03-10-2013
Even if you encrypt the password somehow you would have to provide a mechanism available to the script to decrypt it, so you gain nothing. It is a fact that "ftp" uses clear-text passwords and this intrinsic insecurity cannot be changed or alleviated in any way. As the password is sent clear-text over the net in the login process every interested party can sniff it from there too. There is no way to prevent this. (Btw., the same is true for "telnet" and the other classical means of connecting from one system to the other.)
The only way is to use a securified means of communication: ssh/scp to be precise. In this case the password gets transmitted in an encrypted form, so sniffing is ruled out. You can also set up a "chain of trust" between two user/host-combinations so that userA from hostA can connect as userB to hostB without using a password (so you don't have to state one in your script) but using an exchanged secret both involved parties know. The basic procedure is to connect once, identified by the password and then to store the other hosts secret to a config file so that further connections do not need a password any more.
We have several threads dealing with the setup of such a mechanism, so i suggest you do a forum search for "scp" and/or "ssh" installation.
I hope this helps.
bakunin
10 More Discussions You Might Find Interesting
1. Programming
Hi there,
I need to include a simple encryption function in a C program and I came across this function
void encrypt(char block, int edflag)
whic is defined in #include des_crypt.h. According the man "the block argument to encrypt() is a character array of length 64 containing only the... (1 Reply)
Discussion started by: giggi
1 Replies
2. Shell Programming and Scripting
I need some help.. I would like to make a script that uses the tr utility to "encrypt" a selected file. I need to know how to set up the script so that if i type encrypt(script name) the letter that i want to start the encryption and then the file name, that it starts with the entered letter, and... (1 Reply)
Discussion started by: frankthetank115
1 Replies
3. Shell Programming and Scripting
Hai ,
is there any encrypt machanishm to protect my script or logic? (4 Replies)
Discussion started by: readycpbala
4 Replies
4. Shell Programming and Scripting
Hi,
I have many perl scripts in single server, i am new to perl,
suggestions are appreciated.
connection string is hardcoded in all perl scripts
i need to make change the all perl scripts and there should be only one config file available in that server.
destination database is mysql... (3 Replies)
Discussion started by: prakash.gr
3 Replies
5. Shell Programming and Scripting
Hello,
I have a paramter file, In which I store all the user-ids and passwords for the project. So if a user just invokes the paramter file he has access to all the variables, which i have exported in the parmatere file.
Now if a user echo's the variable which stores the databse password.... (1 Reply)
Discussion started by: DSDexter
1 Replies
6. UNIX for Dummies Questions & Answers
In the script i am passing a command from script which is called from cron. When this command is called from cron the unix prompt asks for password. Can we automatically enter the password when promted(if the password is hardcoded in script)??
Please let me know how to enter the password... (4 Replies)
Discussion started by: abhi_n123
4 Replies
7. Solaris
Hi Folks,
I have Solaris 10, latest release.
We have passwd aging set in /etc/defalut/passwd.
I have an account that passwd should never expire. Acheived by emptying associated users shadow file entries for passwd aging.
When I reset the users passwd using passwd command, it re enables... (3 Replies)
Discussion started by: BG_JrAdmin
3 Replies
8. UNIX for Dummies Questions & Answers
Hi,
My code works perfectly fine.
But, $my $min_to_add = 1 * 1 * 60; and my $hr_to_sub = 1 * 1 * 86400; i may need to change the values in future. so am keeping them in a separate configuration file like
MIN = 1 * 1 * 60
HR = 24 * 60 * 60
in the script, i use a package use et_config... (3 Replies)
Discussion started by: irudayaraj
3 Replies
9. Shell Programming and Scripting
Hi I need to encrypt the below file using the translate command to shift each letter five characters to the end of the character set.
ALPHABETICAL FACTS.
THE FIRST THREE LETTERS ARE ABC.
THE MEDIAN LETTERS ARE MN.
THE LAST THREE LETTERS ARE XYZ.
THE FIRST WORD IN MY DISCTIONARY IS AAL.
THE... (1 Reply)
Discussion started by: drew211
1 Replies
10. AIX
Does anyone know when AIX started using /etc/security/passwd instead of /etc/passwd to store encrypted passwords? (1 Reply)
Discussion started by: Anne Neville
1 Replies
CRYPT(3) Library Functions Manual CRYPT(3)
NAME
crypt, setkey, encrypt - DES encryption
SYNOPSIS
char *crypt(key, salt)
char *key, *salt;
setkey(key)
char *key;
encrypt(block, edflag)
char *block;
DESCRIPTION
Crypt is the password encryption routine. It is based on the NBS Data Encryption Standard, with variations intended (among other things)
to frustrate use of hardware implementations of the DES for key search.
The first argument to crypt is normally a user's typed password. The second is a 2-character string chosen from the set [a-zA-Z0-9./].
The salt string is used to perturb the DES algorithm in one of 4096 different ways, after which the password is used as the key to encrypt
repeatedly a constant string. The returned value points to the encrypted password, in the same alphabet as the salt. The first two char-
acters are the salt itself.
The other entries provide (rather primitive) access to the actual DES algorithm. The argument of setkey is a character array of length 64
containing only the characters with numerical value 0 and 1. If this string is divided into groups of 8, the low-order bit in each group
is ignored, leading to a 56-bit key which is set into the machine.
The argument to the encrypt entry is likewise a character array of length 64 containing 0's and 1's. The argument array is modified in
place to a similar array representing the bits of the argument after having been subjected to the DES algorithm using the key set by
setkey. The edflag flag is ignored; the argument can only be encrypted.
SEE ALSO
passwd(1), passwd(5), login(1), getpass(3)
BUGS
The return value points to static data whose content is overwritten by each call.
7th Edition August 12, 1986 CRYPT(3)