stackoom
  简体   繁体   中英

c# - hiding a password for an SSH connection on a locally-run application

 原文  2017-01-12 10:17:35       c#/ security/ ssh/ passwords

Question

First of I'd like to say thanks to this community that has gotten me as far as I currently am programming in c#. I'm teaching myself as I go and not really doing any formal training so you guys have been a great help.

I'm writing a small application that is intended to make one of the mundane tasks for upgrading a piece of equipment my company sells a bit easier. Typically these devices are not connected to the internet, and we need to remote in to a customer's computer to accomplish the task of connecting to their device over SSH and running some commands once logged in to do the upgrade. I'm hoping to distribute an app to the customer, and an encrypted key (generated on our side) that has information about the options they are upgrading, and the serial number to ensure the key can only be used on their device.

In my app, I'm using SharpSSH to accomplish to initial SSH connection which is working great. However my concern is that the root password on our device is actually a fairly simple one. The devices themselves have rather limited functionality so not much someone could do if they got on it themselves, however if they got on the device they could upgrade theirs and anyone else's device if they so desired.

So my question is, how could I best 'hide' the password in my script so it's not easily searchable by anyone with a decomplier?

Right now the code is simply, 

SshStream ssh = new SshStream(ip, "easytoguessuser", "notsocomplexpassword");

So I'd like to hide the password somewhere, but I can't think of a method that means someone with a decompiler couldn't just open up the exe and look for where the password is, or how I derive it from somtething else...

1 answers

solution1
 0  2017-01-12 10:44:36

Like with real world locks you can't keep someone with the right tools out. You only can make it harder.

This can include:

  • store the password in an encrypted string that is only decrypted shortly before it is used

  • obfuscate the source code so it is harder to determine where the connection is initialized

This wont make it safe, but it hinders the less determined folks.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to run commands by sudo and enter password by ssh .net c# c# - hiding a connection in a .dll How can I create an SSH connection from a C# application? How to run ASP.NET C# web application locally? Store and encrypt a password locally in C# C# - Securely storing a password locally Establish Connection to existing Excel Application and Run an Excel macro C# Hiding information of Application in C# from Disassembler C# Simple SSH Connection And Send Command SSH tunneling a MySQL connection using C#
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM