Month: March 2015

Securing passwords using oracle wallet

Hardcoding passwords is not a good idea; I have hardcoding my passwords in a lot of my scripts these days and i was asked to share a few scripts with another guy in my team. He has his own db accounts and i was asked to give him execute access to some of my scripts.

I was not confortable sharing my password because the scripts were doing some serious DB operations and I was looking for an option which will have minimal changes to my scripts. After going through the oracle documenation i realized that i can use oracle wallet and changed my scripts to use the wallet entries instead of hardcoding the usernames and passwords.

Now, the script stays the same but myself and my colleage have different wallets set up and oracle picks up the account details from the respective wallets depending upon who is running the script.

This is how we can setup an oracle wallet to store our passwords.

1. First step is to create the wallet, which can be done by running the following command

$  mkstore -wrl -create
Oracle Secret Store Tool : Version 11.2.0.2.0 – Production
Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.

2. Now store the wallet in the current directory. In my case i’m saving it in my home directory. Oracle asks you to create a password to protect the wallet from any unauthorized access.

$ mkstore -wrl ./wallet -create
Oracle Secret Store Tool : Version 11.2.0.2.0 – Production
Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.

Enter password:
Enter password again:

3. Add database connection (including connetion_string, username and password)

$mkstore -wrl ./wallet -createCredential <ConnectionString> <UserName> <Password>

Oracle Secret Store Tool : Version 11.2.0.2.0 – Production
Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.

Enter wallet password:
Create credential oracle.security.client.connect_string1

4. We can check for the entries in the wallet by using the below given command

$ mkstore -wrl ./wallet -listCredential

Oracle Secret Store Tool : Version 11.2.0.2.0 – Production
Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.

Enter wallet password:
List credential (index: connect_string username)
1: <ConnectionString> <UserNname>

Or delete/Modify the enties in the wallet

$mkstore -wrl ./wallet -modigyCredential <db_connection_string> <username> <password>
$mkstore -wrl ./wallet -deleteCredential <db_connection_string>

5. Add the following lines to sqlnet.ora which is saved under TNS_ADMIN directory

 WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA = (DIRECTORY = <path of the wallet file>)))

SQLNET.WALLET_OVERRIDE = TRUE

6. Now you can login to the server as

$sqlplus /@<ConnectionString>

 

 

Advertisements

Configuring SSH with putty

Recently i joined a project where i had to access multiple servers. We had almost 20 linux boxes which include Development, QA and production databases. I had to frequently login and out of these servers and entering the username and password everytime has become a pain. I use PuTTy tool to access these servers and i have the latest version of PuTTy installed in my widows 7 laptop. The laptop was a company issued one and most of the time i connect these servers through LAN or VPN.

Then i realized i can enable SSH authentication on my PuTTy and to make that work i had to make a few changes on my laptop and remote machines i wanted to login. Here are the steps to enable SSH authentication from my laptop to remote linux servers.

1. At first i had to install PuTTy on my laptop. PuTTy installation for windows can be dowloaded from Putty website, http://www.putty.org/

putty1

2. Once you downloaded the windows installer, double click on it and install the software.

putty2

3. Click on run and start the installation and specify where you want to install the software. I chose the defalut location, which is C:\Program Files (x86)\PuTTY.

putty3

4.  You can opt for a start menu folder as well.

putty5

5.  Create shortcuts/quick menu items if you want.

putty6

6.  Complete the installation by clicking on Finish.

putty7

7. Now you have putty installed on your machine and ready to use.

8. SSH works on puplic key encrtyption and we have to create a public key and a private key. This can be done by using the puttygen.exe tool. For this first navigae to the putty installation folder and for me it is C:\Program Files (x86)\PuTTY.

9. Open puttygen.exe

putty8

10. click on generate button and move your mouse on the designated area to generate random key.

putty9-1

11. At the top of the screen we can see the public key which can be copied to all the servers we want to login. We can use save private key and save it to the local computer somewhere others don’t have access. I kept it in my documents folder so that noone else can access.

putty10

12. Puttygen asks for a passphrase to protect the private key, I didn’t give any because I’m planning to use it in my company laptop which no one else has access.

putty11

13. Once you are done with that , you can save the private key in a secure location.

putty12

14. Now we have the public and private keys and we have to deploy the pucblic key on all the remote hosts. for that open the putty tool and enter the host details. Please make sure you enter your hostname as username@hostname to prevent putty from asking your user id every time.

putty13

15. Once you are done with your host details and saved the details, go to the SSH menu on the left side and then click on Auth sub menu. In the Auth window we have an option to select the private key and select the private key we just saved. Dont forget to go back to the sessions menu and save again.

putty14

16. Now we have to configure the remote server to accept our connection. For that, login to the remote server and run the following commands in your home directory.

$ mkdir .ssh

$ chmod 700 .ssh

$ cd .ssh

$ touch authorized_keys

$ chmod 700 authorized_keys

then open the authorized_keys in vi editor,

vi authorized_keys

Once youy are in the vi screen press ‘o’ (small oh) and then paste the contents of the public key. The press escape and then ‘:wq’ to save the contents.

putty16

17. Now you can exit from the remote connections and open the putty again. Load the connections and click on open. “Whola” you can login without a password and you have a secure login.