碼上快樂

相關內容    簡體    繁體

Linux命令:sshpass

本文轉載自   查看原文   2019-03-15 11:31   1046    Linux Command

sshpass介紹

  sshpass是一款凡是為凡是使用ssl方式訪問的操作提供一個免輸入密碼的非交互式操作,以便於在腳本中執行ssl操作,如ssh,scp等。sshpass是一家以色列公司Lingnu開發的,由於軟件還處於初期,bug還是很有可能出現的。所以使用這個軟件時要慎重。

sshpass安裝

源碼安裝

curl -O -L http://downloads.sourceforge.net/project/sshpass/sshpass/1.06/sshpass-1.06.tar.gz && tar xvzf sshpass-1.06.tar.gz && cd sshpass-1.06 && ./configure && make && sudo make install

自己安裝軟件包

rpm -ivh $BaseDir/tools/sshpass/sshpass-1.06-1.el6.x86_64.rpm

自動安裝軟件包

# yum -y install sshpass

 

sshpass用法

sshpass [-ffilename|-dnum|-ppassword|-e] [options] command arguments

-p 直接在命令行給出密碼

sshpass   -p   '123'    ssh   root@192.168.1.1   'ls -l'  

-f 文件首行給出密碼。

sshpass   -f   file.txt    ssh    root@192.168.1.1 'ls -l'   

-e 由環境變量SSHPASS給出密碼。

export     SSHPASS='123'

sshpass   -e   ssh    root@192.168.1.1 'ls -l'   

 -d 由文件描述符給出密碼。

 sshpass   -d 51671   ssh    root@192.168.1.1 'ls -l'   

 

  對於ssh的第一次登陸,會提示:“Are you sure you want to continue connecting (yes/no)”,這時用sshpass會不好使,可以在ssh命令后面加上 -o StrictHostKeyChecking=no來解決。比如說上面的命令,就可以寫作ssh -p efghi scp abc@192.168.0.5:/home/xxx/test /root -o StrictHostKeyChecking=no。

sshpass幫助

Usage: sshpass [-f|-d|-p|-e] [-hV] command parameters
   -f filename   Take password to use from file
   -d number     Use number as file descriptor for getting password
   -p password   Provide password as argument (security unwise)
   -e            Password is passed as env-var "SSHPASS"
   With no parameters - password will be taken from stdin

   -P prompt     Which string should sshpass search for to detect a password prompt
   -v            Be verbose about what you're doing
   -h            Show help (this screen)
   -V            Print version information
At most one of -f, -d, -p or -e should be used
View Code

 

SSHPASS(1)                                                                        Sshpass User Manual                                                                        SSHPASS(1)



NAME
       sshpass - noninteractive ssh password provider

SYNOPSIS
       sshpass [-ffilename|-dnum|-ppassword|-e] [options] command arguments

DESCRIPTION
       This manual page documents the sshpass command.

       sshpass is a utility designed for running ssh using the mode referred to as "keyboard-interactive" password authentication, but in non-interactive mode.

       ssh  uses direct TTY access to make sure that the password is indeed issued by an interactive keyboard user. Sshpass runs ssh in a dedicated tty, fooling it into thinking it is
       getting the password from an interactive user.

       The command to run is specified after sshpass' own options. Typically it will be "ssh" with arguments, but it can just as well be any other command. The password prompt used by
       ssh is, however, currently hardcoded into sshpass.

Options
       If no option is given, sshpass reads the password from the standard input. The user may give at most one alternative source for the password:

       -ppassword
              The password is given on the command line. Please note the section titled "SECURITY CONSIDERATIONS".

       -ffilename
              The password is the first line of the file filename.

       -dnumber
              number is a file descriptor inherited by sshpass from the runner. The password is read from the open file descriptor.

       -e     The password is taken from the environment variable "SSHPASS".

       -P     Set the password prompt. Sshpass searched for this prompt in the program's output to the TTY as an indication when to send the password. By default sshpass looks for the
              string "password:" (which matches both "Password:" and "password:"). If your client's prompt does not fall under either of these, you can override the default  with  this
              option.

       -v     Be verbose. sshpass will output to stderr information that should help debug cases where the connection hangs, seemingly for no good reason.

SECURITY CONSIDERATIONS
       First  and  foremost,  users  of  sshpass  should  realize  that ssh's insistance on only getting the password interactively is not without reason. It is close to impossible to
       securely store the password, and users of sshpass should consider whether ssh's public key authentication provides the same end-user experience, while involving less hassle and
       being more secure.

       The  -p option should be considered the least secure of all of sshpass's options.  All system users can see the password in the command line with a simple "ps" command. Sshpass
       makes a minimal attempt to hide the password, but such attempts are doomed to create race conditions without actually solving the problem. Users of sshpass  are  encouraged  to
       use one of the other password passing techniques, which are all more secure.

       In  particular,  people  writing  programs that are meant to communicate the password programatically are encouraged to use an anonymous pipe and pass the pipe's reading end to
       sshpass using the -d option.

RETURN VALUES
       As with any other program, sshpass returns 0 on success. In case of failure, the following return codes are used:

       1      Invalid command line argument

       2      Conflicting arguments given

       3      General runtime error

       4      Unrecognized response from ssh (parse error)

       5      Invalid/incorrect password

       6      Host public key is unknown. sshpass exits without confirming the new key.

       In addition, ssh might be complaining about a man in the middle attack. This complaint does not go to the tty. In other words, even with sshpass, the error message from ssh  is
       printed to standard error. In such a case ssh's return code is reported back. This is typically an unimaginative (and non-informative) "255" for all error cases.

EXAMPLES
       Run rsync over SSH using password authentication, passing the password on the command line:

       rsync --rsh='sshpass -p 12345 ssh -l test' host.example.com:path .

       To do the same from a bourne shell script in a marginally less exposed way:

       SSHPASS=12345 rsync --rsh='sshpass -e ssh -l test' host.example.com:path .

BUGS
       Sshpass  is  in its infancy at the moment. As such, bugs are highly possible. In particular, if the password is read from stdin (no password option at all), it is possible that
       some of the input aimed to be passed to ssh will be read by sshpass and lost.

       Sshpass utilizes the pty(7) interface to control the TTY for ssh. This interface, at least on Linux, has a misfeature where if no slave file descriptors are  open,  the  master
       pty  returns  EIO.  This is the normal behavior, except a slave pty may be born at any point by a program opening /dev/tty. This makes it impossible to reliably wait for events
       without consuming 100% of the CPU.

       Over the various versions different approaches were attempted at solving this problem.  Any given version of sshpass is released with the belief that it is working, but experi‐
       ence has shown that these things do, occasionally, break. This happened with OpenSSH version 5.6.  As of this writing, it is believed that sshpass is, again, working properly.



Lingnu Open Source Consulting                                                        April 25, 2015                                                                          SSHPASS(1)

  


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 linux之sshpass命令 sshpass-Linux命令之非交互SSH密碼驗證 sshpass命令使用 sshpass 遠程執行命令 sshpass遠程執行命令 sshpass連接主機以及執行命令 airflow dag 運行 遠程調度命令 特如 sshpass [Linux]scp/sshpass:物理主機與虛擬機的文件傳輸 Linux 下方便的ssh非交互工具sshpass的安裝與使用 sshpass 簡介
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM