Strony

wtorek, 17 września 2013

Encrypt command to execute

On one of servers I have access to I wanted to have a bash script knocking to my home server and then – after the sesame is open – ssh into it. But I didn’t want to store knock sequence in the bash script or file, that everyone has (a potential) access to. Here is small how-to use gpg to encrypt/decrtypt commands to execute.

 


(1) Create a file with command to execute, eg in file command.txt:
knock example.com 120:tcp 121:udp 122:tcp && sleep 1s && ssh username@example.com

 


(2) Encrypt the file with gpg:
gpg -a --symmetric --cipher-algo TWOFISH command.txt
(cipher algorithm here is TWOFISH, but can be anything else). New file command.txt.asc should be created.

 


(3) Create a script which decrypt and execute above command:
#!/bin/bash
command=`gpg -d  command.txt.asc  2> /dev/null`
eval "$command"
This command will ask for the passphase and after successfull decryption will run desired command.