Avatar of ashsysad
ashsysad
Flag for United States of America asked on

Using encrypted password file in Linux

Hello,

We have a situation like this. We have a Shell script in which we hard-coded the Password for a Production account. The script will login to another server using the hard-coded password and perform some operation.

We feel it's potentially unsafe hard-coding the password in the script, hence am wondering why don't we use an encrypted file which will contain password details and only during the execution, it will decrypt only during the execution.  Please let me know if it is possible.

I'm aware of the other options like using SSH password less keys but my management isn't convinced with it.

Thanks in advance !!
LinuxLinux SecurityUnix OS

Avatar of undefined
Last Comment
ashsysad

8/22/2022 - Mon
SOLUTION
stergium

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
ashsysad

ASKER
Thanks Stergium. The syntax to decrypt a file and write the output to file is giving syntax error. Could you please check ?

# gpg confidentail.txt.gpg -o passfile
usage: gpg [options] [filename]
# gpg -d confidentail.txt.gpg -o passfile
usage: gpg [options] --decrypt [filename]
# gpg -d confidentail.txt.gpg passfile
usage: gpg [options] --decrypt [filename]
#
SOLUTION
Tintin

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
ashsysad

ASKER
Makes sense Tintin. It would be grateful if  you give me the steps to lock down the SSH connection based on Source IP address ?
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ashsysad

ASKER
@Wmp,  I'm trying how to assign the password present in a file to a Variable in a script. I'm trying like this but it isn't working.  Please help.

# cat secretfile
newpass
# var1=`--stdin secretfile`
-bash: --stdin: command not found
# var1 --stdin secretfile
-bash: test: --stdin: unary operator expected
#
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
ASKER CERTIFIED SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ashsysad

ASKER
Thankyou all. With this discussion, I got some useful information on password security in scripts.
ashsysad

ASKER
Thankyou all !!