Linux命令:sshpass
sshpass介绍
sshpass是一款凡是为凡是使用ssl方式访问的操作提供一个免输入密码的非交互式操作,以便于在脚本中执行ssl操作,如ssh,scp等。sshpass是一家以色列公司Lingnu开发的,由于软件还处于初期,bug还是很有可能出现的。所以使用这个软件时要慎重。
sshpass安装
源码安装
curl -O -L http://downloads.sourceforge.net/project/sshpass/sshpass/1.06/sshpass-1.06.tar.gz && tar xvzf sshpass-1.06.tar.gz && cd sshpass-1.06 && ./configure && make && sudo make install
自己安装软件包
rpm -ivh $BaseDir/tools/sshpass/sshpass-1.06-.el6.x86_64.rpm
自动安装软件包
# yum -y install sshpass
sshpass用法
sshpass [-ffilename|-dnum|-ppassword|-e] [options] command arguments
-p 直接在命令行给出密码
sshpass -p '123' ssh root@192.168.1.1 'ls -l'
-f 文件首行给出密码。
sshpass -f file.txt ssh root@192.168.1.1 'ls -l'
-e 由环境变量SSHPASS给出密码。
export SSHPASS='123'
sshpass -e ssh root@192.168.1.1 'ls -l'
-d 由文件描述符给出密码。
sshpass -d 51671 ssh root@192.168.1.1 'ls -l'
对于ssh的第一次登陆,会提示:“Are you sure you want to continue connecting (yes/no)”,这时用sshpass会不好使,可以在ssh命令后面加上 -o StrictHostKeyChecking=no来解决。比如说上面的命令,就可以写作ssh -p efghi scp abc@192.168.0.5:/home/xxx/test /root -o StrictHostKeyChecking=no。
sshpass帮助
Usage: sshpass [-f|-d|-p|-e] [-hV] command parameters
-f filename Take password to use from file
-d number Use number as file descriptor for getting password
-p password Provide password as argument (security unwise)
-e Password is passed as env-var "SSHPASS"
With no parameters - password will be taken from stdin -P prompt Which string should sshpass search for to detect a password prompt
-v Be verbose about what you're doing
-h Show help (this screen)
-V Print version information
At most one of -f, -d, -p or -e should be used
SSHPASS(1) Sshpass User Manual SSHPASS(1) NAME
sshpass - noninteractive ssh password provider SYNOPSIS
sshpass [-ffilename|-dnum|-ppassword|-e] [options] command arguments DESCRIPTION
This manual page documents the sshpass command. sshpass is a utility designed for running ssh using the mode referred to as "keyboard-interactive" password authentication, but in non-interactive mode. ssh uses direct TTY access to make sure that the password is indeed issued by an interactive keyboard user. Sshpass runs ssh in a dedicated tty, fooling it into thinking it is
getting the password from an interactive user. The command to run is specified after sshpass' own options. Typically it will be "ssh" with arguments, but it can just as well be any other command. The password prompt used by
ssh is, however, currently hardcoded into sshpass. Options
If no option is given, sshpass reads the password from the standard input. The user may give at most one alternative source for the password: -ppassword
The password is given on the command line. Please note the section titled "SECURITY CONSIDERATIONS". -ffilename
The password is the first line of the file filename. -dnumber
number is a file descriptor inherited by sshpass from the runner. The password is read from the open file descriptor. -e The password is taken from the environment variable "SSHPASS". -P Set the password prompt. Sshpass searched for this prompt in the program's output to the TTY as an indication when to send the password. By default sshpass looks for the
string "password:" (which matches both "Password:" and "password:"). If your client's prompt does not fall under either of these, you can override the default with this
option. -v Be verbose. sshpass will output to stderr information that should help debug cases where the connection hangs, seemingly for no good reason. SECURITY CONSIDERATIONS
First and foremost, users of sshpass should realize that ssh's insistance on only getting the password interactively is not without reason. It is close to impossible to
securely store the password, and users of sshpass should consider whether ssh's public key authentication provides the same end-user experience, while involving less hassle and
being more secure. The -p option should be considered the least secure of all of sshpass's options. All system users can see the password in the command line with a simple "ps" command. Sshpass
makes a minimal attempt to hide the password, but such attempts are doomed to create race conditions without actually solving the problem. Users of sshpass are encouraged to
use one of the other password passing techniques, which are all more secure. In particular, people writing programs that are meant to communicate the password programatically are encouraged to use an anonymous pipe and pass the pipe's reading end to
sshpass using the -d option. RETURN VALUES
As with any other program, sshpass returns 0 on success. In case of failure, the following return codes are used: 1 Invalid command line argument 2 Conflicting arguments given 3 General runtime error 4 Unrecognized response from ssh (parse error) 5 Invalid/incorrect password 6 Host public key is unknown. sshpass exits without confirming the new key. In addition, ssh might be complaining about a man in the middle attack. This complaint does not go to the tty. In other words, even with sshpass, the error message from ssh is
printed to standard error. In such a case ssh's return code is reported back. This is typically an unimaginative (and non-informative) "255" for all error cases. EXAMPLES
Run rsync over SSH using password authentication, passing the password on the command line: rsync --rsh='sshpass -p 12345 ssh -l test' host.example.com:path . To do the same from a bourne shell script in a marginally less exposed way: SSHPASS=12345 rsync --rsh='sshpass -e ssh -l test' host.example.com:path . BUGS
Sshpass is in its infancy at the moment. As such, bugs are highly possible. In particular, if the password is read from stdin (no password option at all), it is possible that
some of the input aimed to be passed to ssh will be read by sshpass and lost. Sshpass utilizes the pty(7) interface to control the TTY for ssh. This interface, at least on Linux, has a misfeature where if no slave file descriptors are open, the master
pty returns EIO. This is the normal behavior, except a slave pty may be born at any point by a program opening /dev/tty. This makes it impossible to reliably wait for events
without consuming 100% of the CPU. Over the various versions different approaches were attempted at solving this problem. Any given version of sshpass is released with the belief that it is working, but experi‐
ence has shown that these things do, occasionally, break. This happened with OpenSSH version 5.6. As of this writing, it is believed that sshpass is, again, working properly. Lingnu Open Source Consulting April 25, 2015 SSHPASS(1)
Linux命令:sshpass的更多相关文章
- 终端-Linux命令之非交互SSH密码验证-Sshpass
Sshpass是使用SSH所谓的"交互式键盘密码身份验证"以非交互方式执行密码身份验证的工具 通俗来说就是 使用ssh密码登录 是需要在连接时手动输入密码的,没办法明文连接,如下图 ...
