How to Use Encrypted Passwords in Bash Scripts – Guide

Shell scripts are not as important as you might think. If someone finds out your password, they can easily access your account and all of your data. However, if you use a script, there are several options you have. One is to enter the password manually, but that will not work if the script is running unattended. There is also an option to encode passwords in the script, thankfully. Surprisingly, it does this through the use of a unique password and strong encryption.

To connect to a Fedora Linux computer using SSH, we will use a Bash shell script. We will not enter the remote account password in the script because it must run unattended.

How to Knife

Installing OpenSSL and sshpass

OpenSSL is a widely used encryption and security tool. If it isn’t already installed on your computer, installing it takes only a second. ..

sudo apt-get update sudo apt-get install ubuntu-desktop

sudo apt-get install openssl OpenSSL is a cryptographic library that provides support for secure communications. ..

ssh-keygen -t rsa -f ~/.ssh/id_rsa This will create a new private key in your home directory and store it in ~/.ssh/id_rsa. You can then use this key to log into your server using the following command: ssh username@server ..

sudo apt install sshpass

sudo dnf install fedora-release To install Fedora, type: sudo dnf install fedora ..

This will install the OpenSSL library and related tools. ..

put insshpass

sudo dnf install sshpass

Install the package manager: sudo apt-get install software-properties-common
Add the OpenSSL repository: sudo add-apt-repository ppa:manjaro/manjaro-keyring
Update the package list and install OpenSSL:
Restart the computer to apply the changes: sudo apt-get update && sudo apt-get upgrade && sudo reboot ..

sudo pacman -S openssl

sudo apt-get install insshpass

sudo pacman -S sshpass

Encrypting from the command line

To encrypt a password using the openssl command, we need to first create a new file called “openssl.cnf” in our user’s home directory. This file contains the following:

openssl configuration

user_id “YourUserID”

passphrase “YourPassword”

Next, we need to use the openssl command to encrypt our password. The syntax for this command is as follows: The first argument is the name of the file we want to encrypt, in this case “openssl.cnf”. The second argument is the password you want to protect. The third argument is whether or not you want to use a keypair (yes/no). If you choose yes, then the fourth and fifth arguments are also needed: The sixth and seventh arguments are optional; they are used if you don’t want to use a keypair and just want to encrypt the password without any protection. If you don’t include these arguments, then OpenSSL will default to using a public key instead of a private key for encryption.

We want to provide an encryption password as soon as possible. The encryption password is used in the encryption and decryption processes. There are many parameters and options in the openssl command. Let’s check each of them in a second. ..

echo ‘rusty!herring.pitshaft’ | openssl enc -aes-256-cbc -md sha512 -a -pbkdf2 -iter 100000 -sal -pass go:’decide.your.password’

We are using the echoto command to send the password of the distant account through a pipe and in the openssl command.

The noun: “the”
The article’s focus: “the election”
The verb: “to be”
The subject of the sentence: “Hillary Clinton”

The encoding type is Advanced Encryption Standard 256-bit key encryption with cipher block chaining.

-md sha512: The message digest type (hash). We are using the SHA512 cryptographic algorithm.

-b: This openssl to use base-64 encoding after the encryption part and before the decryption part.

-The use of PBKDF2 makes it more difficult for a brute force attack to guess your password.

-PBKDF2(n, seed) : Sets the PBKDF2 algorithm used. -PBKDF2(n, seed, iterations) : Sets the number of iterations for the PBKDF2 algorithm.

-sal: A salt value can be used to create an encrypted output that is completely different each time, even when the plain textual content is similar.

We want to use the password “decide.your.password” to decrypt the encrypted distant password. This is a strong password of your choice that you should be sure to remember. ..

The encrypted password for our website is written to the terminal window.

To decrypt this, we need to use the same encryption key and parameters as we used to encrypt it, but with the -d(decrypt) option added.

echo -e “U2FsdGVkX19iiiRNhEsG+wm/uKjtZJwnYOpjzPhyrDKYZH5lVZrpIgo1S0goZU46” | openssl enc -aes-256-cbc -md sha512 -a -d -pbkdf2 -iter 100000 -sal -pass go:’decide.your.password’ ..

The text on the terminal window is encrypted with our unique password, and the content of the distant consumer account is written to the screen.

