Re: Hidden string in remsh (538 Views)
Reply
Occasional Advisor
Posts: 10
Registered: ‎08-25-2002
Message 1 of 14 (538 Views)
Accepted Solution

Hidden string in remsh

Hi everyone!
This is my problem:
I have to type something like a password on an HP-UX 11i system. This string must be hidden while is typed.
On local I use this kind of script:

export TERM=vt100
stty -echo
read MYSTRING
stty echo
MYSTRING=$(echo $MYSTRING|tr -d "[\015]")

But if I launch this script by remsh it doesn't work...
stty: : Unknown error
How can I encrypt or hidden the typing using remsh?

Thanks
Vale et valete
ZAMPO
Honored Contributor
Posts: 6,350
Registered: ‎08-15-2001
Message 2 of 14 (538 Views)

Re: Hidden string in remsh

Hi,

Are you running the stty command on the remote system?. One problem with it is that you cannot run interactive sessions with remsh. Moreover -echo is a local mode option and I am not sure if it is going to work as you are not really applying the controls to the local terminal (from where you are running remsh).

I suggest you do the stty stuff on the local terminal and pass the data (MYSTRING) to your remsh command if possible.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
Occasional Advisor
Posts: 10
Registered: ‎08-25-2002
Message 3 of 14 (538 Views)

Re: Hidden string in remsh

Thank you for your reply, but is not possible to do the stty stuff on the local terminal...
I'm looking for an alterative way instead of the use of "stty".
I have to use script in remsh and I'd like to hide my typing.


Vale et valete
ZAMPO
Honored Contributor
Posts: 744
Registered: ‎06-15-1998
Message 4 of 14 (538 Views)

Re: Hidden string in remsh

Unfortunately the stty command does not work over the BSD remote commands because they don't create tty's.

Does the remote script need other input, apart from the password?

If not then perhaps you could do: -

stty -echo
remsh yourhost yourscript.sh
stty echo

So turn off echo before remshing?
Occasional Advisor
Posts: 10
Registered: ‎08-25-2002
Message 5 of 14 (538 Views)

Re: Hidden string in remsh

Great Simon,
I like your solution, but it's not my situation...
The problem is that I have 2 concatenated remsh...
The first is from an html page (and i cannot modify that) to an Unix server.
The second is from an Unix server to another unix server!
I can ask for the "password" on the first or the second Unix server.
I'm looking for an alternative to the command
stty
P.S. The password is for connect to an Oracle DB

Thanks for helping me!

Vale et valete
ZAMPO
Honored Contributor
Posts: 744
Registered: ‎06-15-1998
Message 6 of 14 (538 Views)

Re: Hidden string in remsh

I'm a little confused when you say you call remsh from a html page? Do you mean it's called from a cgi shell on a web page? eg called when a form is submitted, for example?

If so then I don't understand how your script can be prompting for the password, since cgi-scripts (or any other way from a html page as far as I'm aware) are not interactive and therefore cannot prompt for a password during execution?

Please give more details of what exactly your setup is and I'll try to help more.
Occasional Advisor
Posts: 10
Registered: ‎08-25-2002
Message 7 of 14 (538 Views)

Re: Hidden string in remsh

My script is only a ring in a chain!

I suppose is a cgi that launch a script on a first server. I have no visibility of the cgi script and I cannot change it!
The (maybe) cgi script call a remsh to a first server. This first unix script connect the operator to a database Server on another machine.
We have several DBs on several servers, so the first script knows if the DB is on a Window (sql server) or an Unix (Oracle) server.
If the db is on an Unix server, the first script call a remsh on the second server. Here there is my script.
My script is launched by a remsh from an Unix server and my script need to ask to the operator the DB password, because connect me to a database (That is on another server -the 3rd one!)
It's a little complicated!!!
I hople to have explain it clearly; if you need more infos, ask for they!

Thanks a lot
Vale et valete
ZAMPO
Honored Contributor
Posts: 744
Registered: ‎06-15-1998
Message 8 of 14 (538 Views)

Re: Hidden string in remsh

Hmm, I think I see.

However the problem remains that because your script doesn't have direct access to the tty functions and therefore to set the terminal to not echo, the terminal will echo (it's a hardware thing not a software thing).

One thing you could do, which is very crude but would stop over-the-shoulder readers from getting the password would be something like: -

# START OF SCRIPT
trap "rm lockfile 2>/dev/null" 0

clear
echo "Press ENTER, then type in the password. The screen will be blank."
read JUNK

touch lockfile
while [ -r lockfile ]
do
clear
done &

read STUFF

rm lockfile 2>/dev/null
echo Your password is : $STUFF
# END OF SCRIPT

Basically this script, before the read command, kicks off a background process that constantly clears the screen. Input is then read, but is wiped from the screen as it's being typed. After read, the lockfile is removed, which stops the background loop. The trap is just to force the background loop to stop if the script breaks out.

If on a slow terminal, it may be an option to use echo ".\c" instead of clear, to fill the screen with dots.

Not tidy, but an option.

Is there any reason why the password actually has to be manually typed by the operator, rather than being encoded into the script (with restricted read permissions, of course).
Honored Contributor
Posts: 744
Registered: ‎06-15-1998
Message 9 of 14 (538 Views)

Re: Hidden string in remsh

Actually the script would be slightly more user friendly if it were like this: -

trap "rm lockfile.$$ 2>/dev/null" 0

touch lockfile.$$
while [ -r lockfile.$$ ]
do
clear
echo "Enter password, then press RETURN"
done &

read STUFF

rm lockfile.$$ 2>/dev/null
echo Your password is : $STUFF
Occasional Advisor
Posts: 10
Registered: ‎08-25-2002
Message 11 of 14 (538 Views)

Re: Hidden string in remsh

Simon, we are almost near the solution...
the command "clear" does not work on remsh, but your second script can be a rude solution (test it without "clear"!)
Does the "remote clear" work on your systems?

The necessity of typing the password is real because we have a different password for each DB.

For the ssh... I have it already installed, but it could not useful in this case; my problem is an invisible typing on a remote shell; not an Unix authentification.

Many thanks!

Vale et valete
ZAMPO
Honored Contributor
Posts: 744
Registered: ‎06-15-1998
Message 12 of 14 (538 Views)

Re: Hidden string in remsh

I think you will find the clear is not working because the TERM environment variable is not set. By default /etc/profile and .profile are not called when connecting via remsh, so your environment is minimal.

Try adding

export TERM=vt100

as the first line of your remote script.

(this assumes your operators are connecting via a VT terminal. You may need to replace this with hpterm if using a green HP screen for example).
Occasional Advisor
Posts: 10
Registered: ‎08-25-2002
Message 13 of 14 (538 Views)

Re: Hidden string in remsh

It works!
I think we will use this solution...
Could work ssh too (with option -t) but there is a RPC to a Windows server in the middle of the chain, so... It's a problem!
So many thanks to Harry too!
See you netx thread!

Vale et valete
ZAMPO
Highlighted
Occasional Advisor
Posts: 10
Registered: ‎08-25-2002
Message 14 of 14 (538 Views)

Re: Hidden string in remsh

The solution is not so smart, but it works!
There is a light flickering of the writing on the video, but for my propose is good!
Many thanks to Simon Hargrave for his kindness...


Vale et valete
ZAMPO
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.