Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Encrypting/Decrypting passwords
Top Forums Programming Encrypting/Decrypting passwords Post 302803405 by mdrisser on Monday 6th of May 2013 04:20:19 PM
Old 05-06-2013
Question Encrypting/Decrypting passwords
I know that simply encrypting and decrypting passwords in a script is as bad as storing them in plain text, but I've been searching for an answer to this for a few days now, and haven't found an answer that fits the problem I'm having.

Here's the scenario. I'll give more details than I think may be relevant, just in case...

I have a VMware Management Assistant machine running SuSE Enterprise 11, which in turn is talking to an APC UPS. When the UPS goes to battery power it is set to run a script that will gracefully shutdown the VMware virtual machines running on an ESXi cluster. In order to do this the script needs to be able to automatically login to the ESXi machines using a local (to the ESXi machines) username/password combo.

I've written the script to handle the shutdowns in Perl using VMware's API, but the username/password issue has me stumped. Prompting for a password won't work as I need it to run automatically (what happens if the power goes out and no one is around to enter the password?).

I'm at quite a loss as to how to handle this situation. I know I could hash the password using something like Authen::Passphrase::BlowfishCrypt, but how would I then pass it to the ESXi host for the login? Am I maybe approaching this whole thing from the wrong direction, or is there a solution that I'm just not seeing?

Thanks in advance for your help.
 

9 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

decrypting a file

Accidentally, I encrypted a file while saving it in vi editor. While saving I used :X and when asked for encryption key, I simply pressed ENTER key without any input. I searched the forum, but unfortunately didn't get the proper solution. In one of the threads it asked to visit a particular... (1 Reply)
Discussion started by: rkkiran
1 Replies

2. Shell Programming and Scripting

Decrypting Unix file

Accidentally, I encrypted a file while saving it in vi editor. While saving I used :X and when asked for encryption key, I simply pressed ENTER key without any input. Now, I want to decrypt the file. I searched the forum, but unfortunately didn't get the proper solution. In one of the... (1 Reply)
Discussion started by: rkkiran
1 Replies

3. Shell Programming and Scripting

decrypting a file using shell script

how do you go about doing this i have a shell script here below but i am not to sure on the process of decrytpting the file. #!/bin/csh # # set am = ‘abcdefghijklm' set am = ‘ABCDEFGHIJKLM' set nz = ‘nopqrstuvwxyz' set NZ = ‘NOPQRSTUVWXYZ' cat $argv | tr $am $AM | tr $NZ $nz | tr $nz $am... (1 Reply)
Discussion started by: master_6ez
1 Replies

4. HP-UX

Encrypting DataBase Passwords

Hi All We have got a HUGE process of securing our infrastructure(primarily the database) We basically establish connection to oracle database from our UNIX shell scripts when we do ps -ef | grep sqlplus it blurts out all the credentials as output. sqplus username/password@server ... (1 Reply)
Discussion started by: b_sri
1 Replies

5. Shell Programming and Scripting

Ignoring file name case and decrypting it.

Dear Friends, I want to decrypt 2 different file types in a folder (ZIP files and GPG files). Each file type need different decryption syntex. Hence, the script should identify file type and should act accordingly ignoring file name case i.e. upper or lower case. Also, the extention can be... (6 Replies)
Discussion started by: anushree.a
6 Replies

6. UNIX for Advanced & Expert Users

When did UNIX start using encrypted passwords, and not displaying passwords when you type them in?

I've been using various versions of UNIX and Linux since 1993, and I've never run across one that showed your password as you type it in when you log in, or one that stored passwords in plain text rather than encrypted. I'm writing a script for work for a security audit, and two of the... (5 Replies)
Discussion started by: Anne Neville
5 Replies

7. Shell Programming and Scripting

Shell Script for encrypting/decrypting text file

Hello, I am a newbie in Shell scripting. At the moment, I have a program written in C++ which gives an output file in text format. I would like to write a shell program which can take that output file and encrypt it and later if needed I want to decrypt it. Could someone please help or... (3 Replies)
Discussion started by: Tanin
3 Replies

8. UNIX for Advanced & Expert Users

How To Find GPG Keys In Encrypted File With Out Decrypting it?

