HPE Community
Operating System - HP-UX
1752290 Members
4867 Online
108786 Solutions
New Discussion юеВ

passwords in clear text

 
J Busch
Advisor

тАО09-22-2006 06:27 AM

тАО09-22-2006 06:27 AM

passwords in clear text

We use FTP to transfer files to/from a mainframe and several other UNIX/Windows boxes. The ftp server address, login and password information is stored in clear text in the ftp answer file on my server. I realize FTP is the not the most secure method of transferring files but I am stuck using ftp. Any thoughts on how I could make this more secure?

At a minimum I would like to protect the login information within the answer file to prevent anyone from viewing the information.

Any thoughts or suggestions???
0 Kudos
Reply
9 REPLIES 9
Jeff_Traigle
Honored Contributor

тАО09-22-2006 06:32 AM

тАО09-22-2006 06:32 AM

Re: passwords in clear text

Check the ftp man page for information about .netrc. That's about as secure as you're going to get with it.
--
Jeff Traigle
0 Kudos
Reply
J Busch
Advisor

тАО09-22-2006 06:44 AM

тАО09-22-2006 06:44 AM

Re: passwords in clear text

I was looking at that, but the .netrc also has the password in clear text. But if that is the best i can do then i guess we will have to live with it...
0 Kudos
Reply
Jaime Bolanos Rojas.
Honored Contributor

тАО09-22-2006 06:44 AM

тАО09-22-2006 06:44 AM

Re: passwords in clear text

Jim,

The only thing that I can think of is changing to SFTP. After all going with secure shell http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=T1471AA

sounds like a really good idea, fromt the security point of view.

Regards,

Jaime.
Work hard when the need comes out.
0 Kudos
Reply
Geoff Wild
Honored Contributor

тАО09-22-2006 09:23 AM

тАО09-22-2006 09:23 AM

Re: passwords in clear text

Yes - .netrc is clear text - but only the owner and root can view it (should be 400 )... Also, during the transmission the passsword is sent un encrypted!

You would be better trying to architect a sftp solution.

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Reply
Manuel Contreras
Regular Advisor

тАО09-22-2006 10:27 AM

тАО09-22-2006 10:27 AM

Re: passwords in clear text

how about scp?

syntax:
scp file1 file2 files*.x user@targetBOX:~ (for user home) or :/directory/ (for specific target directory)

do a man on scp for additional info...

If you setup authorized_keys, it will take care of authenticating the connection = no password prompt.
0 Kudos
Reply
Bill Hassell
Honored Contributor

тАО09-23-2006 03:27 AM

тАО09-23-2006 03:27 AM

Re: passwords in clear text

There is no way to modify ftp to hide passwords. The protocol is decades old and any change will break compatibility. The .netrc solution is nothing but removing the password keystrokes from the keyboard. The local .netrc file is protected in the local client with 600 permissions but when ftp is used, it simply grabs the local login/password and transmits the information in clear text -- 'cause that's all ftp understands.

Security should be looked at as black and white. If the transfer must be secure, hiding the password will do nothing to protect your data transfer -- the data is still in clear text form. The only solution is SSH (with scp) where not only the login/password are encrypted but also the data. Either your data must be secure, or not secure. 'stuck with ftp' doesn't work for auditors.


Bill Hassell, sysadmin
0 Kudos
Reply
Arturo Galbiati
Esteemed Contributor

тАО09-24-2006 08:42 PM

тАО09-24-2006 08:42 PM

Re: passwords in clear text

Hi,
as already suggested you can use .netrc to avoid to have password in clear in the scripts. If you want to have password not in clear on you server as well this is teh solution I use:
1. I have a central password file crypted
2. I have some functions/scripts to get password from this file
3. I use them in my scripts

Pros:
. only one file with password to manage
. proven solution
. no clear password on teh system

Let me know if you are interested in this and I can provide you the scripts

HTH,
Art

0 Kudos
Reply
J Busch
Advisor

тАО09-25-2006 11:40 PM

тАО09-25-2006 11:40 PM

Re: passwords in clear text

art, sorry not getting back sooner we had a server go out on us.

Yes could i get a copy of your scripts.

Hopefully in the future i can get our suppliers away from ftp but for now that is what they want to use.
0 Kudos
Reply
Vibhor Kumar Agarwal
Esteemed Contributor

тАО09-25-2006 11:49 PM

тАО09-25-2006 11:49 PM

Re: passwords in clear text

You can use the crypt command to encrypt your passwords.

Now use that thing to pass the input to .netrc.
Vibhor Kumar Agarwal
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.