Subscribe
Home Craft How to Use Encrypted Passwords in Shell Scripts on Linux

How to Use Encrypted Passwords in Shell Scripts on Linux

by Staff
0 comment

Bash scripts are an important part of a system administrator’s job. They allow you to automate both mundane and critical tasks.


One of the best things with scripts is that they can run independently without human intervention, but sometimes it can be challenging to automate tasks that require user passwords. Let’s look at how you can securely automate scripts that require passwords without compromising security.


Creating a Simple Script

Let’s assume that you want to create a simple script that backups up your Linux home folder to a remote location so that you can easily restore your data in case of data loss.

Start by creating a Bash script file in your home folder, using the touch command or any other method, and name it backup_home.sh. Feel free to use any name and directory of your liking.

The script uses the rsync command, a powerful file copying tool, in order to back up all files in your local home directory to a remote server.

Copy the content of the following script and paste it into your Bash file. Remember to replace the user john with the correct name of your local home user. Also provide the correct username and IP address for the remote server.

#!/bin/bash
rsync -avl --mkpath /home/john user_name@remote_server/home/Backup

If you do not have a remote server to test with, you can simply install VirtualBox and set up a VM on your local machine. Use the VM guest as your remote server.

Save the file. To execute the script you need to grant it the execute permission using the command sudo chmod 755. All users can execute the script but only the sudo users can modify the file.

Finally, execute the Bash script from the terminal using the command:

./backup_home.sh

Whenever you run this script, you’ll be prompted to enter the remote server password. This is not ideal if you want to run the script without human intervention, such as when using Cron.

Automating Password Login

Install sshpass, a non-interactive password provider, on your local PC or the PC from which you will run the script from.

On Debian-based distros

If you are on a Debian-based distro such as Ubuntu, Pop!_OS, and Lubuntu:

sudo apt update && sudo apt install sshpass

On RHEL and Fedora

dnf install sshpass

After installing sshpass modify the script so that it looks as follows.

#!/bin/bash
sshpass -p "yourpassword" rsync -avl --mkpath /home/john [email protected]_server/home/Backup

Here you provide the password in plain text. Obviously, this is not the ideal way, since it’s not secure and not good practice. If the script ever lands in the wrong hands, you are in deep trouble.

To make this more secure, we’ll use GnuPG, a secure and open-source encryption tool.

Encrypting Your Password

GnuPG is installed by default on most Linux systems, but in case it is not installed on your system, here’s how to install GnuPG.

Create a hidden file named secrets using the command touch .secrets. Since we’ve made the file hidden by default as an extra security measure, here’s how you can view hidden files on Linux.

In the secrets file, enter the password of your remote PC and save it.

Next, encrypt the file using the gpg command.

sudo gpg .secrets

You’ll be prompted to enter a secure and strong passphrase for opening the encrypted file.

GnuPG will create a new file with the extension .gpg appended to the old file name. Your new file name should now be secrets.gpg, assuming you used the secrets filename.

If you view the content of secrets.gpg using the cat command, you’ll be presented with some gibberish text to show that your password is encrypted.

To view the contents of the file in plain text, you’ll need to decrypt it using the following command (you’ll be prompted to enter the password you set during encryption):

gpg -dq secrect.gpg

Using an Encrypted Password in Your Script

To use the encrypted password in the script, update the script as follows:

#!/bin/bash
gpg -dq secrets.gpg | sshpass rsync -avl --mkpath /home/john user_name@remote_server/home/Backup

Run the backup scripts again, and this time you’ll not be prompted for a password.

Automate Tasks With Bash Scripts

GnuGP is frequently used for securing sensitive files and data on your PC and is also a great tool for securing passwords in automated Bash scripts on Linux.

There’s a lot you can do with Bash scripts. Bash is a powerful tool that can help you automate a lot of stuff on Linux and learning to write Bash scripts is a worthwhile investment.



Read the full article here

SaleBestseller No. 1
Apple AirPods Max Wireless Over-Ear Headphones. Active Noise Cancelling, Transparency Mode, Spatial Audio, Digital Crown for Volume Control. Bluetooth Headphones for iPhone - Green
Apple AirPods Max Wireless Over-Ear Headphones. Active Noise Cancelling, Transparency Mode, Spatial Audio, Digital Crown for Volume Control. Bluetooth Headphones for iPhone - Green
 Apple-designed dynamic driver provides high-fidelity audio; Active Noise Cancellation blocks outside noise, so you can immerse yourself in music
$449.99
SaleBestseller No. 3
Apple iPad Air 2, 64 GB, Space Gray (Renewed)
Apple iPad Air 2, 64 GB, Space Gray (Renewed)
Apple iOS 8; 9.7-Inch Retina Display; 2048x1536 Resolution; A8X Chip with 64-bit Architecture; M8 Motion Coprocessor
$129.99
SaleBestseller No. 4
2021 Apple 10.2-inch iPad (Wi-Fi, 64GB) - Silver
2021 Apple 10.2-inch iPad (Wi-Fi, 64GB) - Silver
Gorgeous 10.2-inch Retina display with True Tone; A13 Bionic chip with Neural Engine; 8MP Wide back camera, 12MP Ultra Wide front camera with Center Stage
$269.99
Bestseller No. 5
2022 Apple TV 4K Wi‑Fi with 64GB Storage (3rd Generation)
2022 Apple TV 4K Wi‑Fi with 64GB Storage (3rd Generation)
4K Dolby Vision and HDR10+ for vivid picture quality; Dolby Atmos for three-dimensional, theater-like sound
$123.49
Bestseller No. 7
Apple AirTag 4 Pack
Apple AirTag 4 Pack
Keep track of and find your items alongside friends and devices in the Find My app; Simple one-tap setup instantly connects AirTag with your iPhone or iPad
Bestseller No. 8
Apple MacBook Air with Intel Core i5, 1.6GHz, (13-inch, 4GB,128GB SSD) - Silver (Renewed)
Apple MacBook Air with Intel Core i5, 1.6GHz, (13-inch, 4GB,128GB SSD) - Silver (Renewed)
1.6 GHz dual-core Intel Core i5 (Turbo Boost up to 2.7 GHz) with 3 MB shared L3 cache; 13.3-Inch (diagonal) LED-backlit Glossy Widescreen Display, 1440 x 900 resolution
$305.00
Bestseller No. 9
Apple Of My Eye
Apple Of My Eye
Amazon Prime Video (Video on Demand); Amy Smart, Burt Reynolds, Liam McIntyre (Actors); Castille Landon (Director) - Castille Landon (Writer) - Dori A. Rath (Producer)
$3.99
SaleBestseller No. 10
Apple 35W Dual USB-C Port Compact Power Adapter ​​​​​​​
Apple 35W Dual USB-C Port Compact Power Adapter ​​​​​​​
The compact size and folding prongs make it easy to pack and store.; Charging cable sold separately.
$52.00

You may also like

Leave a Comment

Iman Hearts is one of the biggest lifestyle news and articles portals, we provide the latest news and articles about family, lifestyle, entertainment, and many more, follow us to get the latest news about what matters to you.

 

© 2022 Iman Hearts. All rights reserved. Sitemap