Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: scp with sshpass
Top Forums Shell Programming and Scripting scp with sshpass Post 302856293 by Corona688 on Monday 23rd of September 2013 02:45:40 PM
Old 09-23-2013
Quote:
Originally Posted by mathbalaji
Oh! I didn't know about that! So, if my script runs for say 1 minute, will the password be visible for that one minute in
Code:
ps aux

or for the entire session?
Try it and see?

It's possible that sshpass makes some effort to conceal the password once its passed. It could exec() again with different parameters and blank it. But even so, there'd be an unavoidable eyeblink when the password was exposed. Anyone could extract the password with obsessive logging.

These weaknesses are well-known, so sshpass has many safer options fortunately. sshpass can read a file, according to its manpage, so you could do this:

Code:
OLDMASK=$(umask)
umask 077 # Force rw------- permissions on /tmp/$$
exec 5>/tmp/$$ #Create temp file /tmp/$$ and write with FD 5
exec 6</tmp/$$ # Read from temp file /tmp/$$ with FD 6
rm /tmp/$$ # DELETE tempfile /tmp/$$ so nothing else can get it
umask $OLDMASK # Restore umask

cat <<EOF >&5 # Finish writing to /tmp/$$
$PASSWORD
EOF

exec 5>&- # Close FD 5

sshpass -d6 ...

exec 6<&- # Close FD 6

Which should protect the password much better. The temp file won't even be listed in /tmp/ while sshpass is running.
Last edited by Corona688; 09-23-2013 at 03:54 PM..
This User Gave Thanks to Corona688 For This Post:
mathbalaji
 

7 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Scp

I am trying to transfer a 10g files using scp, but I am getting timeout errors is there anywhere that I can modify a config file or something to increase the time. (4 Replies)
Discussion started by: rbizzell
4 Replies

2. UNIX for Advanced & Expert Users

help with scp

hi all in my script i was using the "scp" command to copy 2 files from a certain directory on server A to the same directory on another server B, but for some reason its only copying the first file in the directory. This is the frst time that i used the scp command,any ideas appreciated. thnks (5 Replies)
Discussion started by: bkan77
5 Replies

3. Shell Programming and Scripting

problem with sshpass

Hello i am using sshpass to pass remote password into script but phase some problems when try to execute some commands remotely which means that the remote env not passed through sshpass for example sshpass -p 'XXX' ssh -o StrictHostKeyChecking=no -l myserver myserver visu_fis_pnes ... (2 Replies)
Discussion started by: mogabr
2 Replies

4. Solaris

How to install SSHPASS on Solaris ???

Could you please let me know the steps: how to install sshpass command tool in solaris any version greater than 8. (2 Replies)
Discussion started by: lohith.dutta
2 Replies

5. Shell Programming and Scripting

Cannot sshpass router

Hi, I am trying to use sshpass to login to my router and then execute a reboot command. But the command never executes, can someone please help me. This doesnt work.... sshpass -p 'password' ssh 192.168.1.1 -l root -o StrictHostKeyChecking=no "sys reboot" However if I try following then it... (4 Replies)
Discussion started by: jeetz
4 Replies

6. Shell Programming and Scripting

Put a command into router through sshpass bash script

hello, i am facing some issue. I am using a simple bash script that via sshpass put a command into router. Now, problem is that i have a file and commands into it. sshpass -p $pass ssh -o $log -n $user@$h /ip address set address=10.0.0.1/24 so if I have that command ip address set ... (0 Replies)
Discussion started by: tomislav91
0 Replies

7. UNIX for Advanced & Expert Users

How to pass password as a variable for sshpass authentication?

Using below below command i'm able to connect or authenticate server, In below command password contains special characters sshpass -v -p 'ASJBA%hs76)#' ssh -q -o ConnectTimeout=5 hostname But If I pass password as a variable I'm not able to connect or authenticate server, can you please help... (1 Reply)
Discussion started by: sam@sam
1 Replies

LEARN ABOUT SUSE

scp

SCP(1)							    BSD General Commands Manual 						    SCP(1)

NAME

     scp -- secure copy (remote file copy program)

SYNOPSIS

     scp [-1246BCpqrv] [-c cipher] [-F ssh_config] [-i identity_file] [-l limit] [-o ssh_option] [-P port] [-S program] [[user@]host1:]file1 ...
	 [[user@]host2:]file2

DESCRIPTION

     scp copies files between hosts on a network.  It uses ssh(1) for data transfer, and uses the same authentication and provides the same secu-
     rity as ssh(1).  Unlike rcp(1), scp will ask for passwords or passphrases if they are needed for authentication.

