How to Use Encrypted Password in Linux Bash Shell Script
Abstract: use below openssl command in your linux system. $ echo "[email protected]#2" | openssl enc -aes-256-cbc -md sha512 -a -pbkdf2 -iter 100000 \$ echo "[e
It is always recommended to use encrypted passwords in Linux bash shell scripts. Typically, in bash shell script we may need password for remote user while connecting to remote system, ftp user and proxy user etc. In this article, we will cover how to encrypt password using openssl command and then will see how this encrypted password can be used in bash shell script.
Encrypt Password Using OpensslLet’s assume we want to connect to remote system over ssh using password inside a shell script. To encrypt a password, use below openssl command in your linux system.
$ echo "[email protected]#2" | openssl enc -aes-256-cbc -md sha512 -a -pbkdf2 -iter 100000 \ -salt -pass pass:[email protected]#
Note: String followed by echo command ‘[email protected]#2’ is the password string that we want to encrypt it and ‘[email protected]#’ is the password that is used during the encryption. If the openssl version is 1.1.0 or less then skip these two options ‘-pbkdf2 -iter 100000’
To save the encrypted password to a file use the following command,
$ echo "[email protected]#2" | openssl enc -aes-256-cbc -md sha512 -a -pbkdf2 -iter 100000 \ -salt -pass pass:[email protected]# > secret.txt
Set the following permissions on secret.txt file using chmod command,
$ chmod 600 secret.txtDecrypt Encrypted Password Using Openssl
To decrypt the password, run below
$ cat secret.txt | openssl enc -aes-256-cbc -md sha512 -a -d -pbkdf2 -iter 100000 \ -salt -pass pass:[email protected]# [email protected]#2 $
Note: If you have noticed carefully, we have used ‘-d’ option to decrypt.
Use Encrypted Password in Bash Shell ScriptUse the below sample shell script which will use encrypted password while connecting to remote system over ssh.
$ vi sample.sh #!/bin/bash USERNAME=devops PASSWD=`cat secret.txt | openssl enc -aes-256-cbc -md sha512 -a -d -pbkdf2 \ -iter 100000 -salt -pass pass:[email protected]#` REMOTE=10.20.0.20 sshpass -p $PASSWD ssh -o StrictHostKeyChecking=no [email protected]$REMOTE \ 'dmesg -Tx | grep -i error' > /tmp/a.tmp
save and close the file.
Make the script executable by running beneath command,
$ chmod +x sample.sh
Now run the script to verify whether encrypted is successfully used to connect to remote system.
[[email protected] ~]$ ./sample.sh Or [[email protected] ~]$ bash -x sample.sh + USERNAME=devops ++ openssl enc -aes-256-cbc -md sha512 -a -d -pbkdf2 -iter 100000 -salt \ -pass pass:[email protected]# ++ cat secret.txt + [email protected]#2 + REMOTE=10.20.0.20 + sshpass -p [email protected]#2 ssh -o StrictHostKeyChecking=no [email protected] \ 'dmesg -Tx | grep -i error'
Perfect, above output confirms that encrypted is decrypted during the execution.
Let’s verify the contents of /tmp/a.tmp file,
[[email protected] ~]$ cat /tmp/a.tmp kern :info : [Thu Jun 3 13:36:51 2021] RAS: Correctable Errors collector\ initialized. kern :err : [Thu Jun 3 13:36:53 2021] [drm:vmw_host_log [vmwgfx]] *ERROR*\ Failed to send log kern :err : [Thu Jun 3 13:36:53 2021] [drm:vmw_host_log [vmwgfx]] *ERROR* \ Failed to send log [[email protected] ~]$
Above output confirms that script is able to capture output of dmesg command. That’s all from article. I hope you got an idea how we can use encrypted password inside a shell script.