This proves that we are able to securely encrypt our consumer account password. We can also decrypt it whenever we want, using the password that we offer in the encryption part.

Does this really improve our scenario? If we want the encryption password to decrypt the distant account password, should the decryption password be inside the script? Well, of course he does. But the encrypted remote consumer account password will likely be saved in a separate, hidden file. The permissions on the file will prevent anyone, be it you – and the root consumer of the system, clearly – from accessing it.

To encrypt the output of the encryption command to a file, we can use redirection. The file known as “.secret_vault.txt” will be encrypted with a more robust encryption password than the one used to encrypt the output of the encryption command.

The above command will create a file called .secret_vault.txt with the following content: secret#vault!password

The password is encrypted and sent to the file “.secret_vault.txt”.

We were able to decrypt the password inside the hidden file using cat. This confirms that the hack worked. ..

The cat.secret_vault.txt file contains a secret password that is protected by the AES-256-cbc cipher and the MD5 hash algorithm. The file is opened with the openssl enc -aes-256-cbc -md sha512 -a -d -pbkdf2 -iter 100000 command, and the resulting text is encrypted with the AES-256-cbc cipher and the MD5 hash algorithm. The password is then stored in a secure location using the go:’secret#vault!password’ command.

The password is efficiently encrypted from the information contained in the file. We will use chmod to change the permissions of this file so that no one else can access it.

The ls -l command shows that the file .secret_vault.txt has been modified.

With permission masks of 600, only the owner of the file can access its entries. This means we can now begin writing our script. ..

Using OpenSSL in a Script

Our story is about a young woman who is in love with a man who is in love with another woman. They are both in love with each other, but they can’t seem to get along. They are both trying to figure out how to make things work for them both, but they can’t seem to get along.

This script will run every day at 7am, and will print the remote user’s name and password in the file called script.log.

We set a variable called REMOTE_USER to “geek” and assigned it to the variable “geek”.

Next, we set a variable called REMOTE_PASSWD to the decrypted password value extracted from the “.secret_vault.txt” file, using the identical command we used a second time.

The location of the distant computer is saved in a variable called REMOTE_LINUX. ..

With this data, we can use ssh command to connect to a remote computer.

Thesshpasscommand is a command used to specify a password for the ssh command. This allows you to use the ssh command with a password instead of just your name.

We use sshas because we don’t need to allocate a TTY on the distant computer.

We’re using a Bash script to send a command to the remote computer.

The command sent to the distant computer records the consumer’s account title and timestamp in a file called “script.log”.

#!/bin/bash REMOTE_ADDRESS=“192.168.1.1” REMOTE_USER=“root” REMOTE_ACCOUNT=“root” REMOTE_PASSWORD=“password” if [ -z “$REMOTE_ADDRESS” ]; then echo “ERROR: Cannot find remote address $REMOTE_ADDRESS.” exit 1 fi if [ -z “$REMITE_USER” ]; then echo “ERROR: Cannot find remote user $REMOTE_USER.” exit 1 fi if [ -z “$REMOTE_ACCOUNT” ]; then echo “ERROR: Cannot find remote account $REMOTE_ACCOUNT.” exit 1 fi if [ -z “$REMOTE_PASSWORD” ]; then echo “ERROR: Cannot find remote password $REMITE_PASSWORD.” exit 1 fi

To make the script executable, use the chmod command. ..

This is the last thing left to do. Let’s cherish up our script.

As our script is a minimalistic model for a standalone script, there is no output to the terminal. But if we examine the “script.log” file on Fedora pc, we can see that the distant connections were made efficiently and that the “script.log” file was up to date with timestamps.

Your password is private

Your remote account is not registered in the script.

The password to the distant account is not easily accessible, as it is encrypted within the script. ..

Final note

This guide is about how to use encrypted passwords in Bash scripts. If you have any query about this article, you may ask us. Additionally, please share your love by sharing this article with your friends.

How to Use Encrypted Passwords in Bash Scripts – Guide#

How to Knife#

Installing OpenSSL and sshpass#

Encrypting from the command line#

openssl configuration#

user_id “YourUserID”#

passphrase “YourPassword”#

Using OpenSSL in a Script#

Your password is private#

Final note#

Related Video#