LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 04-07-2016, 04:30 AM   #1
aristosv
Member
 
Registered: Dec 2014
Posts: 197

Rep: Reputation: 3
hiding passwords in bash scirpts


In Powershell if I want to hide the password in a script, I run this command:
Code:
Read-Host -assecurestring | convertfrom-securestring | Out-File C:\tmp\password.txt
I get a popup, enter my password and the text file is created containing a very long string of characters. If I need to use the password in a script I use this:
Code:
Get-Content C:\tmp\password.txt | ConvertTo-SecureString
This is convenient because I don't get password prompts when running scripts.

How can I do this on Linux, in a bash script?
 
Old 04-07-2016, 05:36 AM   #2
Shadow_7
Senior Member
 
Registered: Feb 2003
Distribution: debian
Posts: 4,030
Blog Entries: 1

Rep: Reputation: 852Reputation: 852Reputation: 852Reputation: 852Reputation: 852Reputation: 852Reputation: 852
Your script or someone elses? You can redirect things to a script <<. And there's expect that can take care of repetitive interactions with scripts. And then there's public and private keys that can be used instead of passwords for some things.
 
Old 04-07-2016, 06:19 AM   #3
aristosv
Member
 
Registered: Dec 2014
Posts: 197

Original Poster
Rep: Reputation: 3
It's my script. Can any of your suggestions encrypt a password to a file (as I indicated in the original post) and then use that file for authentication purposes when running a bash script? It doesn't matter what the script runs. When authentication is needed, the script should be able to use that file.
 
Old 04-07-2016, 06:44 AM   #4
pan64
LQ Guru
 
Registered: Mar 2012
Location: Hungary
Distribution: debian/ubuntu/suse ...
Posts: 13,873

Rep: Reputation: 4482Reputation: 4482Reputation: 4482Reputation: 4482Reputation: 4482Reputation: 4482Reputation: 4482Reputation: 4482Reputation: 4482Reputation: 4482Reputation: 4482
I do not really understand it. A script easily can be copied and modified, therefore that password checking can be skipped or the password can be stolen
 
Old 04-07-2016, 06:53 AM   #5
ilesterg
Member
 
Registered: Jul 2012
Location: München
Distribution: Debian, CentOS/RHEL
Posts: 583

Rep: Reputation: 72
Hi,

For what will be the password used for?
 
Old 04-07-2016, 06:55 AM   #6
ilesterg
Member
 
Registered: Jul 2012
Location: München
Distribution: Debian, CentOS/RHEL
Posts: 583

Rep: Reputation: 72
Quote:
Originally Posted by pan64 View Post
I do not really understand it. A script easily can be copied and modified, therefore that password checking can be skipped or the password can be stolen
Agree. If I have a ready permission on the script, it wouldn't matter if the password it contains is encrypted or not - I can redo what the script is doing and provide the password is contains.
 
Old 04-07-2016, 06:56 AM   #7
aristosv
Member
 
Registered: Dec 2014
Posts: 197

Original Poster
Rep: Reputation: 3
The point is not to have the password shown in plain text inside the script (or in any file for that matter). The script can run, as long as the password file is located next to the script.

This is not a production environment. There are no risks even if someone has the script and the password file. But when I'm writing/testing/troubleshooting the script, I don't want popups all the time asking me for passwords. But I also don't want to have the password in plain text. Neither in the script itself or anywhere else. So its kept encrypted in password.txt.

Yes if someone has the script and the file they can run the script successfully. But no damage will be done and they have no way of knowing the password.
 
Old 04-07-2016, 07:27 AM   #8
schneidz
LQ Guru
 
Registered: May 2005
Location: boston, usa
Distribution: fc-15/ fc-20-live-usb/ aix
Posts: 5,281

Rep: Reputation: 916Reputation: 916Reputation: 916Reputation: 916Reputation: 916Reputation: 916Reputation: 916Reputation: 916
i'm trying to look in my crystal ball but its not very clear.

if this is for haxing around su/sudo then check out the visudo command.

if this is for ssh/scp/sshfs then search for ssh using key based authorization.
 
