Re: Spawning a Secure Xterm

In article <1167509031.806024.164210@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>,
<tom.rectenwald@xxxxxxxxx> wrote:
.
.
.
2) exec xterm -e "expect (expect commands above)

I found that by running an exec, I could pass the Expect commands
without having to use a file. However, in a 'ps' listing, everything
shows... including the password.

I tried to compile/obfuscate the $ssh_file code via freewrap and shc,
but it looks like one is geared towards pure Tcl and doesn't handle
Expect commands, and the other is for shell scripts. Running the
Expect within a #!/bin/sh via an exec command didn't work either, would
not execute the compiled code.

Now I'm starting to hope there may be an easier way to do this. My
goal is to spawn an Xterm, automatically SSH out to another system, and
pass the password. The environment that I'm working in does not allow
for Authenticated Keys... so this is pretty much the only way I can do
it. I just want to ensure that it is as secure as possible.

Any help would be appreciated, I'll be glad to post/send the actual
code if it helps. I do have it working, in a fashion, by using method
1, but am hoping there is a more secure way to run it. Also hoping
that it is proper etiquette to post Expect stuff in this Tcl group, if
not, please let me know.
.
.
.
You're sort of stuck. Passwords are a risk; someone
decided that "[t]he environment that I'm working in
does not allow for Authenticated Keys ...", so there
are serious limits on how much you can improve the
situation.

It *is* possible to compile/obfuscate Expect, but,
the last time I did it, it took a fair amount of
work. Is your manager willing to pay for another
day of your time to obfuscate the password? Another
week?

I think you've taken the steps that are reasonable
and prudent, and should do more only with explicit
authorization to spend your time that way.
.

Relevant Pages

  • Re: Multi-line "Srchfor" Utility?
    ... Anyone know of a SuperC-like utility that will parse out a ... The immediate need is to list out all EXEC CICS QUERY ... SECURITY commands may have the various keywords one-per-source-line or ...
    (bit.listserv.ibm-main)
  • Re: Execute commands from file
    ... (more or less, 500000 commands each file). ... exec line ... connection to the environment created by previous lies. ...
    (comp.lang.python)
  • Re: switchport port-security
    ... the 2 commands is, if any. ... Although sticky secure addresses can be manually configured, ... > "After you have set the maximum number of secure MAC addresses on a port, ...
    (comp.dcom.sys.cisco)
  • Re: UserLinux chooses Python as "interpretive language" of choice
    ... This style, while adequate for simple commands, proved cumbersome ... written in EXEC 2. ... It became clear to me that a new language was ... the command and string programming facilities that EXEC 2 had proven to ...
    (comp.lang.python)
  • Re: Logging out the window manager
    ... it is when you exit a shell that is a login shell. ... > after the exec. ... commands without exec or an ampersand so the script will wait for the WM ...
    (Debian-User)