Hi All,

I Have shell script like this

I have hard coded my password in set password "XXXXXXXX" like this . I want to encrypt password over there it should not be visible at all.
I have tried using crypt() .. but i am not able to understand how to use that ..

Can any one help me in giving some sample example to encrypt password in shell script please.

Regards

Bala

That is not possible, you will have to decrypt the password with in the script anyway. why don't you use ssh keys if you want to secure your password.

You can use keys and set the remote side to only allow that login to execute specific commands.

Hi,

I have tried using SSH keys but its not working for me .. its again and again prompting me to enter password.

Infact i have tried a lot to debug also for SSH keys no LUCK !!.

Is there any other way to encrypt Hardcoded passwords in shell scripts ?

Regards

Bala

What distros are you using on the client and server side ? It is usually a permissions problem which causes the key to be rejected.

Hi,

I am not able to understand this distros

Regards

What kind of Linux (Fedora|RHEL|Slackware|debian|etc) are you using ?

XXXXXXXXXXXX/apps12i]cat /etc/redhat-release
Red Hat Enterprise Linux AS release 4 (Nahant Update 7)

Regards

Did you read the instructions for configuring public key authentication for ssh in the sshd_config file?
I'm not certain from your post whether you are prompted for the password by ssh, or whether it is an oracle account password or both.

If you have a script or config file that contains a password, you need to take care who has read access to the file. Also if a script contains a password, check if the environment for its process is readible (if it is contained in a variable). A command that takes a password often deletes or blanks out the password argument from the commands argument list as soon as it's read in by the program.

Try if you have selinux on and make sure the permissions on your .ssh are correct ie 0600

I am accessing both the test servers from Putty session .. i have closed the session to restart my session freshly .. i am not able to connect now .. i have to change the config again in sshd_config file .

Normally we access servers though putty only on my machine .. it should prompt for password but it is not ?

I appreciate your response very much .. thank you.

this requirement is only for ssh .. but i have written lots shell scripts to run my oracle scripts to connect to database , Even there also i have hard coded my password .. i would like to encrypt can this be done ?

Regards

Bala

No it cannot be done the remote side does not accept an encrypted password. The best option is to get your keys working.

If you load your private key in the putty keygen program, an openssh style public key is printed near the top of the dialog. However, if I had to use a windows client, I would install cygwin and use cygwin's ssh client.

Running "ssh -vv" will print out debug information. Also check the logs on the server. They may indicate a problem such as permissions.
The permissions of the user's home directory may cause a failure as well.

I had a situation where I used a "AllowUsers" entry using user@host which failed, but user@host.domain worked. It was the reverse DNS lookup phase that caused the the authentication failure.

Hi,

Same issue

ssobtest3.koel.co.in/apps12i]ssh -v oracle@ssobtest1
OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to ssobtest1 [10.1.1.71] port 22.
debug1: Connection established.
debug1: identity file /apps12i/.ssh/identity type -1
debug1: identity file /apps12i/.ssh/id_rsa type -1
debug1: identity file /apps12i/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.9p1
debug1: match: OpenSSH_3.9p1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.9p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'ssobtest1' is known and matches the RSA host key.
debug1: Found key in /apps12i/.ssh/known_hosts:4
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug1: Authentications that can continue: publickey,gssapi-with-mic
debug1: Authentications that can continue: publickey,gssapi-with-mic
debug1: Next authentication method: publickey
debug1: Trying private key: /apps12i/.ssh/identity
debug1: Trying private key: /apps12i/.ssh/id_rsa
debug1: Trying private key: /apps12i/.ssh/id_dsa
debug1: No more authentication methods to try.
Permission denied (publickey,gssapi-with-mic).

Regards

Bala

What do the logs on the server say.
Could you post your sshd_config file (on the server)?

By the way, after installing a new distro and setting up ssh, I will ssh in using username/password and keep that session open. I will test it from another terminal session. that way I can reverse any changes.