Menu
I have a script that automates the creation of user accounts for SFTP. The script relies on echo to echo the password into chpasswd ala:
echo <username>:<the password> | sudo chpasswd
...and openssl to check the resulting crypted password to ensure it's properly set:
openssl passwd -1 -salt <salt> <the password>
Since the script is printing the password directly on the command line, I'm concerned about this showing up in bash history, and/or other insecure areas.
I've considered appending HISTIGNORE:
HISTIGNORE="echo" echo <username>:<the password> | sudo chpasswd
Will this reliably keep the password out of history?
802
Depending on the HISTCONTROL variable, you can prevent commands from being stored in history by prepending the command with whitespace:
$ echo $HISTCONTROL
$ echo my password is foo
my password is foo
$ echo my password is bar
my password is bar
$ history | tail -3
497 echo my password is foo
498 echo my password is bar
499 history | tail -3
$ HISTCONTROL=ignorespace
$ echo my password is foo
my password is foo
$ echo my password is bar
my password is bar
$ history | tail -4
499 history | tail -3
500 HISTCONTROL=ignorespace
501 echo my password is foo
502 history | tail -4
In the 2nd example, the command prefixed with spaces don't show up in history.
You can use history -d number to delete entries from history.
134
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
