Mask the username/password in a script

Hi,

I wrote a perl script which connects to another unix system to do some jobs.
The script will be executed by another operator. The operator has the access of the first system but he doesn't have access on the 2nd unix.
Right now, I put the username & password of the 2nd unix system in the script. This will disclose the account to the user who doesn't have right.

What can i do so that the operator can execute the script without knowing the username & password of the system?

Thanks.
matchzAsked:
Who is Participating?
 
TintinConnect With a Mentor Commented:
To expand on ahoffmann's answer

http://search.cpan.org/~ivan/Net-SSH-0.08/SSH.pm
0
 
lwadwellCommented:
does the other operator need read access to the script...or only execute privilege?

as long as the perl script doesn't output to username and password to anywhere visible...and the other operator only has execute rights...'chmod 711 <progname>' will give you as the owner full read, write and execute privilege...but people who are in the same unix group or public can execute.

this means that others can only run the program/script...they are not allowed to view or edit the file.
0
 
matchzAuthor Commented:
Actually, I tried to change the access to 711. However, the perl will return permission denied until i change the access right to 750
0
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
stefan73Commented:
Hi matchz,
Don't store plaintext passwords anywhere. It's a major security risk. If you want the other operator to run a job, consider using ssh public key authentication:

(The "client" is your account from where you want to connect to the "server")

1. Create a public/private key pair on your client:

      ssh-keygen -b 2048 -t dsa -f ~/.ssh/id_dsa -N ''
      Check that you private key (~/.ssh/id_dsa) is ONLY readable by you:
      
      sschuerg@client:/home/sschuerg $ ls -l ~/.ssh
      total 64
      -rw-------   1 sschuerg  FIUA2K      1192 Mar 29 11:25 id_dsa
      -rw-r--r--   1 sschuerg  FIUA2K      1116 Mar 29 11:25 id_dsa.pub
      
      
2. Copy you newly generated public key from you client to the server using scp:

      scp ~/.ssh/id_dsa.pub login@server:.ssh/my_public_key
      (This will ask for the password)
            
      (see scp's man page for more details)
      
3. Login to the server to check the key configuration:

      ssh login@server    (This will ask for the password)
      cd .ssh
      ls -l
      
      ...This will show something like
      
      server!login:~/.ssh [101]> ls -l
      total 12
      -rw-r--r--   1 login  mndev        331 Jun 20  2003 authorized_keys
      -rw-r--r--   1 login  mndev       4478 Mar 29 11:26 authorized_keys2
      -rw-r--r--   1 login  mndev       1116 Mar 29 11:26 my_public_key
      
      If there is no "authorized_keys2" file, simply rename your file:
      mv my_public_key authorized_keys2

      Otherwise, append it to the existing file:
      cat my_public_key >> authorized_keys2
      rm -f my_public_key
      
      and logout.
      
4. Check if authentication works:
      (from client)      
      
      ssh login@server


Now you can run any job with

ssh login@server <command chain>


Cheers,
Stefan
0
 
TintinCommented:
What method are you using to "connect" to the other server?  telnet, ssh, http, ftp, rsh, etc?
0
 
matchzAuthor Commented:
Now, i am using the Net::Telnet Lib in perl. I am using telnet to connect to the server.
0
 
TintinCommented:
You'll be much better off using ssh in the manner stefan73 suggested.
0
 
ahoffmannCommented:
mode 711 is useless for scripts, you always need read permission for it, hence the permission denied
Either you need to write a wrapper program (not script) to call your perl as propper user, or go with ssh.
You also may use sudo.
I'd suggest ssh.
0
 
TintinCommented:
There seems to be a theme here and it's called ssh.
0
 
matchzAuthor Commented:
So how can i estabish a ssh session in a perl script?
There are some logics inside the perl script. Is there any libraries for this purpse?
0
 
ahoffmannCommented:
use Net::SSH;
0
 
TintinCommented:
You really should have given the points to stefen73 and ahoffman.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.