Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: SSH password from file
Top Forums UNIX for Dummies Questions & Answers SSH password from file Post 302895873 by bakunin on Thursday 3rd of April 2014 04:44:16 AM
Old 04-03-2014
The reason why providing passwords to ssh (and similar commands, like passwd) is difficult ist, that - for security reasons - such programs clear <stdin>. A simple redirection program < /some/file or something to that effect will fail therefore.

Using expect or similar tools is possible, but the best solution is to stick with the key provided by the keyfile. Everything else is less secure and more error prone. It will always mean to store the password in a file and at some point of the execution to decrypt it (if it ever was encrypted in first place). If such a process provides enough security for you one has to wonder what you need passwords at all for.

I hope this helps.

bakunin
This User Gave Thanks to bakunin For This Post:
senthil.ak
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

no password ssh

Hello all, I would like to know if anyone had ever set up a network in which they used DHCP and OPENSSH with no password. I can configure my ssh files to allow me to enter any machine without a password as long as I have generated the public and private keysa nd store them in my .ssh/aut... ... (3 Replies)
Discussion started by: larryase
3 Replies

2. AIX

How to use SSH Secure File Transfer tool from windows to AIX without password?

If I use SSh Secure File Transfer tool on Windows, I want to transfer file from windows to AIX without password, how to do it? (6 Replies)
Discussion started by: rainbow_bean
6 Replies

3. Solaris

SSH Password-less login fails on password expiry.

Hi Gurus I have a few Sol 5.9 servers and i have enabled password less authentication between them for my user ID. Often i have found that when my password has expired,the login fails. Resetting my password reenables the keys. Do i need to do something to avoid this scenario or is this... (2 Replies)
Discussion started by: Renjesh
2 Replies

4. Shell Programming and Scripting

SSH with password

Please help me I want connect to orther server using ssh. But I need to transfer password also without entering when it is prompts. Please help me. (1 Reply)
Discussion started by: saga499
1 Replies

5. AIX

While trying to do ssh without password, rsa key file is created as empty.

Hi i have aix 5.3 operating system, and i am trying to do ssh without passwd, when i tried to create a rsakey, it produces empty file as an output, how can solve that problem? why it is giving empty output file, i tried with different user, situation same,.i have restarted sshd server. .ssh... (2 Replies)
Discussion started by: nibiru78
2 Replies

6. UNIX for Dummies Questions & Answers

SSH with no password

How to setup SSH to not require a password when establishing an SSH connection from server A to server B for particular user? (4 Replies)
Discussion started by: sam101
4 Replies

7. Red Hat

ssh without password

Hi, I am trying to generate ssh without having to type a password. I have done this on numerous occasions using the procedure below and it has worked fine but not on this occasion. user1@sys1:ssh-keygen -t dsa -N "" <press enter for any questions> user1@sys1: ll .ssh/id_dsa.pub... (16 Replies)
Discussion started by: Duffs22
16 Replies

8. Shell Programming and Scripting

Ssh to 100s of hosts with password in a shell script or text file

I have about 500 hosts where I need to ssh by sending the password on the command line or in a text file in a clear text . However I am not able to download "sshpass" or other tools . Any other ways to pass the password in a script ? (3 Replies)
Discussion started by: gubbu
3 Replies

9. Red Hat

SSH password less setup asking for password

Hello Experts, when I am trying to connect my target server through sftp after creating ssh password less setup, it is asking for passowrd to connect. to setup this I followed below process: -->generated keys by executing the command "ssh-keygen -t rsa" -->this created my .ssh directory... (9 Replies)
Discussion started by: Devipriya Ch
9 Replies

10. UNIX for Beginners Questions & Answers

Ssh password

Hi there. I am fully aware of the security implications, but is there a way give a user password with the rsh and/or ssh commands? Such as: ssh user@192.168.0.56 -p password Or pass a config file to the command containing a password? I'm looking after a cluster and trying to use PSSH,... (6 Replies)
Discussion started by: MuntyScrunt
6 Replies

