-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 16.10.2010 11:21, Judicaƫl Bedouet wrote: > Hi, > > I would like to use the libssh2 library to automatically exec several > programs on remote machines. One of the arguments of these programs is a > password for a database connection. I intend to use an SSH agent to > automatically connect to the remote machines but I have to encrypt the > password so that users on remote machines can't see it. I can modify the > remote programs to decrypt the password. > > Since I have already a private / public key pair with SSH, I wonder if it's > possible to encrypt the password with the SSH public key and, within the > remote programs, to decrypt the encrypted password with the SSH private key. > I have looked the libssh2 documentation and it seems to me that there is no > function to do this. Is there a way to do it with the libssh2 library ? > > Otherwise, I can generate a key of my own, use the libssh2 scp functions to > copy it on the remote machines, encrypt the password and exec the commands. > The remote programs use the key to decrypt the password, then connect to the > database. Of course, the key would be in a file only readable by the SSH > user. > > Do you think there is a better way to do this ? > Yes. Make the remote program read the password from stdin. Send the password to it through the already encrypted ssh channel. No need for fancy things.
- -Fritz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iD8DBQFMubqSboM4mAMyprARAndNAJ9XfP5sxCD5KZtjz3ipGFDLVUVf3gCgghkZ dc2wBYSP80Q2XJUj6Upcrvg= =qQiJ -----END PGP SIGNATURE----- _______________________________________________ libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
