Hi all! I've used ftp-module (Net::FTP) in a perl-script that permits me to do a ftp to a remote server automaticly. My idea is that when I starts my linux server, it modifies some remote pages (on other server...) and when I halt my server, it restore the original files on the remote server. (I use rc.d directories) It runs correctly :), but there is a problem: I've to write my login and password in plain text in the script (*as shown below). I know that i can read-protect the script, but i doesn't like to have my password in plain text. Is there any manner to encrypt it, as linux do in passwd files? Or any other module that permits me to do the same with encrypted password? Thanks in advance! p.s. I can't use ssh in the remote server, it only runs ftp! ____________________________________________________ *SOME SCRIPT LINES use Net::FTP $ftp = Net::FTP->new("remote_server", Debug => 0); $ftp->login("LOGIN",'PASSWORD); $ftp-> MY COMMANDS ____________________________________________________
* Francesc Dantí wrote on Mon, May 20, 2002 at 12:15 +0200:
I know that i can read-protect the script, but i doesn't like to have my password in plain text.
Is there any manner to encrypt it, as linux do in passwd files?
No problem, but then your script has no knowledge about the password, so it's useless. If the "encrypted" password can be decrypted by the script, it is not more secure (since you need some plain key, and so you can ommit this step completly).
Or any other module that permits me to do the same with encrypted password?
If the FTP server would accept i.e. crypted passwords, it would make no sense to use crypted passwords, since an attacker would use the crypted password :-). No difference! If the script can use a passord automatically, and attacker can do it as well. There is nothing you can do except user interaction. But even this can be hijacked by an attacker, but you may take notice of it (depends on the expirience and energy of the attacker).
p.s. I can't use ssh in the remote server, it only runs ftp!
If you would use an plain SSH key, the attacker could use it as well. This is a logical thing... oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.
On 05/20/02 12:15:14, Francesc Dantí
It runs correctly :), but there is a problem: I've to write my login and password in plain text in the script (*as shown below). I know that i can read-protect the script, but i doesn't like to have my password in plain text.
Is there any manner to encrypt it, as linux do in passwd files? Or any other module that permits me to do the same with encrypted password?
Why not change the script to get the password from the command line or prompt for the password. See my (untested) mods to your script. Or try to compile the script (using perlcc).
Thanks in advance!
p.s. I can't use ssh in the remote server, it only runs ftp! ____________________________________________________ *SOME SCRIPT LINES
use Net::FTP
# get password from command line or prompt for password # you may want to do more error checking, you could also # get alot more elaborate with this method # # CODE NOT TESTED!!! # $passwd = $ARGV[0]; if (!$passwd) { print "Please enter FTP password: "; chomp($passwd = <STDIN>); }
$ftp = Net::FTP->new("remote_server", Debug => 0);
# replace PASSWORD string with $passwd variable $ftp->login("LOGIN", "$passwd");
$ftp-> MY COMMANDS ____________________________________________________
--rickey
participants (3)
-
Francesc Dantí
-
Rickey Ingrassia
-
Steffen Dettmer