LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices


Reply
  Search this Thread
Old 12-06-2011, 09:48 PM   #1
metallica1973
Senior Member
 
Registered: Feb 2003
Location: Washington D.C
Posts: 2,176

Rep: Reputation: 60
Masking Password from within a Bash Shell Script


Is there a way to mask the password inside of a script to minimize the impact of a comprimised server? So

Code:
ssh -o "PasswordAuthentication no" -o "HostbasedAuthentication yes" -l testuser 192.168.3.1 "mysqldump --opt --all-databases -u root -pPassword| gzip" > $backup_dir/mysqldump.gz
a seperate password file maybe and using backticks? Just throwing stuff out there

http://http://www.askdavetaylor.com/...ll_script.html

Code:
ssh -o "PasswordAuthentication no" -o "HostbasedAuthentication yes" -l testuser 192.168.3.1 "mysqldump --opt --all-databases -u root -p`cat /some/dir/passwd_file`| gzip" > $backup_dir/mysqldump.gz

Last edited by metallica1973; 12-06-2011 at 10:09 PM.
 
Old 12-07-2011, 01:14 AM   #2
EricTRA
LQ Guru
 
Registered: May 2009
Location: Gibraltar, Gibraltar
Distribution: Fedora 20 with Awesome WM
Posts: 6,805
Blog Entries: 1

Rep: Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295
Hello,

You could always encrypt your entire shell script with SHC as described here. That will not only hide the password but also the code you're executing if you want to hide for example the IP addresses you're connecting to.

Kind regards,

Eric
 
Old 12-07-2011, 10:05 AM   #3
Proud
Senior Member
 
Registered: Dec 2002
Location: England
Distribution: Used to use Mandrake/Mandriva
Posts: 2,794

Rep: Reputation: 116Reputation: 116
Er, is that just packing the decryption key along with the encrypted thing, making it obfuscation rather than security?
 
1 members found this post helpful.
Old 12-07-2011, 11:13 AM   #4
EricTRA
LQ Guru
 
Registered: May 2009
Location: Gibraltar, Gibraltar
Distribution: Fedora 20 with Awesome WM
Posts: 6,805
Blog Entries: 1

Rep: Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295
Hi,

I wouldn't know exactly. Had to look up which algorithm it uses and this is what I found:
Quote:
RC4 is a stream cipher designed by Rivest for RSA Data Security (now RSA Security). It is a variable key-size stream cipher with byte-oriented operations. The algorithm is based on the use of a random permutation. Analysis shows that the period of the cipher is overwhelmingly likely to be greater than 10100. Eight to sixteen machine operations are required per output byte, and the cipher can be expected to run very quickly in software. Independent analysts have scrutinized the algorithm and it is considered secure.
and this:
http://en.wikipedia.org/wiki/RC4.

Another solution, more complicated and involving license and client runtime environment is this:
wzshSDK. They state to use modern crypto technologies but haven't found further information yet.

Kind regards,

Eric
 
1 members found this post helpful.
Old 12-07-2011, 11:20 AM   #5
Proud
Senior Member
 
Registered: Dec 2002
Location: England
Distribution: Used to use Mandrake/Mandriva
Posts: 2,794

Rep: Reputation: 116Reputation: 116
Just because it's encrypted doesn't make it any more secure. If that one produced file is able to decrypt itself and then execute, it must contain the key as well as the data you're hoping to hide. It's like DRM, it can't let one person use it and stop another from taking a peek/copy unless the decryption key is securely stored elsewhere.
 
2 members found this post helpful.
Old 12-07-2011, 11:26 AM   #6
corp769
LQ Guru
 
Registered: Apr 2005
Posts: 5,818

Rep: Reputation: 1004Reputation: 1004Reputation: 1004Reputation: 1004Reputation: 1004Reputation: 1004Reputation: 1004Reputation: 1004
And that's the issue when doing it like how the OP wants to...... It's better off storing the password in a separate file, encrypting it, and sending that file over SSH to be decrypted by the other computer/server.
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Disable password masking? genogebot Linux - Newbie 12 07-21-2010 06:32 AM
Scripting help/advise on hiding/masking username/password newbie01.linux Linux - General 2 03-15-2010 10:29 AM
Unable to type password after user name in BASH SHELL Nack Linux - Newbie 6 10-28-2009 12:17 AM
in bash shell how to run shell script during startup rammohan04 Red Hat 2 07-31-2009 03:07 AM
How to tell shell script a password? Etoile Linux - Newbie 5 04-05-2006 10:16 PM

LinuxQuestions.org > Forums > Non-*NIX Forums > Programming

All times are GMT -5. The time now is 07:54 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration