OPENSSL auto-answer password using HEREDOC
I have the following command but it doesn’t work for me….
cd /etc/postfix/ssl/ && openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024 <<PASS
password
password
PASS
Update:
The output is:
109 semi-random bytes loaded
Generating RSA private key, 1024 bit long modulus
...............................++++++
...........++++++
e is 65537 (0x10001)
Enter pass phrase for smtpd.key:
It should automatically answer questions and enter passwords automatically.
I ALWAYS USE HEREDOC
TO AUTOMATE MY Q&A ON BASH AND IT WORKS FINE….
What’s the problem here?
Solution
As a security measure, OpenSSL (and OpenSSH) take steps to read passwords directly from the terminal instead of standard input.
However, there are many ways to provide a password for OpenSSL. Check the man openssl
section PASS PHRASE ARGUMENTS
.
So you can do this:
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024 -passout "pass:mypassword"
… However, according to the online help page: “Because passwords are visible to utilities such as “ps” under Unix, this form should only be used if security is not important.”
Or you can do this:
printf '%s\n' "$PASS" | {
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024 -passout fd:3
} 3<&0
… This should be more secure than other options because the password does not show up in PS.