Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Best way to hide password in bash script?
Top Forums Shell Programming and Scripting Best way to hide password in bash script? Post 302412099 by frans on Sunday 11th of April 2010 06:06:17 PM
Old 04-11-2010
Quote:
Originally Posted by dukevn
(...) no need to type anything else (pass phrase for example).
You can create a key pair whithout passphrase. You'll only need to give the password once for the key transfer.
 

10 More Discussions You Might Find Interesting

1. Programming

hide password typing

I am doing a project in C program which requires to type in password in Unix terminal. Does anybody know how to shade or not output any words typed by user in the terminal? I use the function scan() to read typing from user. Thanks in advance. (2 Replies)
Discussion started by: ivancheung
2 Replies

2. Shell Programming and Scripting

How to hide password on Linux?

Hi falks, I have the following ksh code: echo "Enter VS Admin password:" oldstty=`stty -g` stty -echo intr '$-' read password stty $oldstty echo This code ask from a user to enter his password. The OS suppose to hide the entering of the... (2 Replies)
Discussion started by: nir_s
2 Replies

3. Shell Programming and Scripting

Want to hide password

All, In my script I am calling another script.. in that script I need to enter a password. Problem is that everyone is able to see the password when I enter that. Is there any way that when i enter that password it should not display or may look like *******. Or if there any other way that I... (1 Reply)
Discussion started by: arpitk
1 Replies

4. Shell Programming and Scripting

How Do I Hide the Password in a Script

Hi, I am writing a UNIX .ksh script and need to send the login password of the login id that is executing the script to a command that I am executing in the script. I don't want that password to be seen by anyone except whoever is executing the script. Does anyone know how I can accomplish... (6 Replies)
Discussion started by: samd
6 Replies

5. UNIX for Dummies Questions & Answers

How can i hide username/password

hi all, i run sqlplus command on unix(HP-UX) like "sqlplus username/password@serverA @deneme.sql" but when someone run "ps -ef | grep sqlplus", it can see my username and password :( How can i hide username and password. thanx. (1 Reply)
Discussion started by: temhem
1 Replies

6. Shell Programming and Scripting

How to hide/encrypt password in script?

Hi I have following problem Im writing a script (in bash ) , where need to be written login & passwd for databas client . Its need to in following form login passwd@dbhostname . The problem is so anybody can read it so the passwd & login are visible and thats not very safety . Can... (8 Replies)
Discussion started by: kvok
8 Replies

7. Shell Programming and Scripting

Expect Script - Hide password from process table

i have an expect script that runs like this: /usr/bin/expect -f /home/skysmart/commandstoexecute.sh host2.net b$4aff Skysmart when i run this command, and i do a ps -ef and egrep for expect, i see the exact line in the process table and it shows my password for the world to see. how can i... (2 Replies)
Discussion started by: SkySmart
2 Replies

8. Shell Programming and Scripting

Make a password protected bash script resist/refuse “bash -x” when the password is given

I want to give my long scripts to customer. The customer must not be able to read the scripts even if he has the password. The following command locks and unlocks the script but the set +x is simply ignored. The code: read -p 'Script: ' S && C=$S.crypt H='eval "$((dd if=$0 bs=1 skip=//|gpg... (7 Replies)
Discussion started by: frad
7 Replies

9. Shell Programming and Scripting

Hide password from processes in Linux

i have a shell script which calls a java program with username and password arguments. #!/bin/ksh #set some classpaths here #finally run the command java com.test -u $U -p $P Now when i run it, the password shows up in the list of processes. I am not the admin on the server so cant... (3 Replies)
Discussion started by: ariesb2b
3 Replies

10. Shell Programming and Scripting

How to hide password in shell script?

I am writing a shell script for sql loader (just copy part of the code) : For security reason, I have to put the below loginName and password into another separate file instead of in the same file of this script. Anyone can give me a hand. Thanks. Shell Script :... (12 Replies)
Discussion started by: Jaewong
12 Replies

LEARN ABOUT DEBIAN

rephrase

REPHRASE(1)							   User Commands						       REPHRASE(1)

NAME

       rephrase - Specialized passphrase recovery tool for GnuPG

DESCRIPTION

       rephrase  is  a specialized passphrase recovery tool for GnuPG. If you can nearly remember your GnuPG passphrase - but not quite - then Re-
       phrase may be able to help.

       Tell Rephrase the parts of the passphrase you know, and any number of alternatives for the parts you're not sure about; and  Rephrase  will
       try  all  the  alternatives,  in  all possible combinations, and tell you which combination (if any) gives you the correct passphrase.  You
       could try all the combinations yourself, of course, if there are just a handful of them; but if there are more, that might be impractical.

       On the other hand, if you need to try a huge number of possible passphrases, Rephrase might be too slow; it is far from being an  efficient
       passphrase  cracker.   E.g.  Rephrase  can try out about 2600 possible passphrases per minute on my 1GHz Athlon (with other processes doing
       nothing very heavy at the same time).  How many passphrases Rephrase can try depends on how long you are prepared to  wait!   Rephrase  can
       reasonably be run for a long time; e.g. it *won't* use more memory the longer it runs.

