HPE Community
Operating System - HP-UX
1822985 Members
3802 Online
109645 Solutions
New Discussion юеВ

Re: Encrypted username and password running sftp

 
SOLVED
Go to solution
Dewa Negara_4
Regular Advisor

тАО09-06-2004 04:07 PM

тАО09-06-2004 04:07 PM

Encrypted username and password running sftp

Hi All,

Pls help. I tend to running sftp using the follwing script. The script is runing well so far, but the problem is we have to put username and password on the script, so it is not really secure (a vulnerability hole)

Is there any way how to encrypt and decrypt username and password for the script?

Pls help, high score will be given.

Thanks and Best Regards,
Negara

[ap1030@sihp8012:/home/ap1030]
$ more ftp
sftp sihp8024 <<-EOF > /dev/null 2>&1
user ap1030 123abc
ascii
get test_file
bye
EOF
Santos
0 Kudos
Reply
4 REPLIES 4
Muthukumar_5
Honored Contributor

тАО09-06-2004 05:03 PM

тАО09-06-2004 05:03 PM

Solution

Re: Encrypted username and password running sftp

If we are having a requirement to run sftp in interactive mode then we have to do as like your script.

We can secure as,

1. Try to change the permission to 700 so that owner will be able read / write / execute it.

2. Don't use direct passwd on script.

You can redirect it with some other variable as,

echo "Enter your passwd to access"
read passwd

# check the passwd with login service and return value
su - ap1030

# It will ask passwd to check rights. Check return type to further proceed it as,
if [[ $? -eq 0 ]]
then
echo "Warning: No right to login here"
exit 1
fi

## script ###
sftp sihp8024 <<-EOF > /dev/null 2>&1
user ap1030 $passwd
ascii
get test_file
bye
EOF

- Muthu
Easy to suggest when don't know about the problem!
Reply
Dewa Negara_4
Regular Advisor

тАО09-06-2004 06:17 PM

тАО09-06-2004 06:17 PM

Re: Encrypted username and password running sftp

Muthu,

Thanks alot for the great advice.

I am still thinking if I can do an encryption for password to make it more secure. Is there any idea?

Thanks.
Negara
Santos
0 Kudos
Reply
Muthukumar_5
Honored Contributor

тАО09-06-2004 06:28 PM

тАО09-06-2004 06:28 PM

Re: Encrypted username and password running sftp

Dewa,

You are trying this in an interactive setup so that it will complete the operation with user input. To give security, we have to care on passwd.

And more if your modify script so that it will prompt passwd. key thing is, passwd not hardcoded in the script. And your are checking that passwd with the login service to compare the correctness.

Changing the permission of the script will make the full permission to owner only. Other's can not see your script even, and admin user's too have the exact passwd to connect to the remote node.

So *no need to think over in an encryption there. We did strictness to not allow unauthorized. That is enough for this.
Easy to suggest when don't know about the problem!
0 Kudos
Reply
Andrew Cowan
Honored Contributor

тАО09-07-2004 06:45 PM

тАО09-07-2004 06:45 PM

Re: Encrypted username and password running sftp

The easiest and most secure solution is to use keys, and if you want an interactive password, protect the key with a pass-phrase.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.