如何隐藏ssh预期用户/密码
我的Expect脚本以明文显示密码/用户,我想将其隐藏如何隐藏ssh预期用户/密码,ssh,expect,Ssh,Expect,我的Expect脚本以明文显示密码/用户,我想将其隐藏 #!/usr/local/bin/expect ########################################################################################### ############ # Input: It will handle two arguments -> a device and a show command. #################
#!/usr/local/bin/expect
########################################################################################### ############
# Input: It will handle two arguments -> a device and a show command.
########################################################################################### ############
# ######### Start of Script ######################
# #### Set up Timeouts - Debugging Variables
log_user 0
set timeout 10
set userid "USER"
set password "PASS"
# ############## Get two arguments - (1) Device (2) Command to be executed
set device [lindex $argv 0]
set command [lindex $argv 1]
spawn /usr/local/bin/ssh -l $userid $device
match_max [expr 32 * 1024]
expect {
-re "RSA key fingerprint" {send "yes\r"}
timeout {puts "Host is known"}
}
expect {
-re "username: " {send "$userid\r"}
-re "(P|p)assword: " {send "$password\r"}
-re "Warning:" {send "$password\r"}
-re "Connection refused" {puts "Host error -> $expect_out(buffer)";exit}
-re "Connection closed" {puts "Host error -> $expect_out(buffer)";exit}
-re "no address.*" {puts "Host error -> $expect_out(buffer)";exit}
timeout {puts "Timeout error. Is device down or unreachable?? ssh_expect";exit}
}
expect {
-re "\[#>]$" {send "term len 0\r"}
timeout {puts "Error reading prompt -> $expect_out(buffer)";exit}
}
expect {
-re "\[#>]$" {send "$command\r"}
timeout {puts "Error reading prompt -> $expect_out(buffer)";exit}
}
expect -re "\[#>]$"
set output $expect_out(buffer)
send "exit\r"
puts "$output\r\n"
任何脚本语言都存在同样的问题。如果脚本不知道密码,则无法键入密码。。。最简单的解决方案是使用无密码ssh,使用密钥。。。并添加
-OUseBatchMode=Yes
,这样,如果您的密钥出现问题,ssh将立即失败(您可以验证退出代码),而不仅仅是返回到密码模式并挂起(当您以交互方式运行时)看看Glenn的答案:
我试着做同样的事情,发现这很有用。下面是提示输入用户名和密码的expect代码:
send_user "Username?\ "
expect_user -re "(.*)\n"
set user $expect_out(1,string)
send_user "password?\ "
stty -echo
expect_user -re "(.*)\n"
stty echo
set password $expect_out(1,string)
或者,如果您需要多次运行,并且不希望每次都重新输入密码,则您可以将密码存储在主目录中具有受限权限(0400)的文件中,并从中读取密码。然后在不再需要时删除密码文件。通过expect发送密码时,如果执行“ps”,则可以使用密码查看整个命令。为了避免这种情况,可以从另一个bash脚本调用expect脚本,该脚本以大约500个字符的随机字符串发送,然后调用密码。然后在expect脚本上,您可以将password作为$1变量调用 Bash脚本示例: #!/bin/bash
串="6E2884F8BF8418BacA224472C5D8206E2884F8BF8418BacA224472C5D8206E2884F8BF8418BacA224472C5D8206E2884F8BF8418BacA224472C5D8206E2884E2884F8BF8418BacA224472C5D8206E2884F8BF8418BacA224472C5D8206E2884D8206E2884BF8418BacA224472CA2247D8206BacA2247BF846BcA2472CA2247D8206BacA2247BcA2845BcA2247D8205BcA2247D886BcA2247D8205BcA2247BcA2845D886BcA2242CA2848D886BcA2247Bc247D886BcA2247D8205BcA2282828282888D8206E2884F8BF8418BAC1CA24472C5D8206E2884F8BF8418BAC1CA24472C5D8206E2884F8BF8418BAC1CA24472C5D8206E2884F8BF8418BAC1CA24472C5D8206E2884F8BF8418BAC1CA24472C5D820“ ./expectscript$string“MySuperSecretPassword” 和脚本示例: #!/usr/bin/expect-f
设置超时20
设置字符串[lindex$argv 0]
设置密码[lindex$argv 1]
“生成ssh”user@192.168.1.1“
期待“assword”
发送“$password\r” 希望这能解决您的问题。
如果能介绍一下如何解决这个问题,那会很有用。谢谢。添加了说明和辅助解决方案。