Commands tagged secure (8)

  • While I love gpg and truecrypt there's some times when you just want to edit a file and not worry about keys or having to deal needing extra software on hand. Thus, you can use vim's encrypted file format. For more info on vim's encrypted files visit: http://www.vim.org/htmldoc/editing.html#encryption Show Sample Output


    85
    vim -x <FILENAME>
    denzuko · 2009-05-05 23:24:17 6
  • (Please see sample output for usage) Use any script name (the read command gets it) and it will be encrypted with the extension .crypt, i.e.: myscript --> myscript.crypt You can execute myscript.crypt only if you know the password. If you die, your script dies with you. If you modify the startup line, be careful with the offset calculation of the crypted block (the XX string). Not difficult to make script editable (an offset-dd piped to a gpg -d piped to a vim - piped to a gpg -c directed to script.new ), but not enough space to do it on a one liner. Sorry for the chmod on parentheses, I dont like "-" at the end. Thanks flatcap for the subshell abbreviation to /dev/null Show Sample Output


    6
    read -p 'Script: ' S && C=$S.crypt H='eval "$((dd if=$0 bs=1 skip=//|gpg -d)2>/dev/null)"; exit;' && gpg -c<$S|cat >$C <(echo $H|sed s://:$(echo "$H"|wc -c):) - <(chmod +x $C)
    rodolfoap · 2013-03-10 08:59:45 9
  • If you have lots of remote hosts sitting "behind" an ssh proxy host, then there is a special-case use of "rsynch" that allows one to easily copy directories and files across the ssh proxy host, without having to do two explicit copies: the '-e' option allows for a replacement "rsh" command. We use this option to specify an "ssh" tunnel command, with the '-A' option that causes authentication agent requests to be forwarded back to the local host. If you have ssh set up correctly, the above command can be done without any passwords being entered.


    5
    rsync -avz -e 'ssh -A sshproxy ssh' srcdir remhost:dest/path/
    totoro · 2009-03-25 21:29:07 4
  • (Please see sample output for usage) script.bash is your script, which will be crypted to script.secure script.bash --> script.secure You can execute script.secure only if you know the password. If you die, your script dies with you. If you modify the startup line, be careful with the offset calculation of the crypted block (the XX string). Not difficult to make script editable (an offset-dd piped to a gpg -d piped to a vim - piped to a gpg -c directed to script.new ), but not enough space to do it on a one liner. Show Sample Output


    5
    echo "eval \"\$(dd if=\$0 bs=1 skip=XX 2>/dev/null|gpg -d 2>/dev/null)\"; exit" > script.secure; sed -i s:XX:$(stat -c%s script.secure): script.secure; gpg -c < script.bash >> script.secure; chmod +x script.secure
    rodolfoap · 2013-03-09 11:16:48 5
  • Copy a URL (or Thai text, or whatever) and hit the keyboard shortcut for this fu to display it as a QR code. It's an "air gapped" way to send stuff to your phone [unlike google chart API etc.] as long as you watch out for cameras ;). dependencies [sudo apt-get install]: qrencode xclip xloadimage


    1
    xclip -o -sel clipboard | qrencode -o - | xview stdin
    thedod · 2013-11-13 03:34:08 0
  • From time to time one forgets either thier gpg key or other passphrases. This can be very problematic in most cases. But luckily there's this script. Its based off of pwsafe which is a unix commandline program that manages encrypted password databases. For more info on pwsafe visit, http://nsd.dyndns.org/pwsafe/. What this script does is it will help you store all your passphrases for later on and allow you to copy it to your clipboard so you can just paste it in, all with one password. Pretty neat no? You can find future releases of this and many more scripts at The Teachings of Master Denzuko - denzuko.wordpress.com. Show Sample Output


    0
    pwsafe -qa "gpg keys"."$(finger `whoami` | grep Name | awk '{ print $4" "$5 }')"
    denzuko · 2009-05-07 14:49:56 0
  • Explination: https://stackoverflow.com/questions/2257441/random-string-generation-with-upper-case-letters-and-digits/23728630#23728630 Why 16 Characters: https://www.wired.com/story/7-steps-to-password-perfection/ Show Sample Output


    -1
    python -c "import string; import random;print(''.join(random.SystemRandom().choice(string.ascii_uppercase + string.digits + string.ascii_lowercase) for _ in range(16)))"
    rootduck · 2019-06-14 17:35:12 2
  • Change :alnum: to :graph: for all printable characters Show Sample Output


    -2
    cat /dev/urandom |tr -c -d '[:alnum:]'|head -c 16;echo
    AndrewM · 2019-06-17 17:51:04 0

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Share Your Commands


Check These Out

Use a var with more text only if it exists
See "Parameter Expansion" in the bash manpage. They refer to this as "Use Alternate Value", but we're including the var in the at alternative.

Serial console to a Vmware VM
Create a serial console with "socket (named pipe)" of "/tmp/socket", "from:server, to:virtual machine" in vmware player, etc.. gui. Run the above command after you have booted the guest OS (which should also be configured for serial console).

find the longest command in your history

open a screenshot of a remote desktop via ssh
standard image viewers do not seem to be able to open a FIFO file. xloadimage was the first one i've stumbled upon that can handle this.

random xkcd comic
i sorta stole this from http://www.shell-fu.org/lister.php?id=878#MTC_form but it didn't work, so here it is, fixed. --- updated to work with jpegs, and to use a fancy positive look behind assertion.

Which processes are listening on a specific port (e.g. port 80)
swap out "80" for your port of interest. Can use port number or named ports e.g. "http"

Google Translate
allow multiword translations

Find usb device
I often use it to find recently added ou removed device, or using find in /dev, or anything similar. Just run the command, plug the device, and wait to see him and only him

Rename duplicates from MusicBrainz Picard
Renames duplicates from MusicBrainz Picard, so you get the latest copy and not a bunch of duplicates.

Delete specific sender in mailq


Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for: