• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1087
  • Last Modified:

Mask the username/password in a script


I wrote a perl script which connects to another unix system to do some jobs.
The script will be executed by another operator. The operator has the access of the first system but he doesn't have access on the 2nd unix.
Right now, I put the username & password of the 2nd unix system in the script. This will disclose the account to the user who doesn't have right.

What can i do so that the operator can execute the script without knowing the username & password of the system?

  • 5
  • 3
  • 2
  • +2
1 Solution
does the other operator need read access to the script...or only execute privilege?

as long as the perl script doesn't output to username and password to anywhere visible...and the other operator only has execute rights...'chmod 711 <progname>' will give you as the owner full read, write and execute privilege...but people who are in the same unix group or public can execute.

this means that others can only run the program/script...they are not allowed to view or edit the file.
matchzAuthor Commented:
Actually, I tried to change the access to 711. However, the perl will return permission denied until i change the access right to 750
Hi matchz,
Don't store plaintext passwords anywhere. It's a major security risk. If you want the other operator to run a job, consider using ssh public key authentication:

(The "client" is your account from where you want to connect to the "server")

1. Create a public/private key pair on your client:

      ssh-keygen -b 2048 -t dsa -f ~/.ssh/id_dsa -N ''
      Check that you private key (~/.ssh/id_dsa) is ONLY readable by you:
      sschuerg@client:/home/sschuerg $ ls -l ~/.ssh
      total 64
      -rw-------   1 sschuerg  FIUA2K      1192 Mar 29 11:25 id_dsa
      -rw-r--r--   1 sschuerg  FIUA2K      1116 Mar 29 11:25 id_dsa.pub
2. Copy you newly generated public key from you client to the server using scp:

      scp ~/.ssh/id_dsa.pub login@server:.ssh/my_public_key
      (This will ask for the password)
      (see scp's man page for more details)
3. Login to the server to check the key configuration:

      ssh login@server    (This will ask for the password)
      cd .ssh
      ls -l
      ...This will show something like
      server!login:~/.ssh [101]> ls -l
      total 12
      -rw-r--r--   1 login  mndev        331 Jun 20  2003 authorized_keys
      -rw-r--r--   1 login  mndev       4478 Mar 29 11:26 authorized_keys2
      -rw-r--r--   1 login  mndev       1116 Mar 29 11:26 my_public_key
      If there is no "authorized_keys2" file, simply rename your file:
      mv my_public_key authorized_keys2

      Otherwise, append it to the existing file:
      cat my_public_key >> authorized_keys2
      rm -f my_public_key
      and logout.
4. Check if authentication works:
      (from client)      
      ssh login@server

Now you can run any job with

ssh login@server <command chain>

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

What method are you using to "connect" to the other server?  telnet, ssh, http, ftp, rsh, etc?
matchzAuthor Commented:
Now, i am using the Net::Telnet Lib in perl. I am using telnet to connect to the server.
You'll be much better off using ssh in the manner stefan73 suggested.
mode 711 is useless for scripts, you always need read permission for it, hence the permission denied
Either you need to write a wrapper program (not script) to call your perl as propper user, or go with ssh.
You also may use sudo.
I'd suggest ssh.
There seems to be a theme here and it's called ssh.
matchzAuthor Commented:
So how can i estabish a ssh session in a perl script?
There are some logics inside the perl script. Is there any libraries for this purpse?
use Net::SSH;
To expand on ahoffmann's answer

You really should have given the points to stefen73 and ahoffman.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

  • 5
  • 3
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now