Password security on the command line

Please ask questions here if you are not familiar with fsarchiver
Post Reply
furball4
Posts: 6
Joined: Sun Oct 31, 2010 8:36 am

Password security on the command line

Post by furball4 » Sun Oct 31, 2010 8:49 am

I have a concern that may need to be a feature request, but I wanted to get a feel for how relevant it was here first. It appears to me that the only method to supply a password to fsarchiver for encryption/decryption is to pass it in plaintext on the command line via the -c option. Unless the user goes out of their way to avoid it, this leaves the plaintext password rattling around in .bash_history. Is there a way to get fsarchiver to prompt for the password securely after the command is run? If not, is there another way to handle this that might alleviate my worries?

admin
Site Admin
Posts: 550
Joined: Sat Feb 21, 2004 12:12 pm

Re: Password security on the command line

Post by admin » Sun Nov 21, 2010 4:33 pm

This trivial modification has been added the the stable branch in the git repository, and it will be part of fsarchiver-0.6.11.
You just have to use "-c -" and it will prompt for a password in the terminal.

You can get the sources this way:

Code: Select all

cd /var/tmp
git clone git://fsarchiver.git.sourceforge.net/gitroot/fsarchiver/fsarchiver fsarchiver-git
cd fsarchiver-git
git checkout stable
./autogen.sh && ./configure && make

furball4
Posts: 6
Joined: Sun Oct 31, 2010 8:36 am

Re: Password security on the command line

Post by furball4 » Sun Nov 21, 2010 7:26 pm

Awesome! Thank you.

admin
Site Admin
Posts: 550
Joined: Sat Feb 21, 2004 12:12 pm

Re: Password security on the command line

Post by admin » Sun Nov 21, 2010 10:28 pm

Good, could you test it and confirm that it works for you ?
It should ask the password twice when you create an archive, and once when you restore it.
Of course it should complain if the two passwords are not the same or too short/long.

furball4
Posts: 6
Joined: Sun Oct 31, 2010 8:36 am

Re: Password security on the command line

Post by furball4 » Mon Nov 22, 2010 4:52 am

Certainly - it may take me a week or so however. I'll let you know how it goes.

admin
Site Admin
Posts: 550
Joined: Sat Feb 21, 2004 12:12 pm

Re: Password security on the command line

Post by admin » Wed Dec 01, 2010 12:04 pm

fsarchiver-0.6.11 has been released (as well as SystemRescueCd-1.6.4 which has it) and it has that feature.

furball4
Posts: 6
Joined: Sun Oct 31, 2010 8:36 am

Re: Password security on the command line

Post by furball4 » Thu Dec 27, 2012 4:53 am

Apologies for not getting back to you, but I've been using this feature ever since and it works like a charm. Thanks again.

Post Reply