Encrypted password in script

Shell Programming and Scripting
1

How to keep encrypted password in a shell script.?

I have the file which has the following:

a.sh
-----
username=abc
password=abc

I will be using this username and password in another script. But I don't want to reveal the password in the script. How to keep the password safe?

Thanks in advance

2

This has been rehashed many times here, over and over and over.

The way to prevent people from reading the file is to prevent them from reading it: chmod o-r filename ; chmod u-r filename ; chmod g-r filename ...and if they have access to root, you cannot protect something running on their machine alone.

shc will not work because they can just strip the text out of the file, or substitute a fake shell to grab the text when it runs.

encryption will not work because the instant you decrypt it to run it, it becomes vulnerable again.

"But what if I added code to (...?) inside the script?" Then you will have created an encrypted program which, if the hacker has any trouble decrypting it himself, politely decrypts itself for him should he try to run it. Dead-end.

What I'm wondering is, what does this password do? Does it connect to another server, a server under your control? Arrangements like that can be used.

3

You can use openssl:

ENCRYPT
echo "secretpassword" | openssl aes-256-cbc -a -salt
enter aes-256-cbc encryption password:
Verifying - enter aes-256-cbc encryption password:
U2FsdGVkX19T5h74/9HOtWBX4WoIggVKksYf7L1WBso=

DECRYPT
echo "U2FsdGVkX19T5h74/9HOtWBX4WoIggVKksYf7L1WBso=" | openssl aes-256-cbc -a -d -salt
enter aes-256-cbc decryption password:
secretpassword
4

How would he actually use this, though? If the script didn't contain a password for the password, it would have to ask for one every time. And if it did contain a password for the password, it would decrypt itself for the hacker's convenience just by running it.

And either way, it's still unprotected from interception before it gets sent to the shell.

I have a faint glimmer of an idea which involves an ssh server set up somewhere just to serve keys... But in the end, it always comes down to running the code somewhere else.