Hello All, Is there a way to determine how many public keys are embedded or used to encrypt in a GPG file with out decrypting the actual encrypted file. I know i can see the keys & email id's used when we decrypt it, but curious to find a command if any to know with out decrypting the actual file... (2 Replies)
Discussion started by: Ariean
2 Replies

9. High Performance Computing

Encrypting interconnect

Hi, i've got a qusetion regarding interconnect of compute nodes. In our company we are running a Simulation Cluster which is administrated by the Simulation department. Now our central IT requires to encrypt the interconnect of the compute nodes. Does anybody in that business encrypt... (3 Replies)
Discussion started by: fiberkill
3 Replies

LEARN ABOUT SUSE

pwgen

PWGEN(1)						      General Commands Manual							  PWGEN(1)

NAME

       pwgen - generate pronounceable passwords

SYNOPSIS

       pwgen [ OPTION ] [ pw_length ] [ num_pw ]

DESCRIPTION

       The  pwgen program generates passwords which are designed to be easily memorized by humans, while being as secure as possible.  Human-memo-
       rable passwords are never going to be as secure as completely completely random passwords.  In particular,  passwords  generated  by  pwgen
       without	the -s option should not be used in places where the password could be attacked via an off-line brute-force attack.   On the other
       hand, completely randomly generated  passwords have a tendency to be written down, and are subject to being compromised in that fashion.

       The pwgen program is designed to be used both interactively, and in shell scripts.   Hence,  its  default  behavior  differs  depending	on
       whether the standard output is a tty device or a pipe to another program.  Used interactively, pwgen will display a screenful of passwords,
       allowing the user to pick a single password, and then quickly erase the screen.	This prevents someone from being able to  "shoulder  surf"
       the user's chosen password.

       When  standard  output  (stdout)  is  not  a tty, pwgen will only generate one password, as this tends to be much more convenient for shell
       scripts, and in order to be compatible with previous versions of this program.

       In addition, for backwards compatibility reasons, when stdout is not a tty and secure password generation  mode	has  not  been	requested,
       pwgen  will  generate  less secure passwords, as if the -0A options had been passed to it on the command line.  This can be overriden using
       the -nc options.  In the future, the behavior when stdout is a tty may change, so shell scripts using pwgen should explicitly  specify  the
       -nc or -0A options.  The latter is not recommended for security reasons, since such passwords are far too easy to guess.

OPTIONS

       -0, --no-numerals
	      Don't include numbers in the generated passwords.

       -1     Print the generated passwords one per line.

       -A, --no-capitalize
	      Don't bother to include any capital letters in the generated passwords.

       -a, --alt-phonics
	      This option doesn't do anything special; it is present only for backwards compatibility.

       -B, --ambiguous
	      Don't  use  characters that could be confused by the user when printed, such as 'l' and '1', or '0' or 'O'.  This reduces the number
	      of possible passwords significantly, and as such reduces the quality of the passwords.  It may be useful	for  users  who  have  bad
	      vision, but in general use of this option is not recommended.

       -c, --capitalize
	      Include at least one capital letter in the password.  This is the default if the standard output is a tty device.

       -C     Print the generated passwords in columns.  This is the default if the standard output is a tty device.

       -N, --num-passwords=num
	      Generate num passwords.  This defaults to a screenful if passwords are printed by columns, and one password.

       -n, --numerals
	      Include at least one number in the password.  This is the default if the standard output is a tty device.

       -H, --sha1=/path/to/file[#seed]
	      Will  use  the  sha1's  hash  of given file and the optional seed to create password. It will allow you to compute the same password
	      later, if you remember the file, seed, and pwgen's options used.	ie: pwgen -H ~/your_favorite.mp3#your@email.com gives  a  list	of
	      possibles passwords for your pop3 account, and you can ask this list again and again.

	      WARNING:	The  passwords	generated  using  this option are not very random.  If you use this option, make sure the attacker can not
	      obtain a copy of the file.  Also, note that the name of the file may be easily available	from  the  ~/.history  or  ~/.bash_history
	      file.

       -h, --help
	      Print a help message.

       -s, --secure
	      Generate	completely  random,  hard-to-memorize  passwords.   These  should only be used for machine passwords, since otherwise it's
	      almost guaranteed that users will simply write the password on a piece of paper taped to the monitor...

       -v, --no-vowels
	      Generate random passwords that do not contain vowels or numbers that might be mistaken for vowels.  It provides  less  secure  pass-
	      words to allow system administrators to not have to worry with random passwords accidentally contain offensive substrings.

       -y, --symbols
	      Include at least one special character in the password.

AUTHOR

       This  version  of pwgen was written by Theodore Ts'o <tytso@alum.mit.edu>.  It is modelled after a program originally written by Brandon S.
       Allbery, and then later extensively modified by Olaf Titz,  Jim Lynch, and others.  It was rewritten from scratch by Theodore Ts'o  because
       the original program was somewhat of a hack, and thus hard to maintain, and because the licensing status of the program was unclear.

SEE ALSO

       passwd(1)

pwgen version 2.05						   January 2006 							  PWGEN(1)
All times are GMT -4. The time now is 11:27 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy