Hi! Saeed,

I am having one shell / perl script , through which i am doing all my server maintainance work like cleaning old logs etc. Script is running fine without any issues. But i am remotly login to almost 20 servers through this script and doing my stuffs for which i

<snip>

Is there any way to encrypt my password in the same script which system or script can understande but when any one else open my script not able to read that password line. Please note i am using Unix as OS and using vi editor.

There are few possible solutions:

1. Keep the password in plain text in a separate file in your home directory and read it from the script. The permission of file/directory containing your password should be such that it is not readable by anyone but you. This solution doesn't save you from trouble if someone accesses your file with your own login name.

2. Do the same as above, but encrypt the password with some key and supply that key to the script to decrypt the password. This will force you to supply the key every time you try to run your script. This will prevent anyone from executing the script unless the key is known to that person. But there is a better ways to do it. See below.

3. Instead of cooking up an encryption scheme yourself, use ssh for all remote work. Remember to disable password based logins on remote systems. Choose key based login instead. You need to create your own private-public key pair for this purpose. There are lots of documents on the Net on how to do it. Some of them are:

http://sial.org/howto/openssh/ https://wiki.systemsx.ch/display/ITDOC/OpenSSH+key+creation+HOWTO http://www.sshkeychain.org/mirrors/SSH-with-Keys-HOWTO/ http://www.openssh.com/manual.html

Never attempt to implement ssh without reading all relevant documents thoroughly as misconfiguration of it can cause serious security breaches. Usually the standard configuration files which come with binary packages in various Linux distributions (Ubuntu, Fedora, OpenSuSE etc.) are secure enough to be used on production systems. But still it makes sense to read and understand them before implementation.

Remember to encrypt your ssh private key. Never leave it on the disk in raw form unless you have some compelling reasons to do so. Sometimes using passphrase based encryption is not feasible at all, like to auto-execute some commands on remote system when human operator is not present in front of the terminal to supply it. In such cases, the private key is kept on the disk in its raw form.

I am assuming that your are present in front of the terminal from where your program is fired. This will allow you to supply the passphase on demand. If your program is fired multiple times in a session or connects to multiple systems in a session then these password prompts might become annoying. In such cases, consider using the utility ssh-add. It takes your passphrase while starting up and keeps it in the memory for on demand supply. Thus you can supply the passphrase once and then run your program without supplying it again. But remember to run "ssh-add -D" when all your ssh related work is over.

Can any one please advice or guide me how to achieve this kind of encryption.

If you mean a custom encryption scheme here, I would say that cooking up such a scheme is always a bad idea. It requires a lot of mathematical skills to develop a good encryption scheme. So it is better to leave this job to the experts (unless you are a good mathematician yourself) and enjoy the fruits of open and standards compliant encryption schemes already developed by great masters.

cheers Raghu