- 批量执行(Linux命令,上传/下载文件)
前言: 每个公司的网络环境大都划分 办公网络.线上网络,之所以划分的主要原因是为了保证线上操作安全: 对于外部用户而言也只能访问线上网络的特定开放端口,那么是什么控制了用户访问线上网络的呢? 防火墙过 ...
- Linux实战教学笔记04:Linux命令基础
第四节:Linux命令基础 标签(空格分隔):Linux实战教学笔记 第1章 认识操作环境 root:当前登陆的用户名 @分隔符 chensiqi:主机名 -:当前路径位置 用户的提示符 1.1 Li ...
- 像黑客一样使用 Linux 命令行
前言 之前在博客园看到一篇介绍 IntelliJ IDEA 配置的文章,它里面用的是 gif 动态图片进行展示,我觉得很不错.所以在我今天以及以后的博文中,我也会尽量使用 gif 动图进行展示.制作 ...
- 11 个很少人知道但很有用的 Linux 命令
Linux命令行吸引了大多数Linux爱好者.一个正常的Linux用户一般掌握大约50-60个命令来处理每日的任务.Linux命令和它们的转换对于Linux用户.Shell脚本程序员和管理员来说是最有 ...
- Linux命令随笔
Linux命令总结 man ==命令帮助; help ==命令的帮助(bash的内置命令); ls ==list,查看目录列表; -ld:查看目录权限; -l:(long)长格式显示属性; -F:给不 ...
- linux命令在线手册
下面几个网址有一些 Linux命令的在线手册,而且还是中文的,还可以搜索.非常方便 Linux命令手册 Linux命令大全 Linux中文man在线手册 每日一linux命令
- 常用的一些linux命令
最近接触到一些linux环境部署的事情,下面分享一些最近使用的比较频繁的一些linux命令~ 1.一次性移动多个文件到一个文件夹里 mv 被移动文件名 -t 目标文件夹 如:mv a.txt b.t ...
- 测试或运维工作过程中最常用的几个linux命令?
大家在测试工作过程中,可能会遇到需要你去服务器修改一些配置文件,譬如说某个字段的值是1 则关联老版本,是0则关联新版本,这时候你可能就需要会下vi的命令操作:或者查看session设置的时长,可能需 ...
随机推荐
- Python:员工信息增删改查
一:需求 homework.txt文件中有如下格式的人员信息: 1,Jack Wang,28,13451024608,HR,2015‐01‐072,Rain Wang,21,13451054608,I ...
- 结合源码分析 bubble 使用注意事项
使用dubbo时候要尽量了解源码,不然会很容易入坑. 一.服务消费端ReferenceConfig需要自行缓存 ReferenceConfig实例是个很重的实例,每个ReferenceConfig实例 ...
- Win10开发环境配置
基本环境变量配置:最近工作电脑固态硬盘损坏了,导致不得不重新装机,从前配置的环境需要重新配置,在此标记. Java环境配置: 添加变量 JAVA_HOME=D:\Program Files\Java\ ...
- HTTP协议的简单解析
超文本传输协议(HTTP,HyperText Transfer Protocol)是用于从服务器传输超文本到本地浏览器的传输协议,是应用最为广泛的网络协议.B/S网络架构的核心是HTTP,掌握HTTP ...
- PHP微信公众号开发之基本配置
(提示:需要有服务器或云虚拟机) 一开始不明白公众号不是可以这样管理吗? 那么为什么用开发平台进行公众号开发,官方文档是这样说的 为了识别用户,每个用户针对每个公众号会产 ...
- gcc 工作流程
gcc常用参数: 1:-v/--version 2:-I :指定头文件包含路径 3:-c :将汇编文件生成一个二级制文件,得到.o文件 4:-o :指定生产的文件名 5:-g :gdb调试的时候需要加 ...
- C# JToken类的使用,实现解析动态json数据、遍历、查找
在原来解析json数据是,一般都是用反序列化来实现json数据的解读,这需要首先知道json数据的结构并且建立相应的类才能反序列化,一旦遇到动态的json数据,这种方法就不使用. 为了解决动态解析js ...
- 安装部署elasticsearch
ELK下载:https://www.elastic.co/downloads/ Beats:负责收集系统数据,可以直接发送到es中,也可以通过logstash中转 logstash:收集日志,为bea ...
- vue项目,npm install后,npm run dev报错问题
报错: ERR! code ELIFECYCLE npm ERR! errno 1 npm ERR! metools@1.0.0 dev: `node build/dev-server.js` npm ...
- 【Jmeter自学】badboy使用(三)
==================================================================================================== ...