Fatal编程技术网
  • ssh/
  • 如何隐藏ssh预期用户/密码

如何隐藏ssh预期用户/密码

ssh

如何隐藏ssh预期用户/密码,ssh,expect,Ssh,Expect,我的Expect脚本以明文显示密码/用户,我想将其隐藏 #!/usr/local/bin/expect ########################################################################################### ############ # Input: It will handle two arguments -> a device and a show command. #################

我的Expect脚本以明文显示密码/用户,我想将其隐藏

#!/usr/local/bin/expect
###########################################################################################    ############
# Input: It will handle two arguments -> a device and a show command.
###########################################################################################    ############
# ######### Start of Script ######################
# #### Set up Timeouts - Debugging Variables
log_user 0
set timeout 10
set userid  "USER"
set password  "PASS"
# ############## Get two arguments - (1) Device (2) Command to be executed
set device  [lindex $argv 0] 
set command [lindex $argv 1]
spawn /usr/local/bin/ssh -l $userid $device
match_max [expr 32 * 1024]
expect {
    -re "RSA key fingerprint" {send "yes\r"}
    timeout {puts "Host is known"}
}
expect {
    -re "username: " {send "$userid\r"} 
    -re "(P|p)assword: " {send "$password\r"}
     -re "Warning:" {send "$password\r"}
    -re "Connection refused" {puts "Host error -> $expect_out(buffer)";exit}
    -re "Connection closed"  {puts "Host error -> $expect_out(buffer)";exit}
   -re "no address.*" {puts "Host error -> $expect_out(buffer)";exit}
    timeout {puts "Timeout error. Is device down or unreachable?? ssh_expect";exit}
}
expect {
   -re "\[#>]$" {send "term len 0\r"}
   timeout {puts "Error reading prompt -> $expect_out(buffer)";exit}
}
expect {
   -re "\[#>]$" {send "$command\r"}
   timeout {puts "Error reading prompt -> $expect_out(buffer)";exit}
}
expect -re "\[#>]$"
set output $expect_out(buffer)
send "exit\r"
puts "$output\r\n"
任何脚本语言都存在同样的问题。如果脚本不知道密码,则无法键入密码。。。最简单的解决方案是使用无密码ssh,使用密钥。。。并添加
-OUseBatchMode=Yes
,这样,如果您的密钥出现问题,ssh将立即失败(您可以验证退出代码),而不仅仅是返回到密码模式并挂起(当您以交互方式运行时)

看看Glenn的答案:

我试着做同样的事情,发现这很有用。

下面是提示输入用户名和密码的expect代码:

send_user "Username?\ "
expect_user -re "(.*)\n"
set user $expect_out(1,string)

send_user "password?\ "
stty -echo
expect_user -re "(.*)\n"
stty echo
set password $expect_out(1,string)
或者,如果您需要多次运行,并且不希望每次都重新输入密码,则您可以将密码存储在主目录中具有受限权限(0400)的文件中,并从中读取密码。然后在不再需要时删除密码文件。

通过expect发送密码时,如果执行“ps”,则可以使用密码查看整个命令。为了避免这种情况,可以从另一个bash脚本调用expect脚本,该脚本以大约500个字符的随机字符串发送,然后调用密码。然后在expect脚本上,您可以将password作为$1变量调用

Bash脚本示例:

#!/bin/bash
串="6E2884F8BF8418BacA224472C5D8206E2884F8BF8418BacA224472C5D8206E2884F8BF8418BacA224472C5D8206E2884F8BF8418BacA224472C5D8206E2884E2884F8BF8418BacA224472C5D8206E2884F8BF8418BacA224472C5D8206E2884D8206E2884BF8418BacA224472CA2247D8206BacA2247BF846BcA2472CA2247D8206BacA2247BcA2845BcA2247D8205BcA2247D886BcA2247D8205BcA2247BcA2845D886BcA2242CA2848D886BcA2247Bc247D886BcA2247D8205BcA2282828282888D8206E2884F8BF8418BAC1CA24472C5D8206E2884F8BF8418BAC1CA24472C5D8206E2884F8BF8418BAC1CA24472C5D8206E2884F8BF8418BAC1CA24472C5D8206E2884F8BF8418BAC1CA24472C5D820“

./expectscript$string“MySuperSecretPassword”

和脚本示例:

#!/usr/bin/expect-f
设置超时20
设置字符串[lindex$argv 0]
设置密码[lindex$argv 1]
“生成ssh”user@192.168.1.1“
期待“assword”
发送“$password\r”

希望这能解决您的问题。

如果能介绍一下如何解决这个问题,那会很有用。谢谢。添加了说明和辅助解决方案。