Using Ubuntu, encrypt passwords in bash

Question

I have two files: one to store passwords and the other to read passwords and establish a database connection.

How can I encrypt my password so that I may read it from another file to access the database?

1) password file

USER="User_Name"

PASS="Pass" # How do I encrypt this password?

2) read the file

. Password.txt 

sqlplus.exe -S ${USER}/${PASS}@DBLINK #How can I decrypt the password and use it here?

Does [this](https://stackoverflow.com/questions/33718005/how-to-encrypt-and-decrypt-a-string-text-in-shell-linux-environment) answer your question? — Ivan, Dec 08 '22 at 10:17
Not really possible. Protect the file `Password.txt` from non-authorized reading. Of course you can encrypt it, but a hacker with access to your system will be able to decrypt it. You will just replace the Oracle password with another password. As long as this other password is somewhere stored in clear text, it does not protect your credentials. — Wernfried Domscheit, Dec 08 '22 at 10:18
@WernfriedDomscheit Thank you for your comment. you are right, I've changed my password several times, yet someone keeps trying to hack my computer and access the Oracle system. Would you mind suggesting another approach? — Abdul Rahman, Dec 08 '22 at 10:36
If someone gets access to your machine with your user account (or even with root privileges) then you are lost - period. Protect your computer or the folders which store sensitive information from non-authorized access, that's the main target. — Wernfried Domscheit, Dec 08 '22 at 11:42
If you want a database task to run when you are not there to enter the password, you can look at Oracle's dbms_scheduler to run it from within the DB itself. There are other authentication mechanisms (certificates, OS authorisation,firewalls) but you'd need to go into more detail about your environment and what threats you are defending against. — Gary Myers, Dec 09 '22 at 00:25

score 0 · Answer 1 · answered Dec 17 '22 at 17:51

This is not the forum for security ... but ... addressing the point raised by Wernfried Domscheit, you should consider modifying the file ... /etc/security/access.conf ... to suit your unique circumstances. The below is a modified version of my own file for public consumption.

### Permit root login from local            ### Look at /etc/hosts for host IP aliases
+:root:LOCAL localhost myHost
#
###     Permit designated users to access from local
+:username:LOCAL localhost myHost
#
###     Permit all local services/users to access from local
#+:ALL:LOCAL localhost myHost
+:ALL:LOCAL ALL
#
### Deny access to all from any remote (must be last)
-:ALL:ALL

Similarly for ... /etc/ssh/ssh_config ...

###     Group 1 - Restrictive
    PermitRootLogin no                          ## myHost
    ForwardAgent no                             ## myHost
    ForwardX11 no                               ## myHost
    ForwardX11Trusted no                        ## myHost
    DenyUsers root                              ## myHost
    DenyGroups root                             ## myHost

###     Group 2 - Permissive
    AllowUsers nonexistent                      ## myHost
    AllowGroups nonexistent                     ## myHost

###     Deploy any modifications using:  systemctl restart sshd

Those give you a rock-bottom minimum for controlling access from outside. If access is being attempted from inside, you have an entirely different problem.

Using Ubuntu, encrypt passwords in bash

1 Answers1