https://community.hpe.com/t5/operating-system-hp-ux/sftp-using-expect-script/m-p/3375368#M747321 Hi Geoff / Harry, <BR /><BR />Thanks. <BR /><BR />Will the crtificate be able to avoid hard-coded passord?<BR /><BR />What is the steps do configure the certificate? Sorry because this is really new for me. <BR /><BR />Thanks.<BR />Negara Thu, 09 Sep 2004 21:51:37 GMT Dewa Negara_4 2004-09-09T21:51:37Z https://community.hpe.com/t5/operating-system-hp-ux/sftp-using-expect-script/m-p/3375365#M747318 Hi All, <BR /><BR />I am running SFTP using expect script below :<BR /><BR />#!/usr/local/bin/expect<BR />spawn sftp -b batchFile <USER>@<REMOTEHOSTS><BR />expect "password:"<BR />send "<PASSWORD>\n";<BR />interact<BR /><BR />Is there any way how to prevent from hard-code the password in the script? Can we hidden the password? I just want to mitigate the security risk for the script. <BR /><BR />Pls help. High score will be given. <BR /><BR />Thanks and Best Regards,<BR />Negara<BR /><BR /></PASSWORD></REMOTEHOSTS></USER> Thu, 09 Sep 2004 03:29:48 GMT https://community.hpe.com/t5/operating-system-hp-ux/sftp-using-expect-script/m-p/3375365#M747318 Dewa Negara_4 2004-09-09T03:29:48Z https://community.hpe.com/t5/operating-system-hp-ux/sftp-using-expect-script/m-p/3375366#M747319 <BR />Make the script only readable and executable by root (chmod 500 scriptname) or write a C program that creates the script on the fly and then executes it, or write the program in perl and then compile (perlcc) it. You will have to make sure you don't put the passwd in a contiguous string.<BR /><BR />live free or die<BR />harry Thu, 09 Sep 2004 06:19:01 GMT https://community.hpe.com/t5/operating-system-hp-ux/sftp-using-expect-script/m-p/3375366#M747319 harry d brown jr 2004-09-09T06:19:01Z https://community.hpe.com/t5/operating-system-hp-ux/sftp-using-expect-script/m-p/3375367#M747320 That's the downside of sftp with expect - you need to hard code it.<BR /><BR />Now, what you can do, is setup certificates between the sites.<BR /><BR />Rgds...Geoff<BR /><BR /><BR /><BR /> Thu, 09 Sep 2004 07:32:36 GMT https://community.hpe.com/t5/operating-system-hp-ux/sftp-using-expect-script/m-p/3375367#M747320 Geoff Wild 2004-09-09T07:32:36Z https://community.hpe.com/t5/operating-system-hp-ux/sftp-using-expect-script/m-p/3375368#M747321 Hi Geoff / Harry, <BR /><BR />Thanks. <BR /><BR />Will the crtificate be able to avoid hard-coded passord?<BR /><BR />What is the steps do configure the certificate? Sorry because this is really new for me. <BR /><BR />Thanks.<BR />Negara Thu, 09 Sep 2004 21:51:37 GMT https://community.hpe.com/t5/operating-system-hp-ux/sftp-using-expect-script/m-p/3375368#M747321 Dewa Negara_4 2004-09-09T21:51:37Z https://community.hpe.com/t5/operating-system-hp-ux/sftp-using-expect-script/m-p/3375369#M747322 Hi Negara,<BR /><BR />I believe Geoff meant public/private key authentication. All your problems will be simply vanished if you follow that procedures. Check one of your old threads and you will find the procedures posted by myself and others.<BR /><BR />Also, look at the other thread where you mentioned about sftp working with .shosts/.rhosts. I asked you to override PreferredAuthentications options using the command line. I believe you are almost there.<BR /><BR />-Sri Thu, 09 Sep 2004 22:07:03 GMT https://community.hpe.com/t5/operating-system-hp-ux/sftp-using-expect-script/m-p/3375369#M747322 Sridhar Bhaskarla 2004-09-09T22:07:03Z https://community.hpe.com/t5/operating-system-hp-ux/sftp-using-expect-script/m-p/3375370#M747323 Hi Sridhar, <BR /><BR />Thanks. I got a new problem now. The remote server belongs to other company. So we not eligible to suggest them to modify their sshd_config. I have talked to my boss and he agreed to use expect script. But it will be better if the hard-coded password can be prevented. So I am trying to find how can we avoid the hard-coded password in the script. <BR /><BR />Thanks for your help Sridhar. <BR /><BR />Best Regards,<BR />Negara Thu, 09 Sep 2004 22:57:13 GMT https://community.hpe.com/t5/operating-system-hp-ux/sftp-using-expect-script/m-p/3375370#M747323 Dewa Negara_4 2004-09-09T22:57:13Z https://community.hpe.com/t5/operating-system-hp-ux/sftp-using-expect-script/m-p/3375371#M747324 Hi Negara,<BR /><BR />You don't really have much choice other than what Harry already gave you if you are planning to use expect.