linux – 来自bash脚本的ssh-add并自动化密码输入
发布时间:2020-12-13 23:53:14 所属栏目:Linux 来源:网络整理
导读:我正在尝试从脚本执行ssh-add(此时不关心安全性). 现在ssh提示密码短语,需要自动化,所以我读了很多东西,比如this,发现了expect. 现在我做以下事情: eval `ssh-agent -s` 脚本tmp.sh定义为: #!/usr/bin/expectspawn ssh-add /root/.ssh/id_rsaexpect "Enter
我正在尝试从脚本执行ssh-add(此时不关心安全性).
现在ssh提示密码短语,需要自动化,所以我读了很多东西,比如this,发现了expect. 现在我做以下事情: eval `ssh-agent -s` 脚本tmp.sh定义为: #!/usr/bin/expect spawn ssh-add /root/.ssh/id_rsa expect "Enter passphrase for /root/.ssh/id_rsa:" send "my_pass" interact ./tmp.sh ssh-add -l 如果ssh-add可行,它会显示类似的内容 4096 SHA256:wlfP / nhVSWXLcljBOen5GSYZXJGgfi / XJWfZeBwqRsM id_rsa(RSA) 但相反,我得到代理没有身份.似乎ssh-agent失去了它的上下文. 我愿意接受其他解决方案来做到这一点. 解决方法
就个人而言,我发现使用期望有点麻烦.以下方法发现
how to make ssh-add read passphrase from a file相当翔实.
因此,如果您的ssh-add版本允许-p参数并且您不担心安全性,那么这应该工作: #!/bin/bash # store a file somewheres with your passphrase. For example's sake # I'll just use $HOME/.myscrt <$HOME/.myscrt ssh-add -p ~/.ssh/id_rsa 现在如果-p不适合你,我发现第二种方法有点巧妙: #!/bin/bash # Same passfile and some minor enhancements from the OP of the linked # solution PASS="$(<$HOME/.myscrt)" # the following is just a one-liner method of making an executable # one-line script echoing the password to STDOUT install -vm700 <(echo "echo $PASS") "$PWD/ps.sh" # then the magic happens. NOTE: your DISPLAY variable should be set # for this method to work (see ssh-add(1)) [[ -z "$DISPLAY" ]] && export DISPLAY=:0 < id_rsa SSH_ASKPASS="$PWD/ps.sh" ssh-add - && shred -n3 -uz $PWD/ps.sh 当我测试脚本时我称之为“j”,见下文: $cd /tmp $ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/me/.ssh/id_rsa): /tmp/id_rsa Enter passphrase (empty for no passphrase): asdfasdf Enter same passphrase again: asdfasdf Your identification has been saved in /tmp/id_rsa. Your public key has been saved in /tmp/id_rsa.pub. The key fingerprint is: ed:1a:ae:c7:ac:47:5e:31:98:8e:18:8f:1c:67:94:6d jimconn@redapt-240 The key's randomart image is: +--[ RSA 2048]----+ | o | | o E | | . . o | | o o o.o | | . O oS .o | | + o o.. | | =... | | .*o | | o=o | +-----------------+ $echo 'asdfasdf' > ~/.myscrt $chmod 0600 ~/.myscrt $ls -altr ~/.myscrt -rw------- 1 me me 9 Feb 16 19:00 /home/me/.myscrt $cat ~/.myscrt asdfasdf $ls -ltr total 12 -rw-r--r-- 1 me me 400 Feb 16 18:59 id_rsa.pub -rw------- 1 me me 1766 Feb 16 18:59 id_rsa -rwx------ 1 me me 151 Feb 16 19:04 j $cat j #!/bin/bash PASS="$(<$HOME/.myscrt)" install -vm700 <(echo "echo $PASS") "$PWD/ps.sh" cat id_rsa | SSH_ASKPASS="$PWD/ps.sh" ssh-add - && shred -n3 -uz $PWD/ps.sh $./j ‘/dev/fd/63’ -> ‘/tmp/so/ps.sh’ Identity added: (stdin) ((stdin)) $ls id_rsa id_rsa.pub j 因此,快速注意这个方法的一件事是列出加载到ssh-agent中的身份只会显示stdin被加载: $ssh-add -D All identities removed. $ssh-add -l 2048 ed:1a:ae:c7:ac:47:5e:31:98:8e:18:8f:1c:67:94:6d (stdin) (RSA) $./j ‘/dev/fd/63’ -> ‘/tmp/so/ps.sh’ Identity added: (stdin) ((stdin)) $ssh-add -l 2048 ed:1a:ae:c7:ac:47:5e:31:98:8e:18:8f:1c:67:94:6d (stdin) (RSA) (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |