There are so many questions on this and I didn't find any concluded answer.
I want to encrypt a string in the script, actually this is a password. I tried using openssl (I am a newbie to openssl), but it is generating a long one which we can't remember.
I want to encrypt the password and want to share it, so users can use that and my script needs to decrypt when the users enter it.
Any solutions, where I can generate small passwords (or equal length of original).
First off, putting passwords in scripts is a VERY BAD idea. It doesn't matter if they are encrypted or not, because having the password in clear text for all to read is just a small part of the problem, The bigger problem is that passwords are likely to change over time and you will have to change the script (and probably several scripts, if you employ that mechanism more often) every time. Chances are you forget on of these scripts and this will only surface in the moment you need it least.
Another thing is, that, regardless of how you encrypt the password, all the tools necessary to decrypt it are on the system already, therefore, it doesn't matter if you put it there in clear text or encrypted. Suppose your password is encrypted with the /some/encryption utility and will decrypted with the /some/decryption utility. You encrypt the password, get some value and have now a line in your script looking like
If i want to know the password and only have your script, what would prevent me from taking the encypted value from your script and issue
at the command line to get the unencrypted password myself?
If you do the decryption on the remote machine the problem stays the same: i will send the encrypted version and the remote system will decrypt it itself, so that the encrypted form of the password becomes the effective PW.
So, after this lengthy explanation of why this will not work in any way what will work?
Let us first rephrase the requirement: Something should be done at remote system X as user X. User A on the local system should initiate that using a script.
Now.create a user B at your local system. establish a line of trust between this user B and user X at the remote host by exchanging ssh-keys. User B(local) can now log on as user X(remote) without any password.
Now give the ownership of your script to this user B(local) and make it executable only for this user. User B would now be able to run this script and do the remote part without any password through the SSH-mechanism.
Now set up a sudo permission for User A(local) to run the script as user B(local). This way User A is not required to know the password for neither user B nor the remote system. He will still not be able to do anything else than run this script (sudo will prevent that).
Disable logging in for user B(local) so that nobody can misuse the line of trust established between user B(local) and user X(remote).
Make sure you are putting the master password and user passwords in secure places. All apps and systems have their hidden secrets and keys. This may be a good place for Public/Private Key Encryption. Lots written about the security challenges of any authentication system. Authentication is often that the encrypted trial password matches the encrypted stored password, so every raw password is only a transient memory artifact in automatic variables.
Hi Friends,
There are some 7 years script in out linux server. I am trying to understand them since Linux Server changed(A).
Below line in one of the encrypting script. Here scenario is encrypting bank files in our (A) server and doing Secure Copy to Server (B).
GPG -v --batch --yes --armor... (1 Reply)
Hi all,
I'm looking for secure file encryption tools that use MAC address as encryption key. FYI, I'm using Red Hat Enterprise Linux OS.
For example: when A wants to send file to B
A will encrypt the file with B's computer MAC/IP address as an encryption key
This file can only be decrypted... (2 Replies)
we r to develope a project which involves automatic encryption of all the text files user was working upon during logg off
and to decrypt them during log on
this is to be done by writing a shell script
can anyone help (2 Replies)
we are to develope a project on linux whose aim is to automatically encrypt files after logoff and to decrypt them using password after log in
this is to be made by chging source code of linux ...........
can any one help me on this???? (1 Reply)
Dear Members,
Can we find if a particular file is encrypted or decrypted.
I need a command by which i should be able to identify if a file is encrypted or decrypted.
How can we do this? (1 Reply)
Hi
Someone is going to send me a file that they have encrypted by PGP encryption on windows pc to my solaris 9 server.
They will give me the pgp key to decrypt the file.
How can I do this on solaris 9
Is there a tool installed by default to decrypt or do I need to install something to... (0 Replies)
Dear all,
If anyone has some ideas for me how to tackle the following situation:
Imagine a type of client-server application. The client application is started by a human operator with all the necessary LDAP/Kerberos in place. The server application is started automatically as a daemon process.... (2 Replies)
Hello guys !
I have used "crypt <first> second" command to encrypt "first" to "second" file. i have assign a key for that of course.
Now when i try to look content of "seocnd" file through "cat second" command, the file is encrypted and cannot be read which is according to plan.
But when... (3 Replies)