<BR /><BR />If you have to run it some user, then make sure the permissions are set to only 500 for the script so that others can't read the script.<BR /><BR />If you have to share the password, then create a user say user and a group 'secgrp' with all the users that need to run the script in it. Then put it in a secured directory owned by 'secuser' but to be only read by 'secgrp'. In side that directory change the permissions to '4510' with 'secuser:secgrp' as the ownership. This way only secuser will be able to view the file. Members in secgrp will only be able to execute it as secuser but not read it. <BR /><BR />-Sri Thu, 09 Sep 2004 23:34:32 GMT https://community.hpe.com/t5/operating-system-hp-ux/sftp-using-expect-script/m-p/3375371#M747324 Sridhar Bhaskarla 2004-09-09T23:34:32Z https://community.hpe.com/t5/operating-system-hp-ux/sftp-using-expect-script/m-p/3375372#M747325 Hi Sridhar, <BR /><BR />Thanks alot. <BR /><BR />Then I need to think alternatively using perl or C as suggested by Harry. At least I can make it more secure by compiling the script.<BR /><BR />Thanks.<BR />Negara Fri, 10 Sep 2004 02:04:58 GMT https://community.hpe.com/t5/operating-system-hp-ux/sftp-using-expect-script/m-p/3375372#M747325 Dewa Negara_4 2004-09-10T02:04:58Z https://community.hpe.com/t5/operating-system-hp-ux/sftp-using-expect-script/m-p/3375373#M747326 You can encrypt your whole expect script with ccrypt utility. This is an enhanced version of standard unix crypt utility. It can encrypt and decrypt a file.<BR /><BR />For more details on ccrypt<BR /><BR /><A href="http://sourceforge.net/projects/ccrypt/" target="_blank">http://sourceforge.net/projects/ccrypt/</A><BR /><BR />A pre compiled version for hp-ux is available<BR />from following location<BR /><BR /><A href="http://quasar.mathstat.uottawa.ca/~selinger/ccrypt/" target="_blank">http://quasar.mathstat.uottawa.ca/~selinger/ccrypt/</A><BR /><BR /><BR />After downloading, Just gunzip and untar the package. After setting proper permission (if required), encrypt your expect file.<BR /><BR />for example<BR /><BR /># ./ccrypt -e <FILE_TO_ENCRYPT><BR />Enter encryption key: &lt; set your passphrase&gt;<BR />Enter encryption key: (repeat)<BR /><BR />The encrypted file will be stored as "File_to_encrypt.cpt"<BR /><BR />To decrypt<BR /><BR />./ccrypt -d <FILE name=""><BR /><BR />The file will be retained to original format after you enter the passphrase.<BR /><BR />For more ccrypt advanced options refer README<BR /><BR />So, whenever you need to use sftp just decrypt your expect file on other time keep it as encrypted.<BR /><BR />Hope this helps<BR /><BR /></FILE></FILE_TO_ENCRYPT> Fri, 10 Sep 2004 04:28:26 GMT https://community.hpe.com/t5/operating-system-hp-ux/sftp-using-expect-script/m-p/3375373#M747326 Michael Selvesteen_2 2004-09-10T04:28:26Z https://community.hpe.com/t5/operating-system-hp-ux/sftp-using-expect-script/m-p/3375374#M747327 Hi Michael, <BR /><BR />Thanks alot. <BR /><BR />I have installed the software and it looks fine for me. <BR /><BR />One more problem how can we make encryption/decryption of the script using batch file? Any idea?<BR /><BR />Thanks and Best Regards,<BR />Negara Wed, 15 Sep 2004 23:15:39 GMT https://community.hpe.com/t5/operating-system-hp-ux/sftp-using-expect-script/m-p/3375374#M747327 Dewa Negara_4 2004-09-15T23:15:39Z