I work on a RedHat linux server with an applicative user (no root).
I have a ksh script that make some sqlplus connections on different DBs by this command:
sqlplus -s myuser/password#DBNAME.
This connections need passwords, each one different from the others.
I would like to encrypt these passwords and store them inside a file.
Then, each time i run my script it has to read a specific encrypted password, decryp it and finally pass it to sqlplus command.
About taking a specific passwd I suppose I can insert a label at the beginning of line but my question is how to encrypt this passwords with openSSL (I can't install any tool on the machine) and if it is a secure method to avoid plain text password sending. Thanks in advance.
Something like :
Credential file
#!/bin/ksh
#######################################################
#
# Source for UID/Password. MUST be with access 600
#
# .credential.sh
#
# Usage : . .credential.sh
#
######################################################
#Declaring associative array
typeset -A Password
# Setting the values
Password[USER1]="Passwd1"
Password[USER2]="Passwd2"
And in your script :
#!/bin/ksh
#sourcing the credential files
. /foo/bar/.credential.sh
#............... Some code
myuser=USER1 # Or whatever means to set the user variable
#............... Some code
sqlplus -s $myuser/${Password[$myuser]}#DBNAME
#............... Some code
Related
I am trying to do a remote desktop connection between Ubuntu desktop and another Ubuntu system. I want to develop an application so it is necessary to use shell command.
ssh -X or -Y username#server_ip
I know this command is for trusted and untrusted connection between two systems but here username is necessary for connection so it is necessary to ask username and password to each user for connection. so I have created a bash file for getting input from the user. its name myscript.sh
#!/bin/bash
read -p 'Username: ' uservar
read -sp 'Password: ' passvar
sleep 10
and I want to use this variable value in another file. I wrote below code and file name terminal.sh.
#!/bin/bash<br>
xterm -e /file_path/myscript.sh
sshpass -p $passvar ssh -X $uservar#$remote_ip /usr/bin/xfce4-session
but this code is not working. I want myscript.sh user input value in terminal.sh file. one person suggests me to use signify. how to use signify here? Can anyone suggest a solution? thanks in advance.
Normally, you should set-up public/private key authentication with ssh. Anything else is a hack to get the same result.
In this case, you have to store the credentials (uid/pw) somewhere to be able to use them in your second script. That could be:
#!/bin/bash
read -p 'Username: ' uservar
read -sp 'Password: ' passvar
and call as . myscript.sh, or store them somewhere in a file for use (which is security-wise a little issue).
If you really cannot set-up your p/p-keys, you should probably put (as Inian suggests) put the prompting in the same script..
I have an interactive bash script which first asks for user name and THEN ask for password and then confirm password again. (It creates users in our ERP system NOT in Ubuntu)
I have an CSV of 1000+ users and randomly generated passwords so I have to create all these users. I want to write a script which picks users from the CSV and then when asked for password it passes passwords from the CSV to create users. Following is what I have done but it didn't work as intended:
while IFS=,
read -a csv_line; do
createusr ${csv_line[0]}:${csv_line[1]}:${csv_line[1]};done < Desktop/Passwoerter.csv
It gives error that password do not match!
The actual script for individual user work like:
~$ createuser xyz <press Enter>
password for xyz: whatever <press enter>
confirm password for xyz whatever <enter again>
~$
Its NOT:
~$ createuser xyz whatever whatever <press enter>
~$
It works fine if I add one by one but there are 1000+ so I was trying using a small script over CSV.
First Option: Use newusers: Its a part of passwd package.
DESCRIPTION
The newusers command reads a file (or the standard input by default)
and uses this information to update a set of existing users or to
create new users. Each line is in the same format as the standard
password file.
Input file formatting:
username:passwd:UID:GID:full name,room number,work phone,home phone,other:directory:shell
As you can see, the password is provided in the file.
Downside, You need to convert your csv to txt with provided format.
newusers < file.txt
Second Option: you can use useradd with -p switch.
useradd -m -p $(mkpasswd "password") username
-m Create the user's home directory if it does not exist.
