1、sshpass:
使用场景:
ssh登陆不能在命令行中指定密码,sshpass 的出现,解决了这一问题,用于非交互的ssh 密码验证 它支持密码从命令行,文件,环境变量中读取。
安装
计算
安全
数据库
网络和加速
企业服务
[root@node6 ~]# yum install sshpass -y
已安装:
sshpass.x86_64 0:1.05-1.el6
完毕!
[root@node6 ~]#参数:
[root@node6 ~]#
[root@node6 ~]# sshpass --help
sshpass: invalid option -- '-'
Usage: sshpass [-f|-d|-p|-e] [-hV] command parameters
-f filename Take password to use from file
-d number Use number as file descriptor for getting password
-p password Provide password as argument (security unwise)
-e Password is passed as env-var "SSHPASS"
With no parameters - password will be taken from stdin
-h Show help (this screen)
-V Print version information
At most one of -f, -d, -p or -e should be used
#这里sshpass支持三种模式,密码,文件,环境变量案例:
简单模式:(修改端口,主机互信)
[root@node3 ~]# ssh root@192.168.1.221 -p21386 'ls'
Address 192.168.1.221 maps to localhost, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
root@192.168.1.221's password:
node2
RPM-GPG-KEY-EPEL-6
[root@node3 ~]#
#命令行下:
[root@node3 ~]# sshpass -prenzhiyuan ssh root@192.168.1.221 -p21386 'ls'
Address 192.168.1.221 maps to localhost, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
node2
RPM-GPG-KEY-EPEL-6
[root@node3 ~]#
#文件模式:
[root@node3 ~]# cat renzhiyuan
renzhiyuan
[root@node3 ~]# sshpass -f renzhiyuan ssh root@192.168.1.221 -p21386 'ls'
Address 192.168.1.221 maps to localhost, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
node2
RPM-GPG-KEY-EPEL-6
[root@node3 ~]#
#环境变量里面
[root@node3 ~]# cat /etc/profile.d/renzhiyuan.sh
export SSHPASS="renzhiyuan"
sshpass -e ssh root@192.168.1.221 -p21386 'ls'
[root@node3 ~]#
[root@node3 ~]# /etc/profile.d/renzhiyuan.sh
Address 192.168.1.221 maps to localhost, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
node2
RPM-GPG-KEY-EPEL-6
[root@node3 ~]#2、expect:
使用场景:
通过Shell可以实现简单的控制流功能,如:循环、判断等。但是对于需要交互的场合则必须通过人工来干预,有时候我们可能会需要实现和交互程序如telnet服务器等进行交互的功能。
而expect是一个免费的编程工具语言,用来实现自动和交互式任务进行通信,而无需人的干预。
[root@node6 ~]# yum install expect -y
已安装:
expect.x86_64 0:5.44.1.15-5.el6_4
作为依赖被安装:
tcl.x86_64 1:8.5.7-6.el6
完毕!
[root@node6 ~]#案例:
2.1)ssh实现自动登录,并停在登录服务器上
yum install expect -y
[root@node3 ~]# cat ssh.sh
#!/usr/bin/expect -f
set ip [lindex $argv 0 ]
set password [lindex $argv 1 ]
set timeout 20
spawn ssh -p21386 root@$ip
expect {
"*yes/no" { send "yes\r"; exp_continue }
"*password:" { send "$password\r" }
}
interact
[root@node3 ~]# ./ssh.sh 192.168.1.221 renzhiyuan
spawn ssh -p21386 root@192.168.1.221
Address 192.168.1.221 maps to localhost, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
root@192.168.1.221's password:
Last login: Wed Dec 7 16:43:27 2016 from 192.168.1.217
[root@node3 ~]#
#!/usr/bin/expect -f
set ip [lindex $argv 0 ] //接收第一个参数,并设置IP
set password [lindex $argv 1 ] //接收第二个参数,并设置密码
set timeout 10 //设置超时时间
spawn ssh root@$ip //发送ssh请滶
expect { //返回信息匹配
"*yes/no" { send "yes\r"; exp_continue} //第一次ssh连接会提示yes/no,继续
"*password:" { send "$password\r" } //出现密码提示,发送密码
}
interact //交互模式,用户会停留在远程服务器上面.
2、2)根据IP和密码连接到不同的机器.
[root@node3 ~]# ./ssh.sh
spawn ssh -p21386 root@192.168.1.221
Address 192.168.1.221 maps to localhost, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
root@192.168.1.221's password:
Last login: Wed Dec 7 16:43:56 2016 from 192.168.1.217
[root@node3 ~]#
2.3)远程登录到服务器,并且执行命令,执行完后并退出
[root@node3 ~]# ./ssh.sh
spawn ssh -p21386 root@192.168.1.221
Address 192.168.1.221 maps to localhost, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
root@192.168.1.221's password:
Last login: Wed Dec 7 16:45:33 2016 from 192.168.1.217
[root@HYXD ~]# pwd
/root
[root@HYXD ~]# exit
logout
Connection to 192.168.1.221 closed.
[root@node3 ~]#3、问题:(能力有限,至今寻求帮助和研究都没出来)
如果做的是有密码的ssh互信,如何利用sshpass或者except解决密钥密码交互式问题?
3.1)#sshpass -p '密码' ssh -p21345 -i renzhiyuan 用户@ip (不可取)
2.2)except脚本居然没能越过ssh密钥的密码。
欢迎大家各抒己见,互相学习进步。
亿速云「云服务器」,即开即用、新一代英特尔至强铂金CPU、三副本存储NVMe SSD云盘,价格低至29元/月。点击查看>>
免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。
