Linux 在 bash 脚本中为 ssh 命令提供密码,无需使用公钥和 Expect
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/16937104/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Provide password to ssh command inside bash script, Without the usage of public keys and Expect
提问by stratis
I want to use SSHinside a script, but this script is not going to be executed on my machine.
我想SSH在脚本中使用,但是这个脚本不会在我的机器上执行。
In my implementation there are two limitations.
在我的实现中有两个限制。
- I can not work outside shell's standards,therefore i can not use
expectbecause i do not know if it will be available on this machine. - I can not expect that this machine will have
public keysfor theSSH.
- 我不能在 shell 的标准之外工作,因此我不能使用,
expect因为我不知道它是否可以在这台机器上使用。 - 我不能指望这台机器会有
public keys用于SSH.
What are the possible options-solutions ?
可能的选项-解决方案是什么?
How can i provide ssh with the requested password with an automated and secure way without adding extra dependencies?
如何在不添加额外依赖项的情况下以自动且安全的方式向 ssh 提供请求的密码?
Will it be possible to provide the password inside the script?
是否可以在脚本中提供密码?
Thank you all in advance :)
谢谢大家 :)
采纳答案by Anders Lindahl
First of all: Don't put secrets in clear textunlessyou know why it is a safe thing to do (i.e. you have assessed what damage can be done by an attacker knowing the secret).
首先:除非您知道为什么这样做是安全的(即您已经评估了知道该秘密的攻击者可以造成什么损害),否则不要将秘密放在明文中。
If you are ok with putting secrets in your script, you could ship an ssh key with it and execute in an ssh-agentshell:
如果您可以将机密放入脚本中,则可以随附一个 ssh 密钥并在ssh-agentshell 中执行:
#!/usr/bin/env ssh-agent /usr/bin/env bash
KEYFILE=`mktemp`
cat << EOF > ${KEYFILE}
-----BEGIN RSA PRIVATE KEY-----
[.......]
EOF
ssh-add ${KEYFILE}
# do your ssh things here...
# Remove the key file.
rm -f ${KEYFILE}
A benefit of using ssh keys is that you can easily use forced commandsto limit what the keyholder can do on the server.
使用 ssh 密钥的一个好处是您可以轻松地使用强制命令来限制密钥持有者可以在服务器上执行的操作。
A more secure approach would be to let the script run ssh-keygen -f ~/.ssh/my-script-keyto create a private key specific for this purpose, but then you would also need a routine for adding the public key to the server.
更安全的方法是让脚本运行ssh-keygen -f ~/.ssh/my-script-key以创建特定于此目的的私钥,但是您还需要一个例程将公钥添加到服务器。
回答by hek2mgl
AFAIK there is no possibility beside from using keys or expect if you are using the command line version ssh. But there are library bindings for the most programming languages like C, python, php, ... . You could write a program in such a language. This way it would be possible to pass the password automatically. But notethis is of course a security problem as the password will be stored in plain text in that program
AFAIK 除了使用密钥之外没有其他可能性,或者如果您使用的是命令行版本ssh。但是对于大多数编程语言(如 C、python、php 等)都有库绑定。你可以用这种语言编写程序。这样就可以自动传递密码。但请注意,这当然是一个安全问题,因为密码将在该程序中以纯文本形式存储
回答by gino pilotino
Install sshpass, then launch the command:
安装 sshpass,然后启动命令:
sshpass -p "yourpassword" ssh -o StrictHostKeyChecking=no yourusername@hostname
回答by anubhava
For security reasons you must avoid providing password on a command line otherwise anyone running ps command can see your password. Better to use sshpassutility like this:
出于安全原因,您必须避免在命令行上提供密码,否则任何运行 ps 命令的人都可以看到您的密码。最好像这样使用sshpass实用程序:
#!/bin/bash
export SSHPASS="your-password"
sshpass -e ssh -oBatchMode=no sshUser@remoteHost
You might be interested in How to run the sftp command with a password from Bash script?
您可能对如何使用 Bash 脚本中的密码运行 sftp 命令感兴趣?