     File names may contain a user and host specification to indicate that the file is to be copied to/from that host.	Local file names can be
     made explicit using absolute or relative pathnames to avoid scp treating file names containing ':' as host specifiers.  Copies between two
     remote hosts are also permitted.

     The options are as follows:

     -1      Forces scp to use protocol 1.

     -2      Forces scp to use protocol 2.

     -4      Forces scp to use IPv4 addresses only.

     -6      Forces scp to use IPv6 addresses only.

     -B      Selects batch mode (prevents asking for passwords or passphrases).

     -C      Compression enable.  Passes the -C flag to ssh(1) to enable compression.

     -c cipher
	     Selects the cipher to use for encrypting the data transfer.  This option is directly passed to ssh(1).

     -F ssh_config
	     Specifies an alternative per-user configuration file for ssh.  This option is directly passed to ssh(1).

     -i identity_file
	     Selects the file from which the identity (private key) for public key authentication is read.  This option is directly passed to
	     ssh(1).

     -l limit
	     Limits the used bandwidth, specified in Kbit/s.

     -o ssh_option
	     Can be used to pass options to ssh in the format used in ssh_config(5).  This is useful for specifying options for which there is no
	     separate scp command-line flag.  For full details of the options listed below, and their possible values, see ssh_config(5).

		   AddressFamily
		   BatchMode
		   BindAddress
		   ChallengeResponseAuthentication
		   CheckHostIP
		   Cipher
		   Ciphers
		   Compression
		   CompressionLevel
		   ConnectionAttempts
		   ConnectTimeout
		   ControlMaster
		   ControlPath
		   GlobalKnownHostsFile
		   GSSAPIAuthentication
		   GSSAPIDelegateCredentials
		   HashKnownHosts
		   Host
		   HostbasedAuthentication
		   HostKeyAlgorithms
		   HostKeyAlias
		   HostName
		   IdentityFile
		   IdentitiesOnly
		   KbdInteractiveDevices
		   LogLevel
		   MACs
		   NoHostAuthenticationForLocalhost
		   NumberOfPasswordPrompts
		   PasswordAuthentication
		   PKCS11Provider
		   Port
		   PreferredAuthentications
		   Protocol
		   ProxyCommand
		   PubkeyAuthentication
		   RekeyLimit
		   RhostsRSAAuthentication
		   RSAAuthentication
		   SendEnv
		   ServerAliveInterval
		   ServerAliveCountMax
		   StrictHostKeyChecking
		   TCPKeepAlive
		   UsePrivilegedPort
		   User
		   UserKnownHostsFile
		   VerifyHostKeyDNS

     -P port
	     Specifies the port to connect to on the remote host.  Note that this option is written with a capital 'P', because -p is already
	     reserved for preserving the times and modes of the file in rcp(1).

     -p      Preserves modification times, access times, and modes from the original file.

     -q      Quiet mode: disables the progress meter as well as warning and diagnostic messages from ssh(1).

     -r      Recursively copy entire directories.  Note that scp follows symbolic links encountered in the tree traversal.

     -S program
	     Name of program to use for the encrypted connection.  The program must understand ssh(1) options.

     -v      Verbose mode.  Causes scp and ssh(1) to print debugging messages about their progress.  This is helpful in debugging connection,
	     authentication, and configuration problems.

     The scp utility exits 0 on success, and >0 if an error occurs.

SEE ALSO

     rcp(1), sftp(1), ssh(1), ssh-add(1), ssh-agent(1), ssh-keygen(1), ssh_config(5), sshd(8)

HISTORY

     scp is based on the rcp(1) program in BSD source code from the Regents of the University of California.

AUTHORS

     Timo Rinne <tri@iki.fi>
     Tatu Ylonen <ylo@cs.hut.fi>

BSD
								 February 8, 2010							       BSD
All times are GMT -4. The time now is 01:50 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy