Step By Step Guide to Use Encrypted Password in a Bash Script

Hello, Here we are discussing how to encrypt or decrypt the password & to use encrypted password in a bash script. Using Encryption method, we can converting normal message/plaintext into meaningless message/Ciphertext whereas decryption is the process of converting meaningless message/Ciphertext into its original form/Plaintext. We are using encrypted password in a bash script using open ssl.

There are some steps to convert the password into encryption & decryption using command line:

Step 1: Update the system.

apt get update

Step 2: Install Openssl.

apt install openssl

  • Here is the command output.

root@ip-172-31-23-63:/home/ubuntu# apt install openssl
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be upgraded:
openssl
1 upgraded, 0 newly installed, 0 to remove and 31 not upgraded.
Need to get 620 kB of archives.
After this operation, 1024 B disk space will be freed.
Get:1 http://sa-east-1.ec2.archive.ubuntu.com/ubuntu focal-updates/main amd64 openssl amd64 1.1.1f-1ubuntu2.10 [620 kB]
Fetched 620 kB in 0s (23.6 MB/s)
(Reading database ... 63895 files and directories currently installed.)
Preparing to unpack .../openssl_1.1.1f-1ubuntu2.10_amd64.deb ...
Unpacking openssl (1.1.1f-1ubuntu2.10) over (1.1.1f-1ubuntu2.9) ...
Setting up openssl (1.1.1f-1ubuntu2.10) ...
Processing triggers for man-db (2.9.1-1) ...

Step 3: To encrypt a password.

  • Provide your password.

echo 'password_here' | openssl enc -aes-256-cbc -md sha512 -a -pbkdf2 -iter 100000 -salt -pass pass:'set-encryption-password '

For example:

echo 'Password@1234' | openssl enc -aes-256-cbc -md sha512 -a -pbkdf2 -iter 100000 -salt -pass pass:'test@1234'

  • Here is the command output.

root@ip-172-31-23-63:/home/ubuntu# echo "Password@1234" | openssl enc -aes-256-cbc -md sha512 -a -pbkdf2 -iter 100000 -salt -pass pass:test@1234
U2FsdGVkX1/44B43UJW8vd0u4NY5qB+/BUMLq1FZmW8=

Where

enc -aes-256-cbc: It is an encoding type & using Advanced Encryption Standard 256-bit key cipher with cipher-block chaining.
-md sha512: It is a message digest (hash) type &  using the SHA512 cryptographic algorithm.
-a:  openssl to apply base-64 encoding after the encryption phase and before the decryption phase.
-pbkdf2: Using Password-Based Key Derivation Function 2 (PBKDF2) makes it much more difficult for a brute force attack to succeed in guessing your password.It requires many computations to perform the encryption. An attacker would need to replicate all of those computations.
-iter 100000: Provide the number of computations that PBKDF2 will use.
-salt: It makes the encrypted output different every time, even if the plain text is the same.
-pass pass:’set-decryption-password’: The password we’ll need to use to decrypt the encrypted password.

Step 4: To decrypt the password.

echo "encrypted-password_here" | openssl enc -aes-256-cbc -md sha512 -a -d -pbkdf2 -iter 100000 -salt -pass pass:'provide-set-encrypted-password'

For example:

echo U2FsdGVkX1/44B43UJW8vd0u4NY5qB+/BUMLq1FZmW8= | openssl enc -aes-256-cbc -md sha512 -a -d -pbkdf2 -iter 100000 -salt -pass pass:'test@1234'

  • Here is the command output.

root@ip-172-31-23-63:/home/ubuntu# echo U2FsdGVkX1/44B43UJW8vd0u4NY5qB+/BUMLq1FZmW8= | openssl enc -aes-256-cbc -md sha512 -a -d -pbkdf2 -iter 100000 -salt -pass pass:'test@1234'
Password@1234

Step 5: Install sshpass.

apt-get install sshpass

Step 6: To use sshpass.

sshpass -p 'password_here' ssh user-name@public-ip-addres

How to use Encrypted password in a bash script

Step 7: Create & open the file where we want to save your root password.

touch password.txt
&&
vim password.txt

  • Provide your password.

Password@1234

  • Save & exit.

Step 8: Now Create a bash script.

vim script.sh

  • Add the following lines:
  • Without root login or using root password, to install nginx on system.

#!/bin/bash
cat "/home/ubuntu/password.txt" | openssl enc -aes-256-cbc -md sha512 -a -pbkdf2 -iter 100000 -salt -pass pass:test@1234 >> /home/ubuntu/encrpted.txt
read=`cat /home/ubuntu/encrpted.txt`
echo "$read" | sudo -S apt install nginx -y

  • Here is the script output.

User-name@ip-172-31-23-63:/home/ubuntu# bash -x abc.sh
+ cat /home/ubuntu/password.txt
+ openssl enc -aes-256-cbc -md sha512 -a -pbkdf2 -iter 100000 -salt -pass pass:test@1234
++ cat /home/ubuntu/encrpted.txt
+ read='U2FsdGVkX1/g4lc0P0KrspmYTRhOrWZecFRe4GZwW44='
+ echo 'U2FsdGVkX1/g4lc0P0KrspmYTRhOrWZecFRe4GZwW44='
+ sudo -S apt install nginx -y
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
nginx
0 upgraded, 1 newly installed, 0 to remove and 74 not upgraded.
..
Preparing to unpack .../nginx_1.18.0-0ubuntu1.2_all.deb ...
Unpacking nginx (1.18.0-0ubuntu1.2) ...
Setting up nginx (1.18.0-0ubuntu1.2) ...

Or

  • If we want to login a remote system using encryption method so save your remote password in a file & then create a bash script.

#!/bin/bash
# name of the remote account
REMOTE_USER=ubuntu
# password for the remote account
REMOTE_PASSWD=$(cat /home/ubuntu/password.txt | openssl enc -aes-256-cbc -md sha512 -a -d -pbkdf2 -iter 100000 -salt -pass pass:'password')
# connect to the remote computer and put a timestamp in a file called script.log
sshpass -p $REMOTE_PASSWD ssh -T $REMOTE_USER@public-ip-address

Leave a Reply