Old 04-07-2016, 07:30 AM   #9
ilesterg
Member
 
Registered: Jul 2012
Location: München
Distribution: Debian, CentOS/RHEL
Posts: 583

Rep: Reputation: 72
Quote:
Originally Posted by aristosv View Post
Yes if someone has the script and the file they can run the script successfully. But no damage will be done and they have no way of knowing the password.
Fair enough. Fine. How exactly then is your password used?
 
Old 04-07-2016, 07:39 AM   #10
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 9,078
Blog Entries: 4

Rep: Reputation: 3179Reputation: 3179Reputation: 3179Reputation: 3179Reputation: 3179Reputation: 3179Reputation: 3179Reputation: 3179Reputation: 3179Reputation: 3179Reputation: 3179
You really can't "hide" a password in a script. What you need to do is to have some other form of authentication that will allow the host to recognize the script.
 
Old 04-07-2016, 07:46 AM   #11
aristosv
Member
 
Registered: Dec 2014
Posts: 197

Original Poster
Rep: Reputation: 3
The script will connect on multiple ftp servers using lftp (local insecure servers working on port 21) to download/synchronize various files.
Again, security is of no concern. This is an old legacy environment which has been completely isolated because is no longer supported. Still, I don't want passwords to be visible in scripts.
 
Old 04-07-2016, 07:48 AM   #12
aristosv
Member
 
Registered: Dec 2014
Posts: 197

Original Poster
Rep: Reputation: 3
Quote:
Originally Posted by sundialsvcs View Post
You really can't "hide" a password in a script. What you need to do is to have some other form of authentication that will allow the host to recognize the script.
I find it hard to believe that there's something I can do in Windows, and I can't do it in Linux.
 
Old 04-07-2016, 07:59 AM   #13
pan64
LQ Guru
 
Registered: Mar 2012
Location: Hungary
Distribution: debian/ubuntu/suse ...
Posts: 13,873

Rep: Reputation: 4482Reputation: 4482Reputation: 4482Reputation: 4482Reputation: 4482Reputation: 4482Reputation: 4482Reputation: 4482Reputation: 4482Reputation: 4482Reputation: 4482
you need to explain your workflow. What will be stored in which file, where/how do you want to use that secured password? What should be protected?
Remember you do not use script in windows but a binary executable (but probably I missed something).
If you have a powershell script you may also try to post it and we will help you to convert it to unix/bash somehow.
 
Old 04-07-2016, 08:04 AM   #14
ilesterg
Member
 
Registered: Jul 2012
Location: München
Distribution: Debian, CentOS/RHEL
Posts: 583

Rep: Reputation: 72
Quote:
Originally Posted by pan64 View Post
If you have a powershell script you may also try to post it and we will help you to convert it to unix/bash somehow.
Exactly why I was interested to know how the password is being used. I can't imagine a powershell/cmd script which makes use of an "encrypted" string as a credential but will still be able to connect to an ftp server.
 
Old 04-07-2016, 08:13 AM   #15
aristosv
Member
 
Registered: Dec 2014
Posts: 197

Original Poster
Rep: Reputation: 3
Its basically a simple bash script that is scheduled to run every 24 hours. It connects to multiple ftp servers and synchronizes the files it finds, locally. If you exclude all the variables its a single line that runs lftp with various switches/options.

Ideally, in the script, I want to replace the passwords of the ftp servers with a command or a variable that will read the passwords from an encrypted file. I didn't really want to make a big deal out of this, that's why I simply posted what I usually do with Powershell, and if it can be done with Linux.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Bash script to keep an encrypted text file of passwords LXer Syndicated Linux News 0 02-08-2015 06:21 AM
Hiding bash script contents glennbtn Linux - Server 2 08-08-2013 04:00 AM
Bash for multiple accounts with auto-gen passwords vivchowd Red Hat 3 02-01-2013 04:25 AM
BASH scripting: Hide plain text passwords sqn Programming 7 06-16-2010 05:55 AM
Sync MySQL passwords with local account passwords? turbine216 Linux - Software 2 02-18-2005 03:15 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 01:53 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration