Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Encrypted password in script
Top Forums Shell Programming and Scripting Encrypted password in script Post 302885054 by Corona688 on Thursday 23rd of January 2014 09:54:46 AM
Old 01-23-2014
This has been rehashed many times here, over and over and over.

The way to prevent people from reading the file is to prevent them from reading it: chmod o-r filename ; chmod u-r filename ; chmod g-r filename ...and if they have access to root, you cannot protect something running on their machine alone.

shc will not work because they can just strip the text out of the file, or substitute a fake shell to grab the text when it runs.

encryption will not work because the instant you decrypt it to run it, it becomes vulnerable again.

"But what if I added code to (...?) inside the script?" Then you will have created an encrypted program which, if the hacker has any trouble decrypting it himself, politely decrypts itself for him should he try to run it. Dead-end.

What I'm wondering is, what does this password do? Does it connect to another server, a server under your control? Arrangements like that can be used.
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

netrc file encrypted password

Hi, I do not want the plaintext password to appear in the netrc file. So I want to encrypt the password. Is there a way to encrypt the password and still make ftp to use the netrc ? Thanks in advance. -Gow:confused: (2 Replies)
Discussion started by: ggowrish
2 Replies

2. UNIX for Dummies Questions & Answers

Change password by pushing encrypted password to systems

I'm tasked to change a user's password on multiple Linux systems (RH v3). I though copying the encrypted password from one Linux /etc/shadow file to another would work but I was wrong. The long term solution is to establish an openLDAP Directory service, but for now I'm stuck with a manual... (1 Reply)
Discussion started by: benq70
1 Replies

3. Solaris

how can i send via SFTP information with my password encrypted?

I have a Solaris 5.9 server and need send information via SFTP automaticaly, and set my username and password encrypted. How can I do this? Best regards (1 Reply)
Discussion started by: irasela
1 Replies

4. Linux

Interpreting the encrypted shadow password?

We are currently using a script to copy the same encrypted password between our HP-UX and Solaris servers editing the trusted and shadow files directly. The encrypted password is only 13 characters long on both servers and decrypts the same way. Is there a way to copy this same string to Linux... (5 Replies)
Discussion started by: keelba
5 Replies

5. UNIX for Dummies Questions & Answers

How to : Identify the the password is encrypted or not in /etc/shadow or /etc/passwd?

Thanks AVKlinux (11 Replies)
Discussion started by: avklinux
11 Replies

6. UNIX and Linux Applications

Accessing Oracle via encrypted password

Actually in my application there is an XML file. The password and the user name for the database that I need to access the development box is stored there. But using some UNIX command I am able to access the raw content of the file and not the decrypted code for that password. When I am applying... (3 Replies)
Discussion started by: nandumishra
3 Replies

7. Shell Programming and Scripting

To decrypt encrypted password

Hi folks, What will be the easy way to decrypt encrypted passwords on MySQL table. Googling brought me many suggestions on crypt/decrypt running scripts. Please advise. TIA Remark: I think the encrypt function of MySQL uses the Unix crypt command to encrypt B.R. satimis (1 Reply)
Discussion started by: satimis
1 Replies

8. UNIX for Advanced & Expert Users

/etc/shadow encrypted password

Hi I wonder whether is possible to generate enrypted passwd for some user and paste it into /etc/shadow file ? What kind of encryption is used in /etc/shadow file ? ths for help. (1 Reply)
Discussion started by: presul
1 Replies

9. UNIX for Dummies Questions & Answers

Using the encrypted password of the shadow file

i have an application that uses the encrypted password that's in the /etc/shadow file. i copied the line for the particular username i was interested it in from shadow file and i pasted it into the password file of the application. the application is nagios. this application allowed that... (5 Replies)
Discussion started by: SkySmart
5 Replies

10. Cybersecurity

Is TLS encrypted password safe?

Hello, on my android device my app autosaves my password and it encrypts by TLS im not politically exposed person, just regular entrepreneur. Should i worry if i loose my phone with TLS encrypted password? Or regular mortals or casual hackers are not able to crack it? (4 Replies)
Discussion started by: postcd
4 Replies

LEARN ABOUT REDHAT

upsrw

UPSRW(8)						      Network UPS Tools (NUT)							  UPSRW(8)

NAME

       upsrw - UPS variable administration tool

SYNOPSIS

       upsrw ups

       upsrw -h

       upsrw -s variable [-u username] [-p password] ups

DESCRIPTION

       upsrw  allows  you  to  view and change the read/write variables inside your UPS.  It sends commands via the server upsd(8) to your driver,
       which configures the hardware for you.

       The list of variables that allow you to change their values is based on the capabilities of your UPS equipment.	 Not  all  models  support
       this feature.  Typically, cheaper hardware does not support any of them.  Run upsrw with a UPS identifier to see what will work for you.

OPTIONS

       -h     Display the help message.

       -s variable
	      Specify  the variable to be changed inside the UPS.  For unattended mode such as in shell scripts, use the format VAR=VALUE to spec-
	      ify both the variable and the value, for example:

	      -s HIGHXFER=129

	      Without this argument, upsrw will just display the list of the variables and their possible values.

	      Some variables are strings, and can be set to any value within the length limit.	Others are enumerated types and can only be set to
	      one of those values.  Refer to the list to know what's available in your hardware.

       -u username
	      Set  the username for the connection to the server.  This is optional, and you will be prompted for this when using the -s option if
	      you don't specify -u on the command line.

       -p password
	      Set the password to authenticate to the server.  This is also optional like -u, and you will be prompted for it if necessary.

       ups    View or change the settings on this UPS.	The format for this option is [upsname@]hostname[:port].

UNATTENDED MODE

       If you run this program inside a shell script or similar to set variables, you will need to specify all of the information on  the  command
       line.  This means using -s VAR=VALUE, -u and -p.  Otherwise it will put up a prompt and your program will hang.

       This is not necessary when displaying the list, as the username and password are not required for read-only mode.

DIAGNOSTICS

       upsrw  can't set variables on your UPS unless you provide a valid username and password.  If you get "access denied" errors, make sure that
       your upsd.users(5) has an entry for you, and that the username you are using has permissions to SET variables.

HISTORY

       This program used to be called upsct2, which was ambiguous and confusing.

SEE ALSO

       upsd(8), upscmd(8)

   Internet resources:
       The NUT (Network UPS Tools) home page: http://www.exploits.org/nut/

       NUT mailing list archives and information: http://lists.exploits.org/

								  Sat Aug 31 2002							  UPSRW(8)
All times are GMT -4. The time now is 10:35 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy