How to Use Encrypted Passwords in Shell Scripts on Linux
Bash scripts are an important part of a system administrator’s job. They allow you to automate both mundane and critical tasks.
One of the best things with scripts is that they can run independently without human intervention, but sometimes it can be challenging to automate tasks that require user passwords. Let’s look at how you can securely automate scripts that require passwords without compromising security.
Creating a Simple Script
Let’s assume that you want to create a simple script that backups up your Linux home folder to a remote location so that you’re able to easily restore your data in case of data loss.
Start by creating a Bash script file in your home folder,using the touch commandor any other method, and name itbackup_home.sh.Feel free to use any name and directory of your liking.
The script uses thersynccommand, a powerful file copying tool, for back up all files in your local home directory to a remote server.
Copy the content of the following script and paste it into your Bash file. Remember to replace the user john with the correct name of your local home user. Also provide the correct username and IP address for the remote server.
If you do not have a remote server to test with, you can simplyinstall VirtualBox and set up a VMon your local machine. Use the VM guest as your remote server.
Save the file. To execute the script you need to grant it the execute permission using the commandsudo chmod 755.All users can execute the script but only the sudo users can modify the file.
Finally, execute the Bash script from the terminal using the command:
Whenever you run this script, you’ll be prompted to enter the remote server password. This is not ideal if you want to run the script without human intervention, such as when using Cron.
Automating Password Login
Installsshpass, a non-interactive password provider, on your local PC or the PC from which you will run the script from.
On Debian-based distros
If you are on a Debian-based distro such as Ubuntu, Pop!_OS, and Lubuntu:
On RHEL and Fedora
After installing sshpass modify the script so that it looks as follows.
Here you provide the password in plain text. Obviously, this is not the ideal way, since it’s not secure and not good practice. If the script ever lands in the wrong hands, you are in deep trouble.
To make this more secure, we’ll use GnuPG, a secure and open-source encryption tool.
Encrypting Your Password
GnuPG is installed by default on most Linux systems, but in case it is not installed on your system,here’s how to install GnuPG.
Create a hidden file namedsecretsusing the commandtouch .secrets. Since we’ve made the file hidden by default as an extra security measure, here’s how you canview hidden files on Linux.
In the secrets file, enter the password of your remote PC and save it.
Next, encrypt the file using thegpgcommand.
You’ll be prompted to enter a secure and strong passphrase for opening the encrypted file.
GnuPG will create a new file with the extension.gpgappended to the old file name. Your new file name should now besecrets.gpg, assuming you used thesecretsfilename.
If you view the content of secrets.gpg using thecatcommand, you’ll be presented with some gibberish text to show that your password is encrypted.
To view the contents of the file in plain text, you’ll need to decrypt it using the following command (you’ll be prompted to enter the password you set during encryption):
Using an Encrypted Password in Your Script
To use the encrypted password in the script, update the script as follows:
Run the backup scripts again, and this time you’ll not be prompted for a password.
Automate Tasks With Bash Scripts
GnuGP is frequently used for securing sensitive files and data on your PC and is also a great tool for securing passwords in automated Bash scripts on Linux.
There’s a lot you can do with Bash scripts. Bash is a powerful tool that can help you automate a lot of stuff on Linux and learning to write Bash scripts is a worthwhile investment.
You can use Bash scripts to automate all sorts of tasks. Get to grips with the fundamentals and begin your Bash scripting journey.
It saves me hours and keeps my sanity intact.
I plugged random USB devices into my phone and was pleasantly surprised by how many actually worked.
My iPhone does it all, but I still need my dumb phone.
Your phone is a better editor than you give it credit for.
Not all true crime is about hacking, slashing, and gore.
