I am trying to write a script to automate kerberos principal and but the script is not working. Not sure what i am missing. Below is the code:
#!/bin/bash
read -p "Please enter space-delimited list of principal to create: " NEW_Principal
clear
echo "password" | kinit adminuser/admin ; echo "password" | kadmin
for i in $NEW_ORGS
do
addprinc ${i}
${i}
echo ""
done
Also tried writing this way:
################### create principal #############
pass="principal_password"
echo "password" | kinit adminuser/admin
printf "%b" "password" | kadmin
printf "%b" "addprinc principal_name\n$pass\n$pass"
But its not working in script.
I have done it. All I have to do is pass the command as a string. Here is the answer:
echo -e "${i}\n${i}" | kadmin -w "$krb_pass" -q "addprinc
Related
Need some help in assigning a password to each newly created user from a text file using awk.
For example:
Text file:
John Doe 12345678
Jane Doe 87654321
Newly created user:
JDoe5678 with password: 12345678
JDoe4321 with password: 87654321
My current code:
#!/bin/bash
PATH_EMPLOYEE_FILE="employeelist"
password=($(awk '{print {print $3}))}' "${PATH_EMPLOYEE_FILE}"))
groupname="group1"
USERS_LIST=($(awk '{print substr($1,1,1) $2 substr($3,length($3)-3,length($3))}' "${PATH_EMPLOYEE_FILE}"))
for USER in "${USERS_LIST[#]}"
do
echo "User account created: ${USER}"
useradd -m -G "${groupname}" "${USER}" -p ${password}
done
You're not indexing $password, so you're always using the first password in the useradd command.
There's no need for awk or arrays, you can use bash's read command, and its parameter expansion operators to extract parts of the first name and password into the username.
while read -r fname lname password; do
username=${fname:0:1}$lname${password: -4} # don't forget the space before -4
echo "User account created: $username"
useradd -m -G "$groupname" "$username" -p "$password"
done < "$PATH_EMPLOYEE_FILE"
I want to make my script password protected. If I use this code it works:
ACTUAL="sam123"
read -s -p "Password: " enteredpass
I also want to protect the script from being read with cat and vi. I tried to use vim -x <script> to encrypt it but then it won't allow me to run it.
I am using a generic user and haven't gotten anywhere.
You can't do this securely without your sysadmin's help, but you can do something sorta-kinda-maybe-not-really-adequate without it.
So, let's say you create your script like so:
cat >myscript <<EOF
echo "Doing something super secret here"
EOF
...but you don't want anyone who doesn't know the password to run it, even if they're using a shared account. You can do this by encrypting it:
gpg -ac <myscript >myscript.asc
...and then embedding that plaintext into a script:
#!/usr/bin/env bash
{ gpg -d | bash -s "$#"; } <<'EOF'
-----BEGIN PGP MESSAGE-----
jA0EBwMCBogTuO9LcuZg0lsB2wqrsPU8Bw2DRzAZr+hiecYTOe//ajXfcjPI4G6c
P3anEYb0N4ng6gsOhKqOYpZU9JzVVkxeL73CD1GSpcQS46YlKWJI8FKcPckR6BE+
7vqkcPWwcS7oy4H2
=gmFu
-----END PGP MESSAGE-----
EOF
That said, other users in the shared account can still collect your password if they connect to and trace your process while it's running -- running strace on the copy of bash -s will show the text being fed into its stdin. In general, you shouldn't rely on shared accounts for anything that needs to remain confidential.
Late answer for posterity, how about using openssl? here's my scriptencrypt.sh
It generates a new .sh file that requires a password
#!/bin/bash
if [ -z "$1" ]; then echo "usage: $(basename $0) script"; exit 1; fi
script=$(cat "$1")
checksum="$(echo "$script" | md5sum | awk '{ print $1 }')"
extension=$([[ "$(basename $1)" =~ .\.. ]] && echo ".${1##*.}" || echo "")
cat << EOF > "${1%.*}.enc${extension}"
#!/bin/bash
read -r -d '' encrypted_script << EOF2
$(openssl aes-256-cbc -a -salt -in /dev/stdin -out /dev/stdout <<< "${script}")
EOF2
read -s -p "Enter script password: " password
echo
unencrypted_script=\$(openssl aes-256-cbc -d -a -salt -in /dev/stdin -out /dev/stdout <<< "\${encrypted_script}" -pass pass:"\${password}" 2>/dev/null | tr -d '\000')
clear
checksum="\$(echo "\$unencrypted_script" | md5sum | awk '{ print \$1 }')"
if [ "\${checksum}" = "${checksum}" ]; then
eval "\${unencrypted_script}"
exit 0
else
echo "Wrong password inserted"
exit 1
fi
EOF
I'm trying to deploy a cluster with a script which uses a yaml file. Except for an entry called "RaftFS" each yaml entry represents a machine to deploy. I don't understand why the script does only one while cycle if the ssh command is executed (even if the command is a simple ls !) but if I delete it then everything is fine and it does a number of cycle equals to the number of machines defined in the yaml file!
