I try to create my own linux bash script that calls truecrypt for mounting. As option a need to set the password for the truecrypt file. I can do this inside the bash script but if someone open it, they can see the password. The script will later run automatically.
My question: Is there some safe way to hide/encrypt the password?
Example:
truecrypt --mount --password="testing" /home/username/test.tc /home/username/mount/
Thanks for any help!
Use SHC. It encrypts shell scripts using RC4 and makes an executable binary out of the shell script which you can run.
Download SHC(http://www.datsi.fi.upm.es/~frosal/) and install it.
Create a shell script with in "truecrypt --mount --password="testing" /home/username/test.tc /home/username/mount/" andsave it as "yourfilename.sh".
Now, run the command :
shc -f yourfilename.sh
The switch "-f" specifies the source script to encrypt. The above command will create two files: yourfilename.sh.x.c and yourfilename.sh.x.
The program "shc" creates C source code out of your shell script then encrypts it (yourfilename.sh.x.c). The encrypted shell script is: yourfilename.sh.x. Run that binary and it executes your commands:
./script.sh.x
There is no safe way to store the password without someone being able to read it. The only options you have are to use user rights to limit who can see it. You can make the script readable only to the user who's password is in it as one options. Another is to have the script read the password from a file which has a similar permission set (this just gives you more flexibility with updating the script and such).
Ultimately though any admin/superuser can read the file anyways so this isn't something you can do safely. The thing most people suggest is to have the script run automatically and present a GUI for the user to input their password. These vary based on your distribution but they are usually there.
Related
Scenario
I am working on a code to execute pmrep command. I cannot execute this from Unix box as the Code pages are different ( Unix server where I am executing the pmrep command and where the Power centre is installed), and I dont have any other option to exceute it from the Unix Box, because we dont have sudo login and we are connecting from citrix and Informatica is not installed locally.
So we have come up with an option of putting the pmrep commands in .sh script and passing username, password,environment and path variables from an env file. Then executing the above script from a command task in a workflow.
I am able to execute all the pmrep commands (connect, deploy DG etc) using the above process.
Now comes the problem.
I am saving my username and password in the .env file. I would like to remove this.
For pmrep connect command,
I am passing -x $password, I would like to pass the Encrypted password in place of original password.
I have used pmpasswd utility to get encrypted password and stored it in a variable (encrypted_password)
used that variable in place of orginal. -x $encrytped_password
used that variable with -X $encrypted_password.
where -x is used with general password and -X is used with Environmental Password
Both the methods were unsuccessful. with the first one its saying invalid password and with the second one its saying
"The environment variable xteyeZk9BYn91bb4Om7xKg== is undefined."
Please help me with the solution on this. Any help is really appreciated. Please let me know if you need more inputs.
Informatica(r) PMREP, version [9.1.0 HotFix6], build [496.0111], LINUX 64-bit
Rakesh
It should be -X encrypted_password without the $.
I am writing a wrapper shell script wrapper.sh to run bunch of other already available scripts owned by other people and I cannot touch those scripts.
The problem is, there is one script that runs some db specific activities - db_perf_clean.sh. That script is normally executed manually and it prompts for a password at run time. There is no way I can supply the password to it as a parameter and I cannot modify that script. As such I know the db password and I can provide it in wrapper.sh.
Please let me know how can I run that db_perf_clean.sh script inside wrapper.sh like in a silent mode.
Sometimes a script will insist that a password be read from the tty. Often, it will read from stdin. If so, try:
echo password | db_perf_clean.sh
The above has the disadvantage that the password will appear in ps. To avoid that, hide the password in a file and use that file for stdin:
db_perf_clean.sh <file_with_password
If you want the command to be silent, you can throwaway its output:
db_perf_clean.sh <file_with_password >/dev/null 2>&1
Under bash, as opposed to generic shell, that can be slightly simplified:
db_perf_clean.sh <file_with_password &>/dev/null
I found out little different approach instead of writing a password in a file and that worked too ->
db_pass="somevalue"
sh db_perf_clean.sh<<EOM
$db_pass
EOM
I am writing a bourne shell script for the openwrt firware where I want to copy my files from router to linux machine. when i do
scp /etc/clients.txt shah#192.168.1.2:/home/shah/
from inside the router's openwrt firmware, it asks me to give the password. I want to give this password from within the script because this file needs to be copied after every 2 seconds. How can I do this without using expect?
You can try to use sshpass tool but you will need to provide a password in clear text in your script. If that is not a problem you should use it.
sshpass -p 'password' scp /etc/clients.txt shah#192.168.1.2:/home/shah/
Hi I have been given a task of copying files from a given server to local machine. Even I can do it manually using the command line but I need to write a script to automate it. I dont have any clue how to do it using shell, how to give the password which we would have done manually. I went through other posts but did not get the precise answer.
Are there better ways than using SCP command?
Thanks in advance
The preferred + more secure way to do this is to set up ssh key pairs
That being said, if there's a specific need to supply passwords as part of your shell script, you can use pscp, which is part of putty-tools:
If you are on ubuntu, you can install it by:
sudo apt-get install putty-tools
(Or use equivalent package managers depending on your system)
Here's an example script of how to use pscp:
#!/bin/bash
password=hello_world
login=root
IP=127.0.0.1
src_dir=/var/log
src_file_name=abc.txt
dest_folder=/home/username/temp/
pscp -scp -pw $password $login#$IP:$src_dir/$src_file_name $dest_folder
This copies /var/log/abc.txt from the specified remote server to your local /home/username/temp/
Is there any way to pass a password to the linux "su" command? I'm attempting to automate a deployment using sshexec and Ant. As part of that I need to execute the "su" command, but I can find no way to give it a password. The su command does not have the -S switch like sudo. I've tried using the commandResource and input properties on sshexec, but I just get an "su: Sorry" back.
Before anyone thinks I am, I am not storing passwords in files. The script to execute is being generated in memory in Ant based on prompting for a password.
Not an expert at this but you should probably use sudo instead of su. The following thread might help more pass-password-to-su-sudo-ssh