sshpass 使Linux可以明文参数输入SSH密码
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了sshpass 使Linux可以明文参数输入SSH密码相关的知识,希望对你有一定的参考价值。
sshpass 使Linux可以明文参数输入SSH密码
这几天配置一台服务器,在某云平台创建云服务器后,生成了巨长、巨复杂的一串密码,在输入几十次密码后,依然是密码错误。这时候就想如果密码是非交互式输入,可以将密码做为参数或从文件输入就太好了。sshpass就是一款密码输入辅助工具,它可以从命令行明文参数、文件或环境变量中指定密码,从而避免交互式密码输入。
1. sshpass安装
首先从以下网址下载sshpass源码:
https://sourceforge.net/projects/sshpass/
下载后解码压,然后进入源码目录:
tar -zxvf sshpass-1.06.tar.gz
cd sshpass-1.06
./configure
make &&make install
详细操作下:
[[email protected]_syslog src]# ls
sshpass_1.06.orig.tar.gz
[[email protected]_syslog src]# tar xf sshpass_1.06.orig.tar.gz
[[email protected]_syslog src]# ls
sshpass-1.06 sshpass_1.06.orig.tar.gz
[[email protected]_syslog src]# cd sshpass-1.06/
[[email protected]_syslog sshpass-1.06]# ls
aclocal.m4 compile configure.ac INSTALL Makefile.am NEWS
AUTHORS config.h.in COPYING install-sh Makefile.in README
ChangeLog configure depcomp main.c missing sshpass.1
[[email protected]_syslog sshpass-1.06]# ./configure
[[email protected]_syslog sshpass-1.06]# make && make install
在Mac系统下,也可以使用brew安装:
brew install sshpass
2. sshpass的参数
sshpass安装后,可以在控制台输入sshpass命令查看所有选项参数:
$ sshpass
Usage: sshpass [-f|-d|-p|-e] [-hV] command parameters
-f filename Take password to use from file
-d number Use number as file descriptor for getting password
-p password Provide password as argument (security unwise)
-e Password is passed as env-var "SSHPASS"
With no parameters - password will be taken from stdin
-P prompt Which string should sshpass search for to detect a password prompt
-v Be verbose about what you‘re doing
-h Show help (this screen)
-V Print version information
At most one of -f, -d, -p or -e should be used
如上所示,command parameters为你要执行的需要交互式输入密码的命令,如:ssh、scp等。当sshpass没有指定参数时会从stdin获取密码,几个密码输入相关参数如下:
-f filename:从文件中获取密码
-d number:使用数字作为获取密码的文件描述符
-p password:指定明文本密码输入(安全性较差)
-e:从环境变量SSHPASS获取密码
3. sshpass的使用
现有一台服务器登录密码是AHDXyjs2012,登陆的IP为172.17.9.200。使用sshpass的几种录方式如下。
1.将密码写入文件,并从文件获取登录密码:
[[email protected]_syslog sshpass-1.06]# sshpass echo "AHDXyjs2012" > user.passwd
[[email protected]_syslog sshpass-1.06]# sshpass -f user.passwd ssh [email protected]
Last login: Wed Dec 7 10:40:13 2016 from 172.17.9.206
2.以明文的方式输入密码:
[[email protected]_syslog sshpass-1.06]# sshpass -p AHDXyjs2012 ssh [email protected]
Last login: Wed Dec 7 11:00:12 2016 from 172.17.9.206
3.从环境变量中获取密码:
[[email protected]_syslog sshpass-1.06]# export SSHPASS="AHDXyjs2012"
[[email protected]_syslog sshpass-1.06]# sshpass -e ssh [email protected]
Last login: Wed Dec 7 11:02:34 2016 from 172.17.9.207
4. 远程执行命令
[[email protected]_syslog sshpass-1.06]# sshpass -p AHDXyjs2012 ssh [email protected] "ifconfig|grep inet"
inet 172.17.9.200 netmask 255.255.255.192 broadcast 172.17.9.255
inet6 fe80::250:56ff:feb0:710e prefixlen 64 scopeid 0x20<link>
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
inet 172.17.9.208 netmask 255.255.255.255
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
5. 远程执行脚本
n 远端的新建脚本
[[email protected]_tomcat ~]# ll /opt/test.sh
-rw-r--r--. 1 root root 61 Dec 7 11:18 /opt/test.sh
[[email protected]_tomcat ~]# cat /opt/test.sh
#!/bin/bash
echo "this test for remote"
ifconfig | grep inet
n 本地端执行远端程序
[[email protected]_syslog sshpass-1.06]# sshpass -p AHDXyjs2012 ssh [email protected] "sh /opt/test.sh"
this test for remote
inet 172.17.9.200 netmask 255.255.255.192 broadcast 172.17.9.255
inet6 fe80::250:56ff:feb0:710e prefixlen 64 scopeid 0x20<link>
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
inet 172.17.9.208 netmask 255.255.255.255
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
此时说明,已经执行了远端程序。
4. Sshpass 软件包
以上是关于sshpass 使Linux可以明文参数输入SSH密码的主要内容,如果未能解决你的问题,请参考以下文章