LEARN ABOUT REDHAT

ckpasswd

CKPASSWD(1)						    InterNetNews Documentation						       CKPASSWD(1)

NAME

       ckpasswd - nnrpd password authenticator

SYNOPSIS

       ckpasswd [-s] [-d database] [-f filename]

DESCRIPTION

       ckpasswd is the basic password authenticator for nnrpd, suitable for being run from an auth stanza in readers.conf(5).  See readers.conf(5)
       for more information on how to configure an nnrpd authenticator.

       ckpasswd accepts a username and password from nnrpd and tells nnrpd(8) whether that's the correct password for that username.  By default,
       when given no arguments, it checks the password against the password field returned by getpwnam(3).  Note that these days most systems no
       longer make real passwords available via getpwnam(3) (some still do if and only if the program calling getpwnam(3) is running as root).

       Note that ckpasswd expects all passwords to be stored encrypted by the system crypt(3) function and calls crypt(3) on the supplied password
       before comparing it to the expected password.

OPTIONS

       -d database
	   Read passwords from a database (ndbm or dbm format depending on what your system has) rather than by using getpwnam(3).  ckpasswd
	   expects database.dir and database.pag to exist and to be a database keyed by username with the encrypted passwords as the values.

	   While INN doesn't come with a program intended specifically to create such databases, on most systems it's fairly easy to write a Perl
	   script to do so.  Something like:

	       #!/usr/bin/perl
	       use NDBM_File;
	       use Fcntl;
	       tie (%db, 'NDBM_File', '/path/to/database', O_RDWR | O_CREAT, 0640)
		   or die "Cannot open /path/to/database: $!
";
	       $| = 1;
	       print "Username: ";
	       my $user = <STDIN>;
	       chomp $user;
	       print "Password: ";
	       my $passwd = <STDIN>;
	       chomp $passwd;
	       my @alphabet = ('.', '/', 0..9, 'A'..'Z', 'a'..'z');
	       my $salt = join '', @alphabet[rand 64, rand 64];
	       $db{$user} = crypt ($passwd, $salt);
	       untie %db;

	   Note that this will echo back the password when typed; there are obvious improvements that could be made to this, but it should be a
	   reasonable start.

	   This option will not be available on systems without dbm or ndbm libraries.

       -f filename
	   Read passwords from the given file rather than using getpwnam(3).  The file is expected to be formatted like a system password file, at
	   leat vaguely.  That means each line should look something like:

	       username:pdIh9NCNslkq6

	   (and each line may have an additional colon after the encrypted password and additional data; that data will be ignored by ckpasswd).
	   INN does not come with a utility to create the encrypted passwords, but it's a quick job with Perl (see the example script under -d).

       -s  Check passwords against the result of getspnam(3) instead of getpwnam(3).  This function, on those systems that supports it, reads from
	   /etc/shadow or similar more restricted files.  If you want to check passwords supplied to nnrpd(8) against system account passwords,
	   you will probably have to use this option on most systems.

	   Most systems require special privileges to call getspnam(3), so in order to use this option you may need to make ckpasswd setgid to
	   some group (like group "shadow") or even setuid root.  ckpasswd has not been specifically audited for such uses!  It is, however, a
	   very small program that you should be able to check by hand for security.

	   This configuration is not recommended if it can be avoided, since the NNTP protocol has no way of protecting passwords from casual
	   interception, and using system passwords to authenticate NNTP connections therefore opens you up to the risk of password sniffing.  If
	   you do use system passwords to authenticate connections, you should seriously consider only doing NNTP through ssh tunnels or over SSL.

EXAMPLES

       See readers.conf(5) for examples of nnrpd(8) authentication configuration that uses ckpasswd to check passwords.

HISTORY

       Written by Russ Allbery <rra@stanford.edu> for InterNetNews.

       $Id: ckpasswd.1,v 1.1.2.1 2000/11/06 08:41:11 rra Exp $

SEE ALSO

       readers.conf(5), nnrpd(8)

3rd Berkeley Distribution					      INN 2.3							       CKPASSWD(1)
All times are GMT -4. The time now is 11:26 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy