Subject: Re: Crypt a password with SSH keys ?

Re: Crypt a password with SSH keys ?

From: Fritz Elfert <fritz_at_fritz-elfert.de>
Date: Sat, 16 Oct 2010 16:45:38 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 16.10.2010 11:21, JudicaŽl Bedouet wrote:
> Hi,
>
> I would like to use the libssh2 library to automatically exec several
> programs on remote machines. One of the arguments of these programs is a
> password for a database connection. I intend to use an SSH agent to
> automatically connect to the remote machines but I have to encrypt the
> password so that users on remote machines can't see it. I can modify the
> remote programs to decrypt the password.
>
> Since I have already a private / public key pair with SSH, I wonder if it's
> possible to encrypt the password with the SSH public key and, within the
> remote programs, to decrypt the encrypted password with the SSH private key.
> I have looked the libssh2 documentation and it seems to me that there is no
> function to do this. Is there a way to do it with the libssh2 library ?
>
> Otherwise, I can generate a key of my own, use the libssh2 scp functions to
> copy it on the remote machines, encrypt the password and exec the commands.
> The remote programs use the key to decrypt the password, then connect to the
> database. Of course, the key would be in a file only readable by the SSH
> user.
>
> Do you think there is a better way to do this ?
>
Yes. Make the remote program read the password from stdin. Send the
password to it through the already encrypted ssh channel. No need for
fancy things.

- -Fritz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iD8DBQFMubqSboM4mAMyprARAndNAJ9XfP5sxCD5KZtjz3ipGFDLVUVf3gCgghkZ
dc2wBYSP80Q2XJUj6Upcrvg=
=qQiJ
-----END PGP SIGNATURE-----
_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Received on 2010-10-16