Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: scp with sshpass
Top Forums Shell Programming and Scripting scp with sshpass Post 302856293 by Corona688 on Monday 23rd of September 2013 02:45:40 PM
Old 09-23-2013
Quote:
Originally Posted by mathbalaji
Oh! I didn't know about that! So, if my script runs for say 1 minute, will the password be visible for that one minute in
Code:
ps aux

or for the entire session?
Try it and see?

It's possible that sshpass makes some effort to conceal the password once its passed. It could exec() again with different parameters and blank it. But even so, there'd be an unavoidable eyeblink when the password was exposed. Anyone could extract the password with obsessive logging.

These weaknesses are well-known, so sshpass has many safer options fortunately. sshpass can read a file, according to its manpage, so you could do this:

Code:
OLDMASK=$(umask)
umask 077 # Force rw------- permissions on /tmp/$$
exec 5>/tmp/$$ #Create temp file /tmp/$$ and write with FD 5
exec 6</tmp/$$ # Read from temp file /tmp/$$ with FD 6
rm /tmp/$$ # DELETE tempfile /tmp/$$ so nothing else can get it
umask $OLDMASK # Restore umask

cat <<EOF >&5 # Finish writing to /tmp/$$
$PASSWORD
EOF

exec 5>&- # Close FD 5

sshpass -d6 ...

exec 6<&- # Close FD 6

Which should protect the password much better. The temp file won't even be listed in /tmp/ while sshpass is running.
Last edited by Corona688; 09-23-2013 at 03:54 PM..
This User Gave Thanks to Corona688 For This Post:
mathbalaji
 

7 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Scp

I am trying to transfer a 10g files using scp, but I am getting timeout errors is there anywhere that I can modify a config file or something to increase the time. (4 Replies)
Discussion started by: rbizzell
4 Replies

2. UNIX for Advanced & Expert Users

help with scp

hi all in my script i was using the "scp" command to copy 2 files from a certain directory on server A to the same directory on another server B, but for some reason its only copying the first file in the directory. This is the frst time that i used the scp command,any ideas appreciated. thnks (5 Replies)
Discussion started by: bkan77
5 Replies

3. Shell Programming and Scripting

problem with sshpass

Hello i am using sshpass to pass remote password into script but phase some problems when try to execute some commands remotely which means that the remote env not passed through sshpass for example sshpass -p 'XXX' ssh -o StrictHostKeyChecking=no -l myserver myserver visu_fis_pnes ... (2 Replies)
Discussion started by: mogabr
2 Replies

4. Solaris

How to install SSHPASS on Solaris ???

Could you please let me know the steps: how to install sshpass command tool in solaris any version greater than 8. (2 Replies)
Discussion started by: lohith.dutta
2 Replies

5. Shell Programming and Scripting

Cannot sshpass router

Hi, I am trying to use sshpass to login to my router and then execute a reboot command. But the command never executes, can someone please help me. This doesnt work.... sshpass -p 'password' ssh 192.168.1.1 -l root -o StrictHostKeyChecking=no "sys reboot" However if I try following then it... (4 Replies)
Discussion started by: jeetz
4 Replies

6. Shell Programming and Scripting

Put a command into router through sshpass bash script

hello, i am facing some issue. I am using a simple bash script that via sshpass put a command into router. Now, problem is that i have a file and commands into it. sshpass -p $pass ssh -o $log -n $user@$h /ip address set address=10.0.0.1/24 so if I have that command ip address set ... (0 Replies)
Discussion started by: tomislav91
0 Replies

7. UNIX for Advanced & Expert Users

How to pass password as a variable for sshpass authentication?

Using below below command i'm able to connect or authenticate server, In below command password contains special characters sshpass -v -p 'ASJBA%hs76)#' ssh -q -o ConnectTimeout=5 hostname But If I pass password as a variable I'm not able to connect or authenticate server, can you please help... (1 Reply)
Discussion started by: sam@sam
1 Replies

LEARN ABOUT DEBIAN

sieveshell

SIEVESHELL(1)						User Contributed Perl Documentation					     SIEVESHELL(1)

NAME

       sieveshell - remotely manipulate sieve scripts

SYNOPSIS

       sieveshell [--user=user] [--authname=authname] [--realm=realm] [--password=password] [--exec=script] [--execfile=file] server[:port]

       sieveshell --help

DESCRIPTION

       sieveshell allows users to manipulate their scripts on a remote server.	It works via MANAGESIEVE, a work in progress.

       The following commands are recognized:

	   list list scripts on server.

	   put <filename> upload script to server.

	   get <name> [<filename>] get script. if no filename display to stdout

	   delete <name> delete script.

	   activate <name> activate script.

	   deactivate deactivate all scripts.

OPTIONS

       -u user, --user=user
	   The authorization name to request; by default, derived from the authentication credentials.

       -a authname, --authname=authname
	   The user to use for authentication (defaults to current user).

       -r realm, --realm=realm
	   The realm to attempt authentication in.

       -p password, --password=password
	   The password to use when authenticating to server. Note that this parameter can be seen in the process list. Use with caution!

       -e script, --exec=script
	   Instead of working interactively, run commands from script, and exit when done.

       -f file, --execfile=file
	   Instead of working interactively, run commands from file file and exit when done.

REFERENCES

       [MANAGESIEVE] Martin, T.; "A Protocol for Remotely Managing Sieve Scripts", draft-ietf-managesieve-03.txt, Mirapoint, Inc.; May 2001, work
       in progress.

AUTHOR

       Tim Martin <tmartin@mirapoint.com>, and the rest of the Cyrus team <cyrus-bugs@andrew.cmu.edu>.

perl v5.14.2							    2014-06-03							     SIEVESHELL(1)
All times are GMT -4. The time now is 01:34 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy