Industry guru Dave Taylor answers free tech support questions about a wide variety of business and technical topics, including blogging, Google AdSense, MySpace, Sony PSP, Apple iPod, Mp3 players, management, Linux, SEO, Mac OS X, Facebook, Twitter, LinkedIn and Microsoft Windows.

Prompting users for passwords in a shell script?

How do you write a bash script for example, a user logins to the server's shell, then I want a bash script that will prompt him a password to verify he is a legit user not an intruder. The answer of the password will be located in a file (for example: /etc/verify). If the user not able to type the correct password 3 times the server will kill that connection and bans his IP address from the server.

Dave's Answer:

First off, I have to say that while I am a big fan of shell scripts as the universal solution to almost any problem, I am a bit leery about using it as a security screen rather than coding something in C or similar.

But what you ask about can certainly be done. The key is to know that you can turn off input echo with the stty command, leading to a simple script snippet to prompt for a password:

echo -n "Password: "

stty -echo
read password
stty echo

echo ""         # force a carriage return to be output
echo You entered $password

I've left blank lines so you can see the three line sequence that lets the password not be shown as the user types it in.

With this script in your toolkit, you then need to grab the correct password from the /etc/verify file:

correct="$(cat /etc/verify)"

and then compare the two:

if [ $password = $correct ] ; then ...

If it fails, increment a counter:

failed=$(( $failed + 1 ))

Put those pieces together and you'll have everything except the action that should happen when they fail three times in a row. To log someone out, you can simply kill their login shell, which can be quickly identified by finding the parent process ID of the script itself, which is typically the third field in a ps -l output.

To block their IP, I assume you'd need to automatically append the IP address to some sort of firewall, but since there are a number of different firewalls, you're on your own with that last one.

Hope that's helpful. I'll leave putting all these building blocks together as an "exercise for the reader". :-)



Help others find this article at Del.icio.us, Digg, Netscape, Reddit, and Simpy.
Categorized: Shell Script Programming   (Article 4267)
Tagged:
Previous: How do I remove widgets from Dashboard in Mac OS X Tiger?
Next: Sony Playstation Portable (PSP) Top Questions and Answers

Subscribe!

Never miss another useful Q&A article again! Subscribe to AskDaveTaylor with Google Reader.

Comments

hello
I want to say the password in bash
for example if I know a pc's root password I want to write a bash script to ssh that pc and say the password and enter that pc
would you please email it to me
thanks a lot

Posted by: sina at June 16, 2006 1:56 AM

Hi Dave,

Thanks for that tip, very handy.

Get a question and also a possibly useful addition...

Q: You mention using /etc/verify, is this a standard *NIX/Linux thing or is it just by way of example here?

The reason I ask is that I work almost entirely on OS X, where it doesn't seem to exist (I assume because of NetInfo/OpenLDAP or because it just don't), is there some kind of equivalent on OS X if it is not just an example?

Addittion:

I noticed that somebody else using a similar technique to you pointed out that if stty was not configured to echo before the script it would be after using this method. They suggested using the following construct: -

oldmodes=`stty -g`
stty -echo
read password
stty $oldmodes

Cheers
Dan

Posted by: Dan at May 1, 2007 10:59 AM

You can turn the echoing off by giving -s option to the read command

# read -s password

Posted by: Ratnadeep Joshi at September 4, 2007 5:33 AM

I have a lot to say, but ...
Starbucks coffee cup I have a lot to say, and questions of my own for that matter, but most of all I'd like to say thank you for all your efforts on this Web site by buying you a chai!

I do have a comment, now that you mention it!









Remember personal info?


Please note that I will never send you any unsolicited commercial email. Ever.

While I'm at it, please note that by submitting a question or comment you're agreeing to my terms of service, which are: you relinquish any subsequent rights of ownership to your material by submitting it on this site.









Search
Find just the answers you seek from among our 1700+ free tech support articles by using our Lijit search engine.


Help!
Ask Dave for Help!




Link To Dave!
• Buy Dave a Cuppa •
Media Queries

Subscribe to
Ask Dave Taylor!

Add to Google Reader
Add to My Yahoo!
Subscribe in NewsGator Online

RDF   XML

Free Updates!
Sign up and get free weekly updates and special offers on books, seminars, workshops and more.

Complete Archives

Recent Entries
Join the List!
Join my author info mailing list, where you'll learn about my upcoming books, speaking gigs, and more!


Book Links
CIG Growing Your Business with Google
Creating Cool Web Sites
Wicked Cool Shell Scripts
Learning Unix for Mac OS X Panther
Solaris 9 for Dummies
Teach Yourself Unix System Administration in 24 Hours
Teach Yourself Unix in 24 Hours
Creating Cool HTML 4 Web Pages
Dynamic HTML Weekend Crash Course
training - speaking - writing - business blog - photography - bio - tech support
© 2002 - 2008 by Dave Taylor. All Rights Reserved.

Note: This web site is for the purpose of disseminating information for educational purposes, free of charge, for the benefit of all visitors. We take great care to provide quality information. However, we do not guarantee, and accept no legal liability whatsoever arising from or connected to, the accuracy, reliability, currency or completeness of any material contained on this web site or on any linked site.

[whiteboard marker tray]