• Forum has been upgraded, all links, images, etc are as they were. Please see Official Announcements for more information

How to hide a password passed from command line history?

list of passphrase related command.
Code:
encryptwallet <passphrase>
masternode list|count|current> passphrase
walletpassphrase <passphrase> <timeout>
walletpassphrasechange <oldpassphrase> <newpassphrase>

I think running a Masternode on a linux(only run ssh, darkcoind, and ntp) is more safe/secure than GUI Desktop environment.

Many linux security guides dosen't mention command line history.

https://www.sans.org/score/checklists/linuxchecklist.pdf
http://cisofy.com/checklist/linux-security/
http://www.bartbania.com/index.php/security-checklist-for-linux-system/
http://www.tecmint.com/linux-server-hardening-security-tips/
https://wikis.utexas.edu/display/ISO/Redhat+Linux+Hardening+Checklist
http://its.virginia.edu/unixsys/sec/

After a system is compromised, command line history is matter.

Personally, I do 'ln -sf /dev/null .bash_history'
 
This small script will keep the password out of the history, however if someone managed to compromise your server and is on it when you start the master node he will be able to see the password anyway in the output of 'ps'

https://gist.github.com/Scriptiee/ab87a739cc6eff4ac516

This is an example of unlocking the wallet, just replace the command there with the command for starting master node,
 
I've been asking this over here
http://serverfault.com/q/592744/116529

But to give this back to the darkcoin developers, wouldnt it be better to get prompted for a passphrase instead of entering the passphrase at the commandline directly?

Having a password prompt would of course be the best solution, but for now you can easily start your daemon with
"darkcoind masternode start <mypassword>; history -c"

(history -c deletes the history in a system compliant way, no matter where it is persisted).
 
Having a password prompt would of course be the best solution, but for now you can easily start your daemon with
"darkcoind masternode start <mypassword>; history -c"

(history -c deletes the history in a system compliant way, no matter where it is persisted).
history -c is indeed good in most cases, but you still see the password in proc and ps.
This C code is pretty good, its a wrapper for darkcoind which prompts the password. http://serverfault.com/a/592941/116529
It would be really good if such thing would be included in darkcoind.
 
But doesn't your masternode need your wallet for mixing, i.e you now need two machines on all the time? I don't have a home machine I can keep on 24/7.
Yes, from what I have read you need both on at the same time 24/7. I got a second VPS for the other node. A tiny VPS is cheap especially compared to losing 1,000 DRK.
 
history -c is indeed good in most cases, but you still see the password in proc and ps.
This C code is pretty good, its a wrapper for darkcoind which prompts the password. http://serverfault.com/a/592941/116529
It would be really good if such thing would be included in darkcoind.

I can't test right now whether a ps would show the command line with the password, but for the history issue itself a simple shell script would work as well:

Code:
#!/bin/sh

read -p "Enter password to start darkcoind: " yourpwd

command="darkcoind masternode start $yourpwd"

After that $command contains everything to start darkcoind.
 
Last edited by a moderator:
I can't test right now whether a ps would show the command line with the password, but for the history issue itself a simple shell script would work as well:

Code:
#!/bin/sh

read -p "Enter password to start darkcoind: " yourpwd

command="darkcoind masternode start $yourpwd"

After that $command contains everything to start darkcoind.
read just pipes the password to the command line, still no solution.
 
read just pipes the password to the command line, still no solution.

Then I'm afraid I didn't understand your problem at all :what:

read -p reads your input from stdin until your press enter -> password is in the local variable $yourpwd -> nothing in history
$command holds your command including your password as string, if your add the line
$command
to the script it gets executed -> nothing in history
 
If your node is compromized, the bash history is not the only problem. Some intruder still can read ps or /proc.
read -p hides the password from bash history but not from the others.
 
If your node is compromized, the bash history is not the only problem. Some intruder still can read ps or /proc.
read -p hides the password from bash history but not from the others.
Quote from the link in your original post:
vertoe said:
So passing the commands with the passphrase does not show up in ps or /proc at all.

Yes, YOU wrote that :smile:
 
Back
Top