5

I want to write a bash script that will execute one command in the script, and the command need read some thing as password. So how can I pass the password to the command in the script?

$ota_gen -k $ota_key -i $1 -p $ota_tools $2 $ota_out_file

ota_key is a private key that need to be visited with a password, so how can I do it? thank you.

ps: thanks hlovdal for help. expect maybe what can help. But I don't know if it can interact with bash script, such as how to pass parameters from script to expect.

jingmin zhang
  • 63
  • 1
  • 1
  • 7

3 Answers3

3

A quite common tool for feeding programs with proper input (like for instance passwords) non-interactively is the tool expect. The following example is given on the wikipedia page:

# Assume $remote_server, $my_user_id, $my_password, and $my_command were read in earlier 
# in the script.
# Open a telnet session to a remote server, and wait for a username prompt.
spawn telnet $remote_server
expect "username:"
# Send the username, and then wait for a password prompt.
send "$my_user_id\r"
expect "password:"
# Send the password, and then wait for a shell prompt.
send "$my_password\r"
expect "%"
# Send the prebuilt command, and then wait for another shell prompt.
send "$my_command\r"
expect "%"
# Capture the results of the command into a variable. This can be displayed, or written to disk.
set results $expect_out(buffer)
# Exit the telnet session, and wait for a special end-of-file character.
send "exit\r"
expect eof
hlovdal
  • 26,565
  • 10
  • 94
  • 165
1

OK, I google and get the answer of how to interact with expect in bash script. I have added lines bellow in my script.Ant it tack effect.

th

    EXEC=$(expect -c "
spawn $ota_gen -k $ota_key -i $1 -p $ota_tools $2 $ota_out_file
expect \"Enter password for .... key>\"
send \"$PASSWD\r\"
interact
")
    echo $EXEC
jingmin zhang
  • 63
  • 1
  • 1
  • 7
1

If you are passing sensitive information around and use it regularly you are probably best encrypting it.

Putting something like

#create key as follows - will prompt for password
#echo -n 'secret you want encrypted' | openssl enc -aes-256-cbc  -a -salt -pbkdf2|base64
export MY_SECRET='VTJGc2RHVmtYMTlzVnBGWXNYUitLWlpYT3BWdStaQXJXeUVwc1JORnFsNWswZXJKT1dkRWpsWkxLWVFnK1hONQo='

Into your .bashrc will give you an encrypted environment variable that you can access where ever you need a secret, and you will be prompted for you passphrase/password that you used when creating the environment variable.

In the example above it is 'secret'

You access it is a command as follows

`echo $MY_SECRET|base64 --decode|openssl enc -aes-256-cbc -a -d -salt -pbkdf2 `

e.g.

xfreerpd /parameters.... /p:`echo $MY_SECRET|base64 --decode|openssl enc -aes-256-cbc -a -d -salt -pbkdf2`

For your query where $ota_key is the secret

$ota_gen -k $ota_key -i $1 -p $ota_tools $2 $ota_out_file

You can create the variable as follows

ota_key=`echo -n 'secret you want encrypted' | openssl enc -aes-256-cbc  -a -salt -pbkdf2|base64`

Then use it as follows

$ota_gen -k `echo $ota_key|base64 --decode|openssl enc -aes-256-cbc -a -d -salt -pbkdf2 ` -i $1 -p $ota_tools $2 $ota_out_file

openssh will prompt you for a password to encrypt and decrypt each time, you can supply one as part of the command, but then you are just hiding things from the history etc. Have a look at https://www.tecmint.com/generate-encrypt-decrypt-random-passwords-in-linux/ for some info on using openssh for this. https://www.serverlab.ca/tutorials/linux/administration-linux/how-to-base64-encode-and-decode-from-command-line/ for base64 and How to assign an output to a shellscript variable? for different options on command substitution I have used back-tick ` above

PS Adding a function like

get-key()
{
 echo -n "$1"|base64 --decode|openssl enc -aes-256-cbc -a -d -salt -pbkdf2
}

To your bashrc gives you quick access to the secret if you need it

Ronald Duncan
  • 131
  • 1
  • 5