       It would be a Bad Thing to leave your passphrase (or part of it, or your guesses at it) lying around on your hard drive; since a passphrase
       is supposed to be an extra line of defence if an attacker obtains access to your secret keyring (which you presumably  *do*  keep  on  your
       hard  drive).   That's  why Rephrase keeps all the information about your passphrase that you give it in secure memory (and then pipes each
       possible passphrase to a child gpg process).  For this reason, Rephrase is likely to be more secure than alternative solutions that involve
       generating a list of possible passphrases in a file and then testing them.

       [1] For more information about GnuPG, see http://www.gnupg.org/ .

USAGE

       rephrase <key>

       where  <key> is the key whose passphrase you want to recover; you can identify the key in any of the ways that GnuPG understands.  (To make
       sure you're using a sensible value for <key>, you could first try

		  gpg --list-secret-keys <key>

       which should list exactly 1 key.)

       You will be prompted to enter a pattern (the pattern is not echoed to the screen as you type it).  So what's a pattern?	Suppose  you  know
       that  your  passphrase was something like "super-secret", but you're not sure if you changed some (or all) of the "e"s into "3"s, or any of
       the consonants into upper case, or indeed changed the "c" into "k" or "K" or even "|<", or changed the "-" into " "  or	just  omitted  it.
       Then you could enter this pattern:

		  (s|S)u(p|P)(e|3)(r|R)(-| |)(s|S)(e|3)(c|C|k|K||<)(r|R)(e|3)(t|T)

       The  pattern  is your passphrase - except that 4 characters have special meanings.  Brackets - "(" and ")" - are used to group alternatives
       wherever you're not sure what characters are correct; "|" is used inside a pair of brackets to separate the alternatives; and ""  is  used
       to escape any of the 4 special characters when you need to use it literally.

       Rephrase  will tell you if your pattern contains a syntax error.  That happens if there are unbalanced brackets (i.e. they aren't in proper
       pairs); or if the pattern ends with "" (because then there's nothing for it to escape).  It also happens (and these cases are  limitations
       in  Rephrase's  simple  pattern parser) if you try to nest pairs of brackets; or if you try to use "|" anywhere that's not inside a pair of
       brackets.

       If the pattern contains no syntax errors, Rephrase will try each possible  passphrase  matching	the  pattern  in  turn.   If  the  correct
       passphrase is found, Rephrase won't actually tell you what it is (in case someone's looking over your shoulder), but will tell you a string
       of numbers: you can work out the correct passphrase from these numbers and the pattern you entered.  E.g.

		  2 1 2 1 2 1 1 5 1 2 2

       The first number - 2 - means that at the first pair of brackets in the pattern - "(s|S)" - you must take the second alternative - viz. "S".
       The  second  number  -  1  - means that at the seconds pair of brackets - "(p|P)" - you must take the first alternative - viz. "p".  And so
       forth.  So in this case the correct passphrase is "Sup3r se|<r3T".

       If the correct passphrase is not found from the pattern, Rephrase tells you so.	(Note that you will also get this result if you  specified
       <key> incorretly; how to check that the value of <key> is OK is explained above.)

       Rephrase's exit status is 0 is the passphrase is found, 1 if it's not found, or other values if an error occurs.

SECURITY

       The  good news is that Rephrase uses mlock() in order to keep the information about passphrases that it's given as secure as possible.  The
       bad news is that using mlock() requires root privileges, so Rephrase needs to be setuid root.  However, it does drop root  privileges  very
       quickly, as soon as it has called mlock().

       It's  also  debatable  whether  mlock() is a proper way to protect sensitive information.  According to POSIX, mlock()ing a page guarantees
       that it *is* in memory (useful for realtime applications), not that it *isn't* in the swap (useful for security applications).  Possibly an
       encrypted  swap	partition (or no swap partition) is a better solution.	Anyway, GnuPG itself uses mlock(), which makes it sensible for Re-
       phrase to follow suit.

BUGS

       Portability is untested: I have only used Rephrase on a GNU/Linux system (Linux 2.4.21 and Glibc 2.3.2; building with GNU Make 3.79.1, bash
       2.05  (as  /bin/sh)  and  either GCC 2.95.3 or GCC 3.3).  I believe setreuid() is a BSD-ism, so it may not exist on more SysV-like systems.
       There are probably many other issues.

       If mlock() fails (probably because Rephrase is not setuid root), Rephrase refuses to proceed: it would be better to  issue  a  warning  and
       continue, since that's what GnuPG does.

       Before  it  asks  you  to  enter  a pattern, Rephrase should check that the <key> argument does refer to exactly 1 key and that that key is
       available.

       If you'd like Rephrase to be faster, then it's too slow.  (But if you're happy with it, then it's fast enough.)

       The standard --version and --help options are unimplemented.

AUTHOR

       This manual page was prepared by Tiago Bortoletto Vaz <tiago@debian.org> for the Debian GNU/Linux system (but may be used by others).  Most
       of the text used here comes from the original README file by Phil Lanch's <phil@subtle.clara.co.uk>.

rephrase							  September 2009						       REPHRASE(1)
All times are GMT -4. The time now is 11:25 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy