Subject: Re: Crypt a password with SSH keys ?

Re: Crypt a password with SSH keys ?

From: Fritz Elfert <>
Date: Sat, 16 Oct 2010 16:45:38 +0200

Hash: SHA1

On 16.10.2010 11:21, JudicaŽl Bedouet wrote:
> Hi,
> I would like to use the libssh2 library to automatically exec several
> programs on remote machines. One of the arguments of these programs is a
> password for a database connection. I intend to use an SSH agent to
> automatically connect to the remote machines but I have to encrypt the
> password so that users on remote machines can't see it. I can modify the
> remote programs to decrypt the password.
> Since I have already a private / public key pair with SSH, I wonder if it's
> possible to encrypt the password with the SSH public key and, within the
> remote programs, to decrypt the encrypted password with the SSH private key.
> I have looked the libssh2 documentation and it seems to me that there is no
> function to do this. Is there a way to do it with the libssh2 library ?
> Otherwise, I can generate a key of my own, use the libssh2 scp functions to
> copy it on the remote machines, encrypt the password and exec the commands.
> The remote programs use the key to decrypt the password, then connect to the
> database. Of course, the key would be in a file only readable by the SSH
> user.
> Do you think there is a better way to do this ?
Yes. Make the remote program read the password from stdin. Send the
password to it through the already encrypted ssh channel. No need for
fancy things.

- -Fritz
Version: GnuPG v1.4.6 (MingW32)
Comment: Using GnuPG with Mozilla -

Received on 2010-10-16