cat RaftFS/servers.yaml | shyaml keys-0 |
while read -r -d $'\0' value; do
if [ ! $value == "RaftArgs" ]; then
address=$(cat RaftFS/servers.yaml | shyaml get-value $value.machineIP | xargs -0 -n 1 echo)
username=$(cat RaftFS/servers.yaml | shyaml get-value $value.username | xargs -0 -n 1 echo)
password=$(cat RaftFS/servers.yaml | shyaml get-value $value.password | xargs -0 -n 1 echo)
#uploading my fingerprint (in order to use pssh)
echo $address $username $password
echo "uploading my fingerprint on $username#$address $password"
sshpass -p $password ssh-copy-id -oStrictHostKeyChecking=no $username#$address
echo "creating RaftFS"
ssh $username#$address echo "MACHINE=$value vagrant up">>vagrantscript.sh
fi
echo $address $username $password
done
I think there is no issue with the ssh command but it is a delimiter's issue
I've played a little with read -r -d $'\0' and these are the results
echo "a\0b\0c" | while read -r -d $'\0' var; do echo $var; done
prints
a
b
and
echo "a\0b\0c\0" | while read -r -d $'\0' var; do echo $var; done
prints
a
b
c
I assume there is some difference in the end line when the $value == "RaftArgs"
The standard input to the while loop is also the standard input to every command within the while loop. ssh reads from standard input in order to pipe the data to the remote command. It's probably consuming the data intended for the read statement.
You can redirect the ssh command's input:
ssh $username#$address ... >>vagrantscript.sh < /dev/null
Or you can run ssh with the "-n" flag to prevent reading from stdin:
ssh -n $username#$address ... >>vagrantscript.sh
n=rijotests143.revsw.net
echo $n
me=$(echo $n | sed 's/"/ /g')
echo $me
u=$(echo $me | sed 's/\./\_/g')
echo $u
ssh -i m_bp.pem ubuntu#95.68.74.51 'bash -s' < domain_delbp.sh
I am getting accessed to the remote server and passing values in domain_delbp.sh file. In this i need to pass a value of $u in domain_delbp.sh and need to execute the command
cat /opt/rijo/var/$u.json
Please help me
You can simply parse the value to the script and in the script you can access that value as $1 variable.
n=rijotests143.revsw.net
echo $n me=$(echo $n | sed 's/"/ /g')
echo $me u=$(echo $me | sed 's/./_/g')
echo $u
ssh -i m_bp.pem ubuntu#95.68.74.51 'bash -s' < domain_delbp.sh $u
I have a simple Bash script automating tasks which require password-based authentication.
Currently I store the credentials in plain text:
$ cat ~/.myconfig
username=foo
password=bar
Obviously that's bad - so I wonder whether there's a simple way to encrypt/decrypt the password using my public/private key pair. Using Yet Another Password for the encryption wouldn't gain much, so I want it to happen pretty much automatically.
I've done some research (around here and elsewhere), but am way out of my depth on this one...
You can store password into md5 sum, add some salt before.
create:
\#!/bin/bash
salt=12345_
protocol=sha1sum
read -p "Enter login: " username
read -p -s "Password: " pass1
read -p -s "Repeat: pass2
if [ "pass1 != pass2" ]; then echo "Pass missmatch"; exit 1; else password=pass1; fi
echo -en "$username " >> ./mypasswd
echo -e "${salt}${password} | $protocol | awk '{print $1}'" >> ./mypqsswd
read:
\#!/bin/bash
salt=12345_ #(samesalt)
protocol=sha1sum
read -p "Enter username: " username
read -p -s "Enter password: " password
if [ `grep $username ./mypasswd | awk '{print $2}' != `echo -e "`echo ${salt}${password} | $protocol | awk '{print $2}'`" ]; then echo -e "wrong username or password"; exit 127; else echo -e "login successfull"; fi
There's your code.
To automate your task means providing the password; it won't make a difference is you encrypt/obfuscate the password, you'll need to provide the decrypting too.
The only way around this dilemma is an agent-like program, as for example ssh-agent, which stores your passwords for you.
(edit: corrected link)
If you simply want to hide the password then store its SHA1 hash. The compare the hash of the entered password with your stored hash.