use cygwin's ssh client.

Running "ssh -vv" will print out debug information. Also check the logs on the server. They may indicate a problem such as permissions.
The permissions of the user's home directory may cause a failure as well.

I had a situation where I used a "AllowUsers" entry using user@host which failed, but user@host.domain worked. It was the reverse DNS lookup phase that caused the the authentication failure.


jschiwal 01-14-2010 09:35 AM

What do the logs on the server say.
Could you post your sshd_config file (on the server)?

By the way, after installing a new distro and setting up ssh, I will ssh in using username/password and keep that session open. I will test it from another terminal session. that way I can reverse any changes.


All times are GMT -5. The time now is 01:19 AM.