8 Replies Latest reply: Aug 25, 2009 1:17 AM by 807567 RSS

    Encrypting password in shell script on Solaris 10.

    807567
      Hi,

      I have a shell script & in that the username & password is specified. I can see the password. Is there any way to encrpyt password in Unix scripts on solaris 10 box.

      Please suggest.

      Thanks & Regards,

      Tejas
        • 1. Re: Encrypting password in shell script on Solaris 10.
          user4994457
          India wrote:
          Hi,

          I have a shell script & in that the username & password is specified.
          Maybe you don't want to do that.
          I can see the password. Is there any way to encrpyt password in Unix scripts on solaris 10 box.
          I suppose you could. But the system would have to decrypt it to use the password, right? And if the system knows how to decrypt it, then anyone else would know how to decrypt it as well.

          Some options:
          *) Use filesystem permissions to restrict who can read the script.
          *) Use login methods that don't require a static password be kept around
          *) Restrict what the login can do. Make it so that it only gives minimal information to make the script work, rather than provide you a full login that could be easily exploited by others.

          --
          Darren
          • 2. Re: Encrypting password in shell script on Solaris 10.
            807567
            Darren,

            Thanks for the reply. Are you aware of any process to encrypt & decrypt passwords in unix scripts?

            Please suggest.

            Regards,

            Tejas
            • 3. Re: Encrypting password in shell script on Solaris 10.
              Robert Cohen
              As was explained in the previous answer. Your question is nonsense.
              Assuming your asking what we think your asking.

              There is no way to encrypt a password contained in a shell script.
              There can be no way to encrypt a password in a shell script.
              It is simply impossible.

              So, your asking the wrong question.
              You have to find some other way of protecting the password.
              Such as permissions. Basically find someway to enable an operation that the shell script can do, but that someone reading the shell script can't do.

              If you can't protect the shell script itself. Perhaps you can give it permission to access some other file and put the password there.
              • 4. Re: Encrypting password in shell script on Solaris 10.
                user4994457
                India wrote:
                Darren,

                Thanks for the reply. Are you aware of any process to encrypt & decrypt passwords in unix scripts?
                Of course. See the command 'crypt'. But you have a problem. If your shell script looks like this:

                CLEAR_PW = `crypt MyEncRptIonKey /path/to/encryptedpassword`
                open_db($SERVER, $ACCOUNT, $CLEAR_PW)

                Then the fact that your password is encrypted on disk doesn't help much. You've just moved the problem from the fact that they can read your password to the fact that they can read your encryption key.

                Your choices are to keep the information secret via file permissions (keep the contents from being viewed), or don't store the information in a file at all (maybe enter a key manually and keep it in memory only, or set up automatic logins so no key is necessary). Something like that.

                --
                Darren
                • 6. Re: Encrypting password in shell script on Solaris 10.
                  Robert Cohen
                  Of course
                  CLEAR_PASSORD=`cat $PATH_TO_CLEAR_PASSWORD`
                  is basically just as secure.
                  • 7. Re: Encrypting password in shell script on Solaris 10.
                    807745
                    Here are some examples of avoiding passwords in scripts.
                    First, if it's a script that needs to use remote login, you could set up ssh keys in the authorized_keys file of the remote system to allow auto-authentication.
                    As a more general example, you could create a shell function that prompts for the password and stores it in an environment variable to be used by the script or utility that you want to use. Here is an example that we use in our Red Hat systems to allow yum to tunnel through our http proxy:
                    function yumproxy(){
                        echo -n "Enter Proxy Username: "
                        read -e username
                        echo -n "Enter Proxy Password: "
                        read -es password
                        echo
                        export http_proxy="http://$username:$password@ourproxyserver:8080/"
                    }
                    This is in .bashrc so that we can run it once just before running any yum commands (not that this means anything in a Solaris forum!)
                    • 8. Re: Encrypting password in shell script on Solaris 10.
                      807567
                      Thanks Darren, It is very important useful and Inportant information for me.

                      [*Resveratrol*|http://www.goarticles.com/cgi-bin/showa.cgi?C=1852195]