LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 01-08-2010, 03:21 AM   #1
balakrishnay
Member
 
Registered: Sep 2009
Posts: 31

Rep: Reputation: 15
crypt() perl function to encrypt Password in shell scripts or How Encrypt passwords ?


Hi All,

I Have shell script like this

Code:
#!/usr/bin/expect
set password "XXXXXXXX"
set ipaddr "XX.XX.XX.XX"
set script "/apps12i/send_file.sh"
spawn ssh oracle@$ipaddr $script
expect "*password:*"
send -- "$password\r"
interact
I have hard coded my password in set password "XXXXXXXX" like this . I want to encrypt password over there it should not be visible at all.
I have tried using crypt() .. but i am not able to understand how to use that ..

Can any one help me in giving some sample example to encrypt password in shell script please.

Regards

Bala
 
Old 01-08-2010, 05:38 AM   #2
datopdog
Member
 
Registered: Feb 2008
Location: JHB South Africa
Distribution: Centos, Kubuntu, Cross LFS, OpenSolaris
Posts: 806

Rep: Reputation: 41
That is not possible, you will have to decrypt the password with in the script anyway. why don't you use ssh keys if you want to secure your password.

You can use keys and set the remote side to only allow that login to execute specific commands.
 
Old 01-08-2010, 05:42 AM   #3
balakrishnay
Member
 
Registered: Sep 2009
Posts: 31

Original Poster
Rep: Reputation: 15
Hi,

I have tried using SSH keys but its not working for me .. its again and again prompting me to enter password.

Infact i have tried a lot to debug also for SSH keys no LUCK !!.

Is there any other way to encrypt Hardcoded passwords in shell scripts ?

Regards

Bala

Quote:
Originally Posted by datopdog View Post
That is not possible, you will have to decrypt the password with in the script anyway. why don't you use ssh keys if you want to secure your password.

You can use keys and set the remote side to only allow that login to execute specific commands.

Last edited by balakrishnay; 01-08-2010 at 05:50 AM.
 
Old 01-08-2010, 05:44 AM   #4
datopdog
Member
 
Registered: Feb 2008
Location: JHB South Africa
Distribution: Centos, Kubuntu, Cross LFS, OpenSolaris
Posts: 806

Rep: Reputation: 41
What distros are you using on the client and server side ? It is usually a permissions problem which causes the key to be rejected.
 
Old 01-08-2010, 05:52 AM   #5
balakrishnay
Member
 
Registered: Sep 2009
Posts: 31

Original Poster
Rep: Reputation: 15
Hi,

I am not able to understand this distros

Regards


Quote:
Originally Posted by datopdog View Post
What distros are you using on the client and server side ? It is usually a permissions problem which causes the key to be rejected.
 
Old 01-08-2010, 05:53 AM   #6
datopdog
Member
 
Registered: Feb 2008
Location: JHB South Africa
Distribution: Centos, Kubuntu, Cross LFS, OpenSolaris
Posts: 806

Rep: Reputation: 41
Quote:
Originally Posted by balakrishnay View Post
Hi,

I am not able to understand this distros

Regards
What kind of Linux (Fedora|RHEL|Slackware|debian|etc) are you using ?
 
Old 01-08-2010, 06:06 AM   #7
balakrishnay
Member
 
Registered: Sep 2009
Posts: 31

Original Poster
Rep: Reputation: 15
XXXXXXXXXXXX/apps12i]cat /etc/redhat-release
Red Hat Enterprise Linux AS release 4 (Nahant Update 7)

Regards

Quote:
Originally Posted by datopdog View Post
What kind of Linux (Fedora|RHEL|Slackware|debian|etc) are you using ?

Last edited by balakrishnay; 01-08-2010 at 06:07 AM.
 
Old 01-08-2010, 06:09 AM   #8
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
Did you read the instructions for configuring public key authentication for ssh in the sshd_config file?
Code:
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes
I'm not certain from your post whether you are prompted for the password by ssh, or whether it is an oracle account password or both.

If you have a script or config file that contains a password, you need to take care who has read access to the file. Also if a script contains a password, check if the environment for its process is readible (if it is contained in a variable). A command that takes a password often deletes or blanks out the password argument from the commands argument list as soon as it's read in by the program.
 
Old 01-08-2010, 06:09 AM   #9
datopdog
Member
 
Registered: Feb 2008
Location: JHB South Africa
Distribution: Centos, Kubuntu, Cross LFS, OpenSolaris
Posts: 806

Rep: Reputation: 41
Try
Code:
restorecon -r ~/.ssh
if you have selinux on and make sure the permissions on your .ssh are correct ie 0600
 
Old 01-08-2010, 06:41 AM   #10
balakrishnay
Member
 
Registered: Sep 2009
Posts: 31

Original Poster
Rep: Reputation: 15
I am accessing both the test servers from Putty session .. i have closed the session to restart my session freshly .. i am not able to connect now .. i have to change the config again in sshd_config file .

