Home > Archive > Tcl > September 2005 > SSH login and crypt password
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
SSH login and crypt password
|
|
|
| Hi,
i need to automate ssh login to a server with tcl and expect.
It works. The only problem that i have, is that I don't want
type password each time I try to connect, and I can't use the
DSA SSH keys to use keys instead of password, because my sy min
has blocked it.
So I can put my password in my tcl source code, but write it
in plain text is not correct. I need some piece of codes,
some extensione or some ideas to write my password in a
cryptic form, then tcl can read it, decrypt and send to ssh
server.
Bye.
--
Posted via Mailgate.ORG Server - http://www.Mailgate.ORG
| |
|
| In article <da1a715e3a90004425ad98b347858ec7.141770@mygate.mailgate.org>,
Drum <matteo.niccoli@dada.net> wrote:
>Hi,
>
>i need to automate ssh login to a server with tcl and expect.
>It works. The only problem that i have, is that I don't want
>type password each time I try to connect, and I can't use the
>DSA SSH keys to use keys instead of password, because my symin
>has blocked it.
>
>So I can put my password in my tcl source code, but write it
>in plain text is not correct. I need some piece of codes,
>some extensione or some ideas to write my password in a
>cryptic form, then tcl can read it, decrypt and send to ssh
>server.
How secure does this have to be? Is it enough to have a somewhat encrypted
version of the password so that someone else won't be able to guess it
directly, or does it have to be REALLY secure?
If it's something simple, maybe just base-64 encoding and reversing the
password would work? That way, the length and the string are different, and
a simple guess won't work.
Mattias
| |
| yahalom 2005-09-22, 3:58 am |
| you can byte compile the code using tclcompiler.
| |
| Wojciech Kocjan 2005-09-22, 3:58 am |
| On Thu, 22 Sep 2005 06:24:36 +0200, yahalom <yahalome@XOR-T.COM> wrote:
> you can byte compile the code using tclcompiler.
In that case the password will be ASCII85 encoded with some prefix and
suffix code. But then again it would be pretty decodable by sourcing it
with Tcl and [info vars]. Unless you'd strip the tbc code and call
revelant function yourself.
Anything that can be read by the script without any additional information
will also be readable by others (or at least root). If you can live with
that, then just do a ~/.sshpass with 0700 permission and there's no real
better way. I do not consider security by obscurity a good choice.
--
Using Opera's revolutionary e-mail client: http://www.opera.com/mail/
|
|
|
|
|