Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

SSH login and crypt password

12 views
Skip to first unread message

Drum

unread,
Sep 21, 2005, 11:56:58 AM9/21/05
to
Hi,

i need to automate ssh login to a server with tcl and expect.
It works. The only problem that i have, is that I don't want
type password each time I try to connect, and I can't use the
DSA SSH keys to use keys instead of password, because my sysadmin
has blocked it.

So I can put my password in my tcl source code, but write it
in plain text is not correct. I need some piece of codes,
some extensione or some ideas to write my password in a
cryptic form, then tcl can read it, decrypt and send to ssh
server.

Bye.


--
Posted via Mailgate.ORG Server - http://www.Mailgate.ORG

MH

unread,
Sep 21, 2005, 6:11:29 PM9/21/05
to
In article <da1a715e3a90004425a...@mygate.mailgate.org>,

Drum <matteo....@dada.net> wrote:
>Hi,
>
>i need to automate ssh login to a server with tcl and expect.
>It works. The only problem that i have, is that I don't want
>type password each time I try to connect, and I can't use the
>DSA SSH keys to use keys instead of password, because my sysadmin
>has blocked it.
>
>So I can put my password in my tcl source code, but write it
>in plain text is not correct. I need some piece of codes,
>some extensione or some ideas to write my password in a
>cryptic form, then tcl can read it, decrypt and send to ssh
>server.

How secure does this have to be? Is it enough to have a somewhat encrypted
version of the password so that someone else won't be able to guess it
directly, or does it have to be REALLY secure?

If it's something simple, maybe just base-64 encoding and reversing the
password would work? That way, the length and the string are different, and
a simple guess won't work.

Mattias

yahalom

unread,
Sep 22, 2005, 12:24:36 AM9/22/05
to
you can byte compile the code using tclcompiler.

Wojciech Kocjan

unread,
Sep 22, 2005, 3:30:20 AM9/22/05
to
On Thu, 22 Sep 2005 06:24:36 +0200, yahalom <yaha...@XOR-T.COM> wrote:
> you can byte compile the code using tclcompiler.

In that case the password will be ASCII85 encoded with some prefix and
suffix code. But then again it would be pretty decodable by sourcing it
with Tcl and [info vars]. Unless you'd strip the tbc code and call
revelant function yourself.

Anything that can be read by the script without any additional information
will also be readable by others (or at least root). If you can live with
that, then just do a ~/.sshpass with 0700 permission and there's no real
better way. I do not consider security by obscurity a good choice.

--
Using Opera's revolutionary e-mail client: http://www.opera.com/mail/

0 new messages