1、sshpass:
使用场景:
ssh登陆不能在命令行中指定密码,sshpass 的出现,解决了这一问题,用于非交互的ssh 密码验证 它支持密码从命令行,文件,环境变量中读取。
安装
[[email protected] ~]# yum install sshpass -y 已安装: sshpass.x86_64 0:1.05-1.el6 完毕! [[email protected] ~]#
参数:
[[email protected] ~]# [[email protected] ~]# sshpass --help sshpass: invalid option -- ‘-‘ Usage: sshpass [-f|-d|-p|-e] [-hV] command parameters -f filename Take password to use from file -d number Use number as file descriptor for getting password -p password Provide password as argument (security unwise) -e Password is passed as env-var "SSHPASS" With no parameters - password will be taken from stdin -h Show help (this screen) -V Print version information At most one of -f, -d, -p or -e should be used #这里sshpass支持三种模式,密码,文件,环境变量
案例:
简单模式:(修改端口,主机互信) [[email protected] ~]# ssh [email protected] -p21386 ‘ls‘ Address 192.168.1.221 maps to localhost, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! [email protected]‘s password: node2 RPM-GPG-KEY-EPEL-6 [[email protected] ~]# #命令行下: [[email protected] ~]# sshpass -prenzhiyuan ssh [email protected] -p21386 ‘ls‘ Address 192.168.1.221 maps to localhost, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! node2 RPM-GPG-KEY-EPEL-6 [[email protected] ~]# #文件模式: [[email protected] ~]# cat renzhiyuan renzhiyuan [[email protected] ~]# sshpass -f renzhiyuan ssh [email protected] -p21386 ‘ls‘ Address 192.168.1.221 maps to localhost, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! node2 RPM-GPG-KEY-EPEL-6 [[email protected] ~]# #环境变量里面 [[email protected] ~]# cat /etc/profile.d/renzhiyuan.sh export SSHPASS="renzhiyuan" sshpass -e ssh [email protected] -p21386 ‘ls‘ [[email protected] ~]# [[email protected] ~]# /etc/profile.d/renzhiyuan.sh Address 192.168.1.221 maps to localhost, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! node2 RPM-GPG-KEY-EPEL-6 [[email protected] ~]#
2、expect:
使用场景:
通过Shell可以实现简单的控制流功能,如:循环、判断等。但是对于需要交互的场合则必须通过人工来干预,有时候我们可能会需要实现和交互程序如telnet服务器等进行交互的功能。
而expect是一个免费的编程工具语言,用来实现自动和交互式任务进行通信,而无需人的干预。
[[email protected] ~]# yum install expect -y 已安装: expect.x86_64 0:5.44.1.15-5.el6_4 作为依赖被安装: tcl.x86_64 1:8.5.7-6.el6 完毕! [[email protected] ~]#
案例:
2.1)ssh实现自动登录,并停在登录服务器上
yum install expect -y
[[email protected] ~]# cat ssh.sh
#!/usr/bin/expect -f
set ip [lindex $argv 0 ]
set password [lindex $argv 1 ]
set timeout 20
spawn ssh -p21386 [email protected]$ip
expect {
"*yes/no" { send "yes\r"; exp_continue }
"*password:" { send "$password\r" }
}
interact
[[email protected] ~]# ./ssh.sh 192.168.1.221 renzhiyuan
spawn ssh -p21386 [email protected]
Address 192.168.1.221 maps to localhost, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
[email protected]‘s password:
Last login: Wed Dec 7 16:43:27 2016 from 192.168.1.217
[[email protected] ~]#
#!/usr/bin/expect -f
set ip [lindex $argv 0 ] //接收第一个参数,并设置IP
set password [lindex $argv 1 ] //接收第二个参数,并设置密码
set timeout 10 //设置超时时间
spawn ssh [email protected]$ip //发送ssh请滶
expect { //返回信息匹配
"*yes/no" { send "yes\r"; exp_continue} //第一次ssh连接会提示yes/no,继续
"*password:" { send "$password\r" } //出现密码提示,发送密码
}
interact //交互模式,用户会停留在远程服务器上面.
2、2)根据IP和密码连接到不同的机器.
[[email protected] ~]# ./ssh.sh
spawn ssh -p21386 [email protected]
Address 192.168.1.221 maps to localhost, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
[email protected]‘s password:
Last login: Wed Dec 7 16:43:56 2016 from 192.168.1.217
[[email protected] ~]#
2.3)远程登录到服务器,并且执行命令,执行完后并退出
[[email protected] ~]# ./ssh.sh
spawn ssh -p21386 [email protected]
Address 192.168.1.221 maps to localhost, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
[email protected]‘s password:
Last login: Wed Dec 7 16:45:33 2016 from 192.168.1.217
[[email protected] ~]# pwd
/root
[[email protected] ~]# exit
logout
Connection to 192.168.1.221 closed.
[[email protected] ~]#
3、问题:(能力有限,至今寻求帮助和研究都没出来)
如果做的是有密码的ssh互信,如何利用sshpass或者except解决密钥密码交互式问题?
3.1)#sshpass -p ‘密码‘ ssh -p21345 -i renzhiyuan 用户@ip (不可取)
2.2)except脚本居然没能越过ssh密钥的密码。
欢迎大家各抒己见,互相学习进步。
时间: 2024-12-13 09:41:57