LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Automate ftp session without bare password being seen (https://www.linuxquestions.org/questions/linux-newbie-8/automate-ftp-session-without-bare-password-being-seen-794661/)

Jerry Mcguire 03-11-2010 04:53 AM
Automate ftp session without bare password being seen
 
Hi all,

I need to ftp some files nightly from my linux box to an arbituary ftp server not controlled by me.

The ftp server admin has granted me an account for the purpose, but do not wish me to store the plain username or password in any script files for security reasons. How can I do that?

the wrong way would be:
Code:
$ cat my_script
open server_address
user plane_ftp_username plane_ftp_password
put a.txt
put b.txt
bye

$ ftp -inv < my_script > my_log &
Thank you.

p.s.
I could request the ftp username of my choice though.

smoker 03-11-2010 04:59 AM
If you chmod your script 700 then only you can read it or execute it.

FTP passes the username and password in plain text anyway.
Better off using scp.

sohail0399 03-11-2010 05:04 AM
there is a solution which is scp and key based authentication


first you have to generate public keys

using command:
ssh-keygen

key geneterd would be at
~/.ssh/

than you have to copy your public keys to that systems

and save your keys at remote machine:
~/.ssh/authorized_keys

then verify it by ssh username@IP_Address
it will not ask for password

then you can use command to copy data
scp file.txt username@IP_address:


first test all this things then you can also set cron job.

vinaytp 03-11-2010 05:06 AM
Hi Jerry Mcguire,

I agree SSH better implements this, as said by sohail0399.

If you have only access to ftp then here are few tips to you.

Apart from 700 permission, you may use encryption before you open and write that file in vi.

Open the file this way
Code:
vi -x my_script
It prompts you to enter an encryption key. Next time to open the file you have to provide this key to view and change the contents of the file.

This is just a way to protect your file. But the data will be sent unencrypted in the network

jamescondron 03-11-2010 06:08 AM
May I ask, how would the admin know if you saved the passwords or not?

smoker 03-11-2010 07:22 AM
Quote:
Originally Posted by vinaytp (Post 3894015)
Hi Jerry Mcguire,

I agree SSH better implements this, as said by sohail0399.

If you have only access to ftp then here are few tips to you.

Apart from 700 permission, you may use encryption before you open and write that file in vi.

Open the file this way
Code:
vi -x my_script
It prompts you to enter an encryption key. Next time to open the file you have to provide this key to view and change the contents of the file.

This is just a way to protect your file. But the data will be sent unencrypted in the network
Can you run an encrypted shell script ?

vinaytp 03-11-2010 07:42 AM
Quote:
Originally Posted by smoker (Post 3894157)
Can you run an encrypted shell script ?
Ahhh, I did not notice this. It is not possible. I just thought of hiding the password.

Jerry Mcguire 03-11-2010 07:42 PM
Not solved yet.

Storing the password in plain text is prohibited by company policy.

Quote:
copy your public keys to that systems and save your keys at remote machine:
~/.ssh/authorized_keys
won't work neither. The other party is not Unix/Linux, possibly Windows. I do not have control over the ftp server, remember?

Quote:
FTP passes the username and password in plain text anyway.
That's right. Glad the big guys don't read our forum. Shh!!... or we will be the next waves of trouble.

sohail0399 03-11-2010 11:42 PM
ok fine

if you want use only script of FTP then you can also save the password in the script and
encryption is also possible, i have used it for telnet script

i have also tested "vi -x my_script"
its encrypted the file but script can not be run so

may be this would helpful to you check this link:

http://www.linuxsecurity.com/content...117920/49/1/1/


All times are GMT -5. The time now is 07:09 PM.