Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

Sshpass+expect solves interactive problems

2025-04-01 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)06/01 Report--

1 、 sshpass:

Use the scene:

Ssh login cannot specify a password on the command line. The emergence of sshpass solves this problem. It is used for non-interactive ssh password verification. It supports password reading from command line, files, and environment variables.

Installation

[root@node6 ~] # yum install sshpass-y has been installed: sshpass.x86_64 0lv 1.05-1.el6 over! [root@node6 ~] #

Parameters:

[root@node6 ~] # [root@node6 ~] # sshpass-- helpsshpass: invalid option -'- 'Usage: sshpass [- f |-d |-p |-e] [- hV] command parameters-f filename Take password to use from file-d number Use number as file descriptor for getting password-p password Provide password as argument (security unwise)-e Password is passed as env-var "SSHPASS" With no parameters-password will be taken from stdin-h Show help (this screen)-V Print version informationAt most one of-f -d,-p or-e should be used# here sshpass supports three modes Passwords, files, environment variables

Case study:

Simple mode: (modify port, host trust) [root@node3 ~] # ssh root@192.168.1.221-p21386 'ls'Address 192.168.1.221 maps to localhost But this does not map back to the address-POSSIBLE BREAK-IN ATTEMPT rootstocks 192.168.1.221's password: node2RPM-GPG-KEY-EPEL-6 [root@node3 ~] # under the command line: [root@node3 ~] # sshpass-prenzhiyuan ssh root@192.168.1.221-p21386 'ls'Address 192.168.1.221 maps to localhost But this does not map back to the address-POSSIBLE BREAK-IN ATTEMPTripnode2RPMMoKEYMYMY EPELMUR 6 [root@node3 ~] # file mode: [root@node3 ~] # cat renzhiyuan renzhiyuan [root@node3 ~] # sshpass-f renzhiyuan ssh root@192.168.1.221-p21386 'ls'Address 192.168.1.221 maps to localhost But this does not map back to the address-POSSIBLE BREAK-IN ATTEMPTubnode2RPMMoKEYMYMUE EPELLUT6 [root@node3] # cat / etc/profile.d/renzhiyuan.sh export SSHPASS= "renzhiyuan" sshpass-e ssh root@192.168.1.221-p21386 'ls' [root@node3] # / etc/profile.d/renzhiyuan.sh Address 192.168.1.221 maps to localhost in the environment variable But this does not map back to the address-POSSIBLE BREAK-IN ATTEMPTharmnode2RPMMY GPG Mel KEYMUR EPELLMUR 6 [root@node3 ~] #

2 、 expect:

Use the scene:

Simple control flow functions can be realized through Shell, such as loop, judgment and so on. But for the situations where interaction is needed, we must intervene manually, and sometimes we may need to implement the function of interacting with interactive programs such as telnet server.

Expect is a free programming tool language used to implement automatic and interactive tasks to communicate without human intervention.

[root@node6 ~] # yum install expect-y has been installed: expect.x86_64 0expect.x86_64 5.44.1.15-5.el6_4 installed as a dependency: tcl.x86_64 1rig 8.5.7-6.el6 Over! [root@node6 ~] #

Case study:

2.1) ssh implements automatic login and stops on the login server yum install expect-y [root@node3 ~] # cat ssh.sh #! / usr/bin/expect-f set ip [lindex $argv 0] set password [lindex $argv 1] set timeout 20 spawn ssh-p21386 root@$ipexpect {"* yes/no" {send "yes\ r" Exp_continue} "* password:" {send "$password\ r"} interact [root@node3] #. / ssh.sh 192.168.1.221 renzhiyuanspawn ssh-p21386 root@192.168.1.221Address 192.168.1.221 maps to localhost But this does not map back to the address-POSSIBLE BREAK-IN ATTEMPT rootworthy 192.168.1.221's password: Last login: Wed Dec 7 16:43:27 2016 from 192.168.1.217 [root@node3 ~] #! / usr/bin/expect-f set ip [lindex $argv 0] / / receive the first parameter and set IP set password [lindex $argv 1] / / to receive the second parameter And set password set timeout 10 / / set timeout spawn ssh root@$ip / / send ssh Please send expect {/ / return information matching "* yes/no" {send "yes\ r" Exp_continue} / / the first ssh connection will prompt yes/no, continue with "* password:" {send "$password\ r"} / / password prompt, send password} interact / / interaction mode, the user will stay on the remote server. 2. 2) Connect to different machines according to IP and password. [root@node3 ~] #. / ssh.sh spawn ssh-p21386 root@192.168.1.221Address 192.168.1.221 maps to localhost, but this does not map back to the address-POSSIBLE BREAK-IN ATTEMPTdisabled rootstocks 192.168.1.221 password: Last login: Wed Dec 7 16:43:56 2016 from 192.168.1.217 [root@node3 ~] # 2.3) remotely log in to the server and execute the command After execution and exit [root@node3 ~] # / ssh.sh spawn ssh-p21386 root@192.168.1.221Address 192.168.1.221 maps to localhost, but this does not map back to the address-POSSIBLE BREAK-IN ATTEMPT rootstocks 192.168.1.221 password: Last login: Wed Dec 7 16:45:33 2016 from 192.168.1.217 [root@HYXD ~] # pwd/root [root@HYXD ~] # exitlogoutConnection to 192.168.1.221 closed. [root@node3 ~] #

3. Question: (the ability is limited, so far the help and research have not come out)

If you are doing ssh mutual trust with a password, how to use sshpass or except to solve the problem of key password interaction?

# sshpass-p 'password' ssh-p21345-I renzhiyuan user @ ip (not desirable)

2.2) the except script failed to exceed the password of the ssh key.

You are welcome to express your views and learn from each other.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Network Security

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report