Passing hashed ssh password in a script - linux

I am attempting to make a script to log into a server via ssh I can not use keys in this project. So i am trying to pass a hashed password but I am not having any luck .. here is what I have. Any help would be great.
!/usr/bin/expect -f
spawn ssh nix#server
expect "password:"
send "echo "6YepVNFkMm1YO/WwA+mZEYZrhfVStH4+01fHTCf/La0=" | \
openssl enc -base64 -d -aes-256-cbc -nosalt -pass env:passwd"
interact
Here is the return I get:
nix's password: extra characters after close-quote
while executing
"send "echo "6YepVNFkMm1YO/WwA+mZEYZrhfVStH4+01fHTCf/La0=" | \
openssl enc -base64 -d -aes-256-cbc -nosalt -pass env:passwd"
interact
"

Try this solution:
!/usr/bin/expect -f
spawn ssh nix#localhost
expect "password:"
send "echo '6YepVNFkMm1YO/WwA+mZEYZrhfVStH4+01fHTCf/La0=' | \
openssl enc -base64 -d -aes-256-cbc -nosalt -pass env:passwd"
interact
I replaced those double quotes with single quotes ie "send "echo "6YepVNFkMm1YO/WwA+mZEYZrhfVStH4+01fHTCf/La0=" to "echo '6YepVNFkMm1YO/WwA+mZEYZrhfVStH4+01fHTCf/La0='
Hope it helps.

Related

AES-128 encryption produce different result

I want to encrypt "hello" text using "123456789" key with AES-128 bit encryption cipher, so i go to https://aesencryption.net/ site and tried to encrypt. It gives me result in base64 as 44VUz6QR9WOx3tIzrTVKIg==
Now on linux machine i tried same with openssl cli (with hex converted key and without hex), but it doesnt produce the same result as above website.
echo -n "hello" | ./openssl aes-128-cbc -K 313233343536373839 -iv 00000000000000000000000000000000 -a
OUTPUT:hd7d6N4iUsaeFnp76ZgnmA==
echo -n "hello" | ./openssl aes-128-cbc -k 123456789 -iv 00000000000000000000000000000000 -a -nosalt
OUTPUT: U7lXytP7pnVcOPwi8Hjd7A==
So anyone tell me what am i missing?

How to get key only with openssl command?

How can I just retrieve the key value only with openssl command below?
$ openssl enc -aes-128-cbc -k secret -P -md sha1
Output:
salt=9EFF5E41E21EA17F
key=D0F15A0E51C29FA9E7AC1B63DC4585D3
iv =F0090A64ADB51DE25A28151B0C55DAEA
Thanks!
Use grep and sed in pipes:
$ openssl enc -aes-128-cbc -k secret -P -md sha1 | grep key | sed 's/.*=//'
The grep command filters out lines without "key".
The sed command replaces all characters from the start up to and including the = with nothing (deleting them).
Use the -nosalt option to suppress the use of a salt in the key derivation. But consider that this is not recommended. Note that this key derivation method is also not recommended, especially with sha1.
Anyway, with awk:
$ openssl enc -aes-128-cbc -nosalt -k secret -P -md sha1 |
awk -F= '$1 == "key" {print $2}'
2BB80D537B1DA3E38BD30361AA855686

Decryption in a loop with openssl?

I'm trying to use openssl to decrypt files. I can successfully encrypt them in a loop, but when I try to change the command to make it decrypt, I get "error reading input file."
for f in /dir1/dir2/*.txt ;
do [ -f $f ] && openssl aes-256-cbc enc -in $f -out $f.enc -k PASSWORD ;
done
!the above works for encrypting
for f in /dir1/dir2/*.txt.enc ;
do [ -f $f ] && openssl enc -d -aes-256-cbc -k PASSWORD -in $f -out $f;
done
"error reading input file"
So I've tried making the input file $f.txt.enc, and $f.enc, and similar fiddling with the outfile. No luck.
I think your encoding line has problem, missing - in front of the aes part ... for reference here are lines that work for me:
openssl enc -aes-256-cbc -in $f -out $f.enc -k PASSWORD
openssl enc -aes-256-cbc -d -in $f.enc -out $f.dec -k PASSWORD

Skip password prompt using sh script

I have script that inputs the list of server ips and ssh using pem key to run commands but some servers have password i want to skip that so that it take the next ip ?
Below is the script:
cat privateiptest-ss | while read LINE
do
echo $LINE >> ss-prodcht1.txt
stackname=$LINE
ssh -o "PasswordAuthentication=no" -o "StrictHostKeyChecking no" -t -t -i key.pem ec2-user#$stackname "bash -s" < sh.sh
done
If you use the option BatchMode=yes with ssh, i.e.
ssh -o "BatchMode=yes" -o "StrictHostKeyChecking=no" -t -t -i key.pem ec2-user#$stackname "bash -s" < sh.sh
then ssh will never prompt for a password. For servers that do require a password, ssh will fail.

OpenSSL in bash script

I'm trying to make a bash script in linux where some encrypted data is embedded and then retrieved and decrypted with openssl, like this:
cat | openssl des3 -d -a -salt -pass pass:asdf > output.txt <<EOF
U2FsdGVkX1/zN55FdyL5j1nbDVt5vK4V3WLQrnHPoycCJPwWO0ei3PCrrMqPaxUH.....blablablah data
EOF
The only problem with this, that would otherwise work, is that I have to hit enter when the script reaches this position. I have tried changing the way \n are placed, but no luck.
I can't afford to press manually enter for all the files that are going to be embedded like this one!!
Thanks for your help!
A couple of things wrong here:
You shouldn't use both cat | ... and also a here document (<<EOF). Use one or the other.
Your example isn't testable because the example text is not the DES3 encryption of any input.
This example works as expected:
cat ~/.profile | openssl des3 -e -a -salt -pass pass:asdf -out /tmp/output.txt
That is, it writes an encrypted version of ~/.profile, base64 encoded, to file /tmp/output.txt.
Here's a working decryption example with a here document:
openssl des3 -d -a -salt -pass pass:asdf <<EOF
U2FsdGVkX1/03DBd+MpEKId2hUY82cLWpYltYy2zSsg=
EOF
Try this in the safety and comfort of your own home...

Resources