- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- SFTP using expect script
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-08-2004 08:29 PM
тАО09-08-2004 08:29 PM
I am running SFTP using expect script below :
#!/usr/local/bin/expect
spawn sftp -b batchFile
expect "password:"
send "
interact
Is there any way how to prevent from hard-code the password in the script? Can we hidden the password? I just want to mitigate the security risk for the script.
Pls help. High score will be given.
Thanks and Best Regards,
Negara
Solved! Go to Solution.
- Tags:
- sftp
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-08-2004 11:19 PM
тАО09-08-2004 11:19 PM
SolutionMake the script only readable and executable by root (chmod 500 scriptname) or write a C program that creates the script on the fly and then executes it, or write the program in perl and then compile (perlcc) it. You will have to make sure you don't put the passwd in a contiguous string.
live free or die
harry
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-09-2004 12:32 AM
тАО09-09-2004 12:32 AM
Re: SFTP using expect script
Now, what you can do, is setup certificates between the sites.
Rgds...Geoff
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-09-2004 02:51 PM
тАО09-09-2004 02:51 PM
Re: SFTP using expect script
Thanks.
Will the crtificate be able to avoid hard-coded passord?
What is the steps do configure the certificate? Sorry because this is really new for me.
Thanks.
Negara
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-09-2004 03:07 PM
тАО09-09-2004 03:07 PM
Re: SFTP using expect script
I believe Geoff meant public/private key authentication. All your problems will be simply vanished if you follow that procedures. Check one of your old threads and you will find the procedures posted by myself and others.
Also, look at the other thread where you mentioned about sftp working with .shosts/.rhosts. I asked you to override PreferredAuthentications options using the command line. I believe you are almost there.
-Sri
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-09-2004 03:57 PM
тАО09-09-2004 03:57 PM
Re: SFTP using expect script
Thanks. I got a new problem now. The remote server belongs to other company. So we not eligible to suggest them to modify their sshd_config. I have talked to my boss and he agreed to use expect script. But it will be better if the hard-coded password can be prevented. So I am trying to find how can we avoid the hard-coded password in the script.
Thanks for your help Sridhar.
Best Regards,
Negara
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-09-2004 04:34 PM
тАО09-09-2004 04:34 PM
Re: SFTP using expect script
You don't really have much choice other than what Harry already gave you if you are planning to use expect.
If you have to run it some user, then make sure the permissions are set to only 500 for the script so that others can't read the script.
If you have to share the password, then create a user say user and a group 'secgrp' with all the users that need to run the script in it. Then put it in a secured directory owned by 'secuser' but to be only read by 'secgrp'. In side that directory change the permissions to '4510' with 'secuser:secgrp' as the ownership. This way only secuser will be able to view the file. Members in secgrp will only be able to execute it as secuser but not read it.
-Sri
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-09-2004 07:04 PM
тАО09-09-2004 07:04 PM
Re: SFTP using expect script
Thanks alot.
Then I need to think alternatively using perl or C as suggested by Harry. At least I can make it more secure by compiling the script.
Thanks.
Negara
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-09-2004 09:28 PM
тАО09-09-2004 09:28 PM
Re: SFTP using expect script
For more details on ccrypt
http://sourceforge.net/projects/ccrypt/
A pre compiled version for hp-ux is available
from following location
http://quasar.mathstat.uottawa.ca/~selinger/ccrypt/
After downloading, Just gunzip and untar the package. After setting proper permission (if required), encrypt your expect file.
for example
# ./ccrypt -e
Enter encryption key: < set your passphrase>
Enter encryption key: (repeat)
The encrypted file will be stored as "File_to_encrypt.cpt"
To decrypt
./ccrypt -d
The file will be retained to original format after you enter the passphrase.
For more ccrypt advanced options refer README
So, whenever you need to use sftp just decrypt your expect file on other time keep it as encrypted.
Hope this helps
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-15-2004 04:15 PM
тАО09-15-2004 04:15 PM
Re: SFTP using expect script
Thanks alot.
I have installed the software and it looks fine for me.
One more problem how can we make encryption/decryption of the script using batch file? Any idea?
Thanks and Best Regards,
Negara