1、sshpass:
使用场景:
ssh登陆不能在命令行中指定密码,sshpass 的出现,解决了这一问题,用于非交互的ssh 密码验证 它支持密码从命令行,文件,环境变量中读取。
安装
1
2
3
4
5
6
| [iyunv@node6 ~]# yum install sshpass -y
已安装:
sshpass.x86_64 0:1.05-1.el6
完毕!
[iyunv@node6 ~]#
|
参数:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
| [iyunv@node6 ~]#
[iyunv@node6 ~]# sshpass --help
sshpass: invalid option -- '-'
Usage: sshpass [-f|-d|-p|-e] [-hV] command parameters
-f filename Take password to use from file
-d number Use number as file descriptor for getting password
-p password Provide password as argument (security unwise)
-e Password is passed as env-var "SSHPASS"
With no parameters - password will be taken from stdin
-h Show help (this screen)
-V Print version information
At most one of -f, -d, -p or -e should be used
#这里sshpass支持三种模式,密码,文件,环境变量
|
案例:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
| 简单模式:(修改端口,主机互信)
[iyunv@node3 ~]# ssh root@192.168.1.221 -p21386 'ls'
Address 192.168.1.221 maps to localhost, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
root@192.168.1.221's password:
node2
RPM-GPG-KEY-EPEL-6
[iyunv@node3 ~]#
#命令行下:
[iyunv@node3 ~]# sshpass -prenzhiyuan ssh root@192.168.1.221 -p21386 'ls'
Address 192.168.1.221 maps to localhost, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
node2
RPM-GPG-KEY-EPEL-6
[iyunv@node3 ~]#
#文件模式:
[iyunv@node3 ~]# cat renzhiyuan
renzhiyuan
[iyunv@node3 ~]# sshpass -f renzhiyuan ssh root@192.168.1.221 -p21386 'ls'
Address 192.168.1.221 maps to localhost, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
node2
RPM-GPG-KEY-EPEL-6
[iyunv@node3 ~]#
#环境变量里面
[iyunv@node3 ~]# cat /etc/profile.d/renzhiyuan.sh
export SSHPASS="renzhiyuan"
sshpass -e ssh root@192.168.1.221 -p21386 'ls'
[iyunv@node3 ~]#
[iyunv@node3 ~]# /etc/profile.d/renzhiyuan.sh
Address 192.168.1.221 maps to localhost, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
node2
RPM-GPG-KEY-EPEL-6
[iyunv@node3 ~]#
|
2、expect:
使用场景:
通过Shell可以实现简单的控制流功能,如:循环、判断等。但是对于需要交互的场合则必须通过人工来干预,有时候我们可能会需要实现和交互程序如telnet服务器等进行交互的功能。
而expect是一个免费的编程工具语言,用来实现自动和交互式任务进行通信,而无需人的干预。 1
2
3
4
5
6
7
8
9
| [iyunv@node6 ~]# yum install expect -y
已安装:
expect.x86_64 0:5.44.1.15-5.el6_4
作为依赖被安装:
tcl.x86_64 1:8.5.7-6.el6
完毕!
[iyunv@node6 ~]#
|
案例:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
| 2.1)ssh实现自动登录,并停在登录服务器上
yum install expect -y
[iyunv@node3 ~]# cat ssh.sh
#!/usr/bin/expect -f
set ip [lindex $argv 0 ]
set password [lindex $argv 1 ]
set timeout 20
spawn ssh -p21386 root@$ip
expect {
"*yes/no" { send "yes\r"; exp_continue }
"*password:" { send "$password\r" }
}
interact
[iyunv@node3 ~]# ./ssh.sh 192.168.1.221 renzhiyuan
spawn ssh -p21386 root@192.168.1.221
Address 192.168.1.221 maps to localhost, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
root@192.168.1.221's password:
Last login: Wed Dec 7 16:43:27 2016 from 192.168.1.217
[iyunv@node3 ~]#
#!/usr/bin/expect -f
set ip [lindex $argv 0 ] //接收第一个参数,并设置IP
set password [lindex $argv 1 ] //接收第二个参数,并设置密码
set timeout 10 //设置超时时间
spawn ssh root@$ip //发送ssh请滶
expect { //返回信息匹配
"*yes/no" { send "yes\r"; exp_continue} //第一次ssh连接会提示yes/no,继续
"*password:" { send "$password\r" } //出现密码提示,发送密码
}
interact //交互模式,用户会停留在远程服务器上面.
2、2)根据IP和密码连接到不同的机器.
[iyunv@node3 ~]# ./ssh.sh
spawn ssh -p21386 root@192.168.1.221
Address 192.168.1.221 maps to localhost, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
root@192.168.1.221's password:
Last login: Wed Dec 7 16:43:56 2016 from 192.168.1.217
[iyunv@node3 ~]#
2.3)远程登录到服务器,并且执行命令,执行完后并退出
[iyunv@node3 ~]# ./ssh.sh
spawn ssh -p21386 root@192.168.1.221
Address 192.168.1.221 maps to localhost, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
root@192.168.1.221's password:
Last login: Wed Dec 7 16:45:33 2016 from 192.168.1.217
[iyunv@HYXD ~]# pwd
/root
[iyunv@HYXD ~]# exit
logout
Connection to 192.168.1.221 closed.
[iyunv@node3 ~]#
|
3、问题:(能力有限,至今寻求帮助和研究都没出来)
如果做的是有密码的ssh互信,如何利用sshpass或者except解决密钥密码交互式问题?
3.1)#sshpass -p '密码' ssh -p21345 -i renzhiyuan 用户@ip (不可取)
2.2)except脚本居然没能越过ssh密钥的密码。
| 
QQ群⑧:
窥视卡
雷达卡
发表于 2016-12-15 09:09:08
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