Normally we access servers though putty only on my machine .. it should prompt for password but it is not ?

I appreciate your response very much .. thank you.

this requirement is only for ssh .. but i have written lots shell scripts to run my oracle scripts to connect to database , Even there also i have hard coded my password .. i would like to encrypt can this be done ?

Regards

Bala



Quote:
Originally Posted by datopdog View Post
Try
Code:
restorecon -r ~/.ssh
if you have selinux on and make sure the permissions on your .ssh are correct ie 0600
 
Old 01-08-2010, 06:45 AM   #11
datopdog
Member
 
Registered: Feb 2008
Location: JHB South Africa
Distribution: Centos, Kubuntu, Cross LFS, OpenSolaris
Posts: 806

Rep: Reputation: 41
No it cannot be done the remote side does not accept an encrypted password. The best option is to get your keys working.
 
Old 01-08-2010, 07:43 AM   #12
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
If you load your private key in the putty keygen program, an openssh style public key is printed near the top of the dialog. However, if I had to use a windows client, I would install cygwin and use cygwin's ssh client.

Running "ssh -vv" will print out debug information. Also check the logs on the server. They may indicate a problem such as permissions.
The permissions of the user's home directory may cause a failure as well.

I had a situation where I used a "AllowUsers" entry using user@host which failed, but user@host.domain worked. It was the reverse DNS lookup phase that caused the the authentication failure.

Last edited by jschiwal; 01-08-2010 at 07:47 AM.
 
Old 01-09-2010, 12:05 AM   #13
balakrishnay
Member
 
Registered: Sep 2009
Posts: 31

Original Poster
Rep: Reputation: 15
Hi,

Same issue

ssobtest3.koel.co.in/apps12i]ssh -v oracle@ssobtest1
OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to ssobtest1 [10.1.1.71] port 22.
debug1: Connection established.
debug1: identity file /apps12i/.ssh/identity type -1
debug1: identity file /apps12i/.ssh/id_rsa type -1
debug1: identity file /apps12i/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.9p1
debug1: match: OpenSSH_3.9p1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.9p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'ssobtest1' is known and matches the RSA host key.
debug1: Found key in /apps12i/.ssh/known_hosts:4
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug1: Authentications that can continue: publickey,gssapi-with-mic
debug1: Authentications that can continue: publickey,gssapi-with-mic
debug1: Next authentication method: publickey
debug1: Trying private key: /apps12i/.ssh/identity
debug1: Trying private key: /apps12i/.ssh/id_rsa
debug1: Trying private key: /apps12i/.ssh/id_dsa
debug1: No more authentication methods to try.
Permission denied (publickey,gssapi-with-mic).

Regards

Bala
Quote:
Originally Posted by jschiwal View Post
If you load your private key in the putty keygen program, an openssh style public key is printed near the top of the dialog. However, if I had to use a windows client, I would install cygwin and use cygwin's ssh client.

Running "ssh -vv" will print out debug information. Also check the logs on the server. They may indicate a problem such as permissions.
The permissions of the user's home directory may cause a failure as well.

I had a situation where I used a "AllowUsers" entry using user@host which failed, but user@host.domain worked. It was the reverse DNS lookup phase that caused the the authentication failure.
 
Old 01-14-2010, 09:35 AM   #14
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
What do the logs on the server say.
Could you post your sshd_config file (on the server)?

By the way, after installing a new distro and setting up ssh, I will ssh in using username/password and keep that session open. I will test it from another terminal session. that way I can reverse any changes.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
encrypt and decrypt using encrypt(char block[64], int edflag) rockwell_001 Linux - Security 3 08-30-2009 09:16 AM
SLES 10.1 Samba 3.0 unable to confirm encrypt passwords = yes with testparam rayman1163 Suse/Novell 0 05-14-2009 07:03 PM
LVM and dm-crypt -- best way to encrypt a logical volume? nyle Linux - Newbie 4 01-31-2009 01:53 PM
LXer: How to encrypt a diskdrive in (X)Ubuntu Feisty with dm-crypt and LUKS LXer Syndicated Linux News 0 04-12-2007 10:16 PM
crypt vs encrypt liguorir Linux - Software 3 05-20-2004 10:38 PM


All times are GMT -5. The time now is 11:48 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration