|
|
Sponsored Content
Top Forums
UNIX for Advanced & Expert Users
How to maintain a personal password file 'safely'?
Post 302940827 by newbie_01 on Thursday 9th of April 2015 09:19:25 AM
04-09-2015
How to maintain a personal password file 'safely'?
Hi all,
As time progresses, the number of servers that I have to login to has grown to the hundreds.
Some of the servers has NIS so I can use one single password for this group of servers.
The hard part comes to when you have 20+ other servers that now require different passwords and different password rules. In this scenario, I am wondering whether anyone from this FORUM has a 'simple' way of being able to copy and paste passwords from an encrypted file when prompted instead of having to type it in.
At the moment, I am using Keepass, then I copy-and-paste the passwords from it into a text file that I crypt/decrypt and then delete after. I do this every so often that it is becoming tedious that I just keep the file and then crypt it to decrypt again at some stage
-
Any advice will be much appreciated. Thanks.
As time progresses, the number of servers that I have to login to has grown to the hundreds.
Some of the servers has NIS so I can use one single password for this group of servers.
The hard part comes to when you have 20+ other servers that now require different passwords and different password rules. In this scenario, I am wondering whether anyone from this FORUM has a 'simple' way of being able to copy and paste passwords from an encrypted file when prompted instead of having to type it in.
At the moment, I am using Keepass, then I copy-and-paste the passwords from it into a text file that I crypt/decrypt and then delete after. I do this every so often that it is becoming tedious that I just keep the file and then crypt it to decrypt again at some stage
-Any advice will be much appreciated. Thanks.
|
|
8 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
I need to alter a file.
I'm using sed then passing output to temp file
then using touch -r to maintain the date but the permissions do not get preserved
How can I sed a file and maintain date and permissions
currently
it's preserving the date but the permissions revert back to the... (3 Replies)
Discussion started by: andyatit
3 Replies
2. Shell Programming and Scripting
Hi all,
Am writing a script that does a rm/mv if a file exist, however, in one scenario, one of the variables which is supposed to a variable for a directory is undefined/blank so instead of the variable resolving to /tmp/logfile.dmp, it resolves instead to / so the rm translates to a rm /... (2 Replies)
Discussion started by: newbie_01
2 Replies
3. Shell Programming and Scripting
I am developing a script to maintain 'n' number of versions of a file. The script will take a filename as a parameter and the number of versions to maintain. This basically does something like a FIFO. Here is what I developed. But something is not right. I have attached the script. Can u pls help... (2 Replies)
Discussion started by: vskr72
2 Replies
4. Shell Programming and Scripting
I have a string like root=/dev/sda3 noacpi foo "Baz mumble" which I would like to separate into tokens like a shell does. This would be easily done with eval but that would open a security hole big enough to drop a cow through, injecting arbitrary code would be easy as pie. How can I parse this... (15 Replies)
Discussion started by: Corona688
15 Replies
5. Homework & Coursework Questions
Use and complete the template provided. The entire template must be completed. If you don't, your post may be deleted!
1. The problem statement, all variables and given/known data:
Hello guys
I am about to write a script that is based on "The Linux Administration Handbook" The exercise is... (6 Replies)
Discussion started by: Learn4Life
6 Replies
6. Shell Programming and Scripting
Hello guys
I am about to write a script that is based on "The Linux Administration Handbook" The exercise is as follows:
Write a shell script to help monitor the health of the /etc/passwd file.
Find entries that have UID0
Find entries that have no password (needs /etc/shadow)
Find any... (4 Replies)
Discussion started by: Learn4Life
4 Replies
7. Solaris
I am using:
reboot -- cdrom
However I'm afraid of causing file system errors/corruption. I've seen many threads say that
init 6
is safer, but I need to get to CDROM.
Is there a command that is as safe as init, but can boot to cdrom, or should I not worry so much about the reboot... (5 Replies)
Discussion started by: lcoreyl
5 Replies
8. UNIX for Advanced & Expert Users
Running SunOs 5.6. Solaris.
I've been able to remove all special characters from a fixed length file which appear in the first column but as a result all subsequent columns have shifted to the left by the amount of characters deleted.
It is a space separated file. Line 1 in input file is... (6 Replies)
Discussion started by: iffy290
6 Replies
LEARN ABOUT POSIX
chpasswd
CHPASSWD(8) System Management Commands CHPASSWD(8) NAME
chpasswd - update passwords in batch mode SYNOPSIS
chpasswd [options] DESCRIPTION
The chpasswd command reads a list of user name and password pairs from standard input and uses this information to update a group of existing users. Each line is of the format: user_name:password By default the passwords must be supplied in clear-text, and are encrypted by chpasswd. Also the password age will be updated, if present. By default, passwords are encrypted by PAM, but (even if not recommended) you can select a different encryption method with the -e, -m, or -c options. Except when PAM is used to encrypt the passwords, chpasswd first updates all the passwords in memory, and then commits all the changes to disk if no errors occurred for any user. When PAM is used to encrypt the passwords (and update the passwords in the system database) then if a password cannot be updated chpasswd continues updating the passwords of the next users, and will return an error code on exit. This command is intended to be used in a large system environment where many accounts are created at a single time. OPTIONS
The options which apply to the chpasswd command are: -c, --crypt-method METHOD Use the specified method to encrypt the passwords. The available methods are DES, MD5, NONE, and SHA256 or SHA512 if your libc support these methods. By default, PAM is used to encrypt the passwords. -e, --encrypted Supplied passwords are in encrypted form. -h, --help Display help message and exit. -m, --md5 Use MD5 encryption instead of DES when the supplied passwords are not encrypted. -R, --root CHROOT_DIR Apply changes in the CHROOT_DIR directory and use the configuration files from the CHROOT_DIR directory. -s, --sha-rounds ROUNDS Use the specified number of rounds to encrypt the passwords. The value 0 means that the system will choose the default number of rounds for the crypt method (5000). A minimal value of 1000 and a maximal value of 999,999,999 will be enforced. You can only use this option with the SHA256 or SHA512 crypt method. By default, the number of rounds is defined by the SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS variables in /etc/login.defs. CAVEATS
Remember to set permissions or umask to prevent readability of unencrypted files by other users. CONFIGURATION
The following configuration variables in /etc/login.defs change the behavior of this tool: SHA_CRYPT_MIN_ROUNDS (number), SHA_CRYPT_MAX_ROUNDS (number) When ENCRYPT_METHOD is set to SHA256 or SHA512, this defines the number of SHA rounds used by the encryption algorithm by default (when the number of rounds is not specified on the command line). With a lot of rounds, it is more difficult to brute forcing the password. But note also that more CPU resources will be needed to authenticate users. If not specified, the libc will choose the default number of rounds (5000). The values must be inside the 1000-999,999,999 range. If only one of the SHA_CRYPT_MIN_ROUNDS or SHA_CRYPT_MAX_ROUNDS values is set, then this value will be used. If SHA_CRYPT_MIN_ROUNDS > SHA_CRYPT_MAX_ROUNDS, the highest value will be used. Note: This only affect the generation of group passwords. The generation of user passwords is done by PAM and subject to the PAM configuration. It is recommended to set this variable consistently with the PAM configuration. FILES
/etc/passwd User account information. /etc/shadow Secure user account information. /etc/login.defs Shadow password suite configuration. /etc/pam.d/chpasswd PAM configuration for chpasswd. SEE ALSO
passwd(1), newusers(8), login.defs(5), useradd(8). shadow-utils 4.5 01/25/2018 CHPASSWD(8)