-p The encrypted password, as returned by crypt(3).
I find out what I needed, my script looks like:
while IFS=# read -a csv_line
do
printf "%s\n%s\n" ${csv_line[1]} ${csv_line[1]} | createuser ${csv_line[0]}
done
and executed like:
./insertalluser < Desktop/Passwoerter.csv
I am building a bash script for my work to make initial setup and windows-domain join for our Ubuntu machines easy enough for someone who knows nothing about Linux can do it. I have found a lot of people that say that you shouldn't pass passwords through a script but to be efficient, I have to. The script prompts for info and credentials in the beginning and it needs to be able to be left to do it's job without interaction. I can't have it visible through ps when I pass it and I can't have it stored as an unsecured variable. Any suggestions?
If you really must do this, you can read the credentials into variables with read -s early in the script and then pass those values to the prompts. For example:
read -p "Enter your username: " username
read -sp "Enter your password: " password
echo
I included the blank echo because the -s option for read prevents the user's typing from appearing in the terminal, including the new line usually created after a user presses Enter when answering a prompt.
You can then use the $username and $password variables for the rest of your script and the credentials will not have to be stored outside of memory, meaning they will be lost/destroyed after the script completes.
However, note that any programs or utilities which take the credentials as command-line arguments will display those to other users on the machine running the script. For example, if I were to run a MySQL query using this method, I could do:
mysql -u "${username}" -p"${password}" -e "SHOW DATABASES;"
Other users on the machine could see the credentials while that was running with something like ps:
ps -ef | grep mysql
...
watrudoin 29512 29443 0 12:57 pts/4 00:00:00 mysql -u MyUserName -phunter2 -e SHOW DATABASES
You just need to be aware that what you are doing is not necessarily secure, but it seems that you already are.
I wrote a shell script to automate mysqldump.
I don't want my password to be entered in the script file. Can anyone suggest me an alternative way to do this?
If you are running the script interactively, then you can use read to read the password into an environmental variable, and then echo that password to mysqldump.
read -s -p 'password: ' password
echo "$password" | mysqldump ...
The password will be stored in plain text in memory but not elsewhere.
Alternatively as per the documentation you can use an option file to avoid giving the password on the command line. The file would contain something similar to the below:
[client]
# The following password will be sent to all standard MySQL clients
password="my_password"
I'm writing a script to set up VNC (amongst other things) on many debian based devices. I want to include VNC in this setup (specifically, tightVNC if possible) and have it set a given password (randomly generated by the script). The problem is, every guide I find seems to assume that a human is doing this, and is ready to sit and type in the password and press enter. I can't seem to get Bash to echo a password to VNC (it always says 'password too short') nor can I get 'expect' to work properly.
An example guide I found looks like this:
http://www.penguintutor.com/linux/tightvnc
I'm looking for something similar to this:
#!/bin/bash
echo "Going to configure VNC"
#turn on vnc server
tightvncserver
#spit out password to vnc server for first run only
echo $password
#confirm the pw
echo $password
But, on every virginal run of tightvncserver it always asks for a password to be inputted by hand:
Going to configure VNC
You will require a password to access your desktops.
Password: Password too short
How can I #1 get around this, or #2 use bash / expect to GIVE it a password to make it happy?
# Configure VNC password
umask 0077 # use safe default permissions
mkdir -p "$HOME/.vnc" # create config directory
chmod go-rwx "$HOME/.vnc" # enforce safe permissions
vncpasswd -f <<<"$password" >"$HOME/.vnc/passwd" # generate and write a password
Modify to taste, if your packaging for tightvnc uses a location other than ~/.vnc/ for the passwd file.
If you have separate view-only and full-control passwords, then:
vncpasswd -f <<<"$full_password"$'\n'"$view_password" >"$HOME/.vnc/passwd"
If you needed compatibility with /bin/sh (or otherwise weren't using #!/bin/bash shebangs), this would instead be:
vncpasswd -f >"$HOME/.vnc/passwd" <<EOF
$full_password
$view_password
EOF