Hide password using expect script

Question

I used the script to log into the power broker and connected ssh through the network. As per my knowledge every single more is tracked. I am ok with that.

My question is how to hide the password, below sample I tried:

#!/usr/bin/expect -f
set timeout 2
spawn pbrun /bin/su - big_admin
expect {
       "Password for casper@BIG_BANK.COM:" {send "foobar_pass!\r" ; exp_continue }
        "*$*" ;
}
interact 

I tried storing my password in a /home/casper/.password and then doing a chmod 400 on it and then putting it in the {send "/home/casper/.password\r" exp continue}, but it did not work.

Any ideas?

Answer 1

Source : http://wiki.tcl.tk/3594

Procedure to encrypt device passwords

• Takes pd (password list to be encrypted) and filename (name of file for resulting encrypted password list) as input
• Returns nothing
• Format of the list of passwords (current and older generations by device type?) depends on how calling program needs them - suggest separated by \n character for readability

proc utility_encrypt {pd filename} { global key HOME #catch [exec echo "$pd" | des -e -k $key -b > $HOME/pwdir/$filename] catch [exec des -e -k $key -b > [file join $HOME pwdir $filename] << $pd] return }

Procedure to decrypt device passwords

• Takes filename (name of password file to decrypt)
• Returns dpd (list of passwords in plaintext)

proc utility_decrypt filename { global key HOME catch {exec cat $HOME/pwdir/$filename | des -d -b -k $key} dpd # Some people write the previous command as # catch {exec des -d -b -k $key < $HOME/pwdir/$filename} dpd return $dpd }