-1

We have some bash commands executes through command line

Sample Bash Command: ksh Script.ksh Filename filepath userid host password

In the command line we need to pass the password but while its been executed its displaying password. Is there any way we can modify the bash command and in place "password display as **** .

Sample: ksh Script.ksh Employee.txt /home/opt/ empuser 10.20.30.99 abc@123

Can we modify the above bash command to

Sample: ksh Script.ksh Employee.txt /home/opt/ empuser 10.20.30.99 ********

and read the value inside the script ??

Script Content:

var1 = $1 
var2 = $2 
var3 = $3 
varpassword = $4


..... reading password and running sftp command
Kusalananda
  • 333,661
Arya
  • 316
  • running a command doesn't print the command line? So, not quite sure what you're doing. Have you perhaps explicitly turned on printing of command lines? – Marcus Müller Mar 27 '23 at 09:55
  • @MarcusMüller : Well, if you give the password as command line argument, it shows up in ps -f – Ljm Dullaart Mar 27 '23 at 10:02
  • @LjmDullaart yes, that's a problem, but that's not the problem OP is having! I do agree, though, that proper solutions would include not passing the secrets at all via command line arguments of variables, but probably rather through sufficiently exclusive-to-access file. – Marcus Müller Mar 27 '23 at 10:03
  • 1
    Don't do that - have your script read the password from stdin as the first thing it does. See https://unix.stackexchange.com/a/439575/133219. – Ed Morton Mar 27 '23 at 12:00
  • 1
    Don't do that as then your password will be visible in ps output and in your shell history. Instead have your script read the password from stdin as the first thing it does, see https://unix.stackexchange.com/a/439575/133219 and pay attention to the comment under it at https://unix.stackexchange.com/questions/439497/is-there-a-way-to-pass-sensitive-data-in-bash-using-a-prompt-for-any-command#comment796004_439575. – Ed Morton Mar 27 '23 at 12:06

1 Answers1

0

If you type a command, what you type remains on the screen. You can, with tput, try to delete the line that is above it.

#!/bin/bash

sleep 5
tput cuu 1
echo "Running: $0 $1 $2 $3 *********                                        "
sleep 5

This may work if your terminals are guaranteed to be wide enough and your prompt is short enough.

Or just clear the screen with clear.

But the password will still show in ps -ef. Putting a password on the Command Line is in general a bad idea, and especially for long running programs. You might want to look at how, for example, ssh hides its secrets.

Ljm Dullaart
  • 4,643