Encrypt command to execute

On one of servers I have access to I wanted to have a bash script knocking to my home server and then – after the sesame is open – ssh into it. But I didn’t want to store knock sequence in the bash script or file, that everyone has (a potential) access to. Here is small how-to use gpg to encrypt/decrtypt commands to execute.

 

(1) Create a file with command to execute, eg in file command.txt:

knock example.com 120:tcp 121:udp 122:tcp && sleep 1s && ssh username@example.com

 

(2) Encrypt the file with gpg:

gpg -a --symmetric --cipher-algo TWOFISH command.txt

(cipher algorithm here is TWOFISH, but can be anything else). New file command.txt.asc should be created.

 

(3) Create a script which decrypt and execute above command:

#!/bin/bash
command=`gpg -d  command.txt.asc  2> /dev/null`
eval "$command"

This command will ask for the passphase and after successfull decryption will run desired command.