Solved

Encrypting a shell script

Posted on 2009-06-29
10
693 Views
Last Modified: 2013-12-26
Im looking for a FREE way to encrypt a shell script so that it cant be read but will still be able to be executed. Ive tried shc but i get an error:
 shc -f scriptname.sh
./scriptname.sh.x

./scriptname.sh.x has expired
Please contact your provider
0
Comment
Question by:linuxpig
  • 3
  • 3
  • 3
  • +1
10 Comments
 
LVL 7

Expert Comment

by:unSpawn
ID: 24739867
The "has expired. Please contact your provider." informational message just means an an expiration date was set and says nothing about the License of Shc, the generic shell script compiler (http://www.datsi.fi.upm.es/~frosal/). (Please note obfuscating a shell script does not keep users with sufficient access rights from retrieving the password/passphrase anyway.)
0
 
LVL 61

Expert Comment

by:gheist
ID: 24740292
Binary is more protected - it does not need read access for execution, but anyway - trust models serve better than storing passwords.
0
 

Author Comment

by:linuxpig
ID: 24741227
Well, its not passwords in the script im looking to protect at this time, although for furture reference i may need that. But Unspawn, i received that message on a script i wrote, right after i downloaded the shc gz file, untarred it, ran make, make install and then ran shc -f script.sh. I also tried shc -r -f script.sh and shc -r -T -f script.sh.
So i wondered if there was something wrong with the gz file i downloaded, but it did this after re-downloading the gz file. So i ask if there is another way to do this, encrypting shell scripts, or if there is something im doing wrong with shc.
Thanks you!
0
 
LVL 16

Expert Comment

by:ai_ja_nai
ID: 24743433
>encrypt a shell script so that it cant be read but will still be able to be executed
Why don't you just get rid of read and write permissions for everybody?

chmod go-rw shellscript.sh
0
 
LVL 61

Expert Comment

by:gheist
ID: 24743531
read permission is essential for executing shell script. also it cannot have suid bit.

have a look at sudo option - a protected user dir containing unsafe scripts, and users allowed only to call scripts, not read.
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 

Author Comment

by:linuxpig
ID: 24745110
Permission and sudo wont work here as this script will be used in other servers in the future, so an actual encryption will have to work. As i have said, shc look like it may be the solution but im having issues with it.
 
So if someone know how to resolve it or knows of another way, please let me know.
0
 
LVL 61

Expert Comment

by:gheist
ID: 24745273
Trust scheme like Kerberos.
"encrypted" which decrypts in memory image is piece of cake to snoop.
0
 
LVL 7

Expert Comment

by:unSpawn
ID: 24747412
>So i wondered if there was something wrong with the gz file i downloaded
Probably something wrong with how you executed it. It works as advertised: 'echo -en '#!/bin/sh\necho hello world!\nexit 0\n' > match && ./shc -v -f match -e 01/12/2010 && ./match.x'.
0
 

Author Comment

by:linuxpig
ID: 24762045
Can you give me the steps on how/where you downloaded it, untarred it and then executed it, this way i can make sure the instructions im using on the internet arent faulty
0
 
LVL 7

Accepted Solution

by:
unSpawn earned 125 total points
ID: 24762501
The download page is what I posted in my first comment. If I'm not mistaken the tarball comes with a ready-to-run binary "shc". Delete it, then run 'make clean && make'. The example command to verify it runs OK I have posted in my second comment.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Changing passwords in Linux Systems 3 42
High Bandwidth Usage 6 31
How to learn Linux? 10 44
installing LSI MegaRAID Storage Manager on CentOS 7 22 107
If you have a server on collocation with the super-fast CPU, that doesn't mean that you get it running at full power. Here is a preamble. When doing inventory of Linux servers, that I'm administering, I've found that some of them are running on l…
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
This video will show you how to get GIT to work in Eclipse.   It will walk you through how to install the EGit plugin in eclipse and how to checkout an existing repository.

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now