当前位置: 文江博客话题详情

如何在不覆盖 TTY 的情况下将密码传递给 su/sudo/ssh?

发布于 2024-07-07 15:45:26 字数 329 浏览 10 评论 0原文

我正在编写一个 C Shell 程序,它将执行 susudossh。 他们都希望在控制台输入(TTY)而不是标准输入或命令行中获得密码。

有人知道解决办法吗?

设置无密码 sudo 不是一个选项。

可能是一个选项,但它不存在于我的精简系统。

原文

I'm writing a C Shell program that will be doing su or sudo or ssh. They all want their passwords in console input (the TTY) rather than stdin or the command line.

Does anybody know a solution?

Setting up password-less sudo is not an option.

could be an option, but it's not present on my stripped-down system.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(22

萌酱 2024-07-14 15:45:27

我编写了一些 Applescript,它通过对话框提示输入密码,然后构建自定义 bash 命令,如下所示:

echo <password> | sudo -S <command>

我不确定这是否有帮助。

如果 sudo 接受预加密的密码,那就太好了,这样我就可以在脚本中对其进行加密,而不必担心回显明文密码。 然而,这对我和我的情况有用。

I wrote some Applescript which prompts for a password via a dialog box and then builds a custom bash command, like this:

echo <password> | sudo -S <command>

I'm not sure if this helps.

It'd be nice if sudo accepted a pre-encrypted password, so I could encrypt it within my script and not worry about echoing clear text passwords around. However this works for me and my situation.

回复 原文
一桥轻雨一伞开 2024-07-14 15:45:27

对于ssh,您可以使用sshpasssshpass -p yourpassphrase ssh user@host

你只需要先下载 sshpass :)

$ apt-get install sshpass
$ sshpass -p 'password' ssh username@server

For ssh you can use sshpass: sshpass -p yourpassphrase ssh user@host.

You just need to download sshpass first :)

$ apt-get install sshpass
$ sshpass -p 'password' ssh username@server
回复 原文
蹲墙角沉默 2024-07-14 15:45:27

对于 sudo 你也可以这样做:

sudo -S <<< "password" command

For sudo you can do this too:

sudo -S <<< "password" command
回复 原文
情丝乱 2024-07-14 15:45:27

也许您可以使用 expect 命令?:

expect -c 'spawn ssh [email protected];expect password;send "your-password\n";interact

该命令自动给出密码。

Maybe you can use an expect command?:

expect -c 'spawn ssh [email protected];expect password;send "your-password\n";interact

That command gives the password automatically.

回复 原文
丶情人眼里出诗心の 2024-07-14 15:45:27

我有:

ssh user@host bash -c "echo mypass | sudo -S mycommand"

对我有用。

I've got:

ssh user@host bash -c "echo mypass | sudo -S mycommand"

Works for me.

回复 原文
辞慾 2024-07-14 15:45:27

此问题的通常解决方案是设置一个帮助程序应用程序来执行需要超级用户访问权限的任务:
http://en.wikipedia.org/wiki/Setuid

Sudo 不适合离线使用。

稍后编辑:SSH 可以与私钥-公钥身份验证一起使用。 如果私钥没有密码,则可以使用 ssh,而不会提示输入密码。

The usual solution to this problem is setuiding a helper app that performs the task requiring superuser access:
http://en.wikipedia.org/wiki/Setuid

Sudo is not meant to be used offline.

Later edit: SSH can be used with private-public key authentication. If the private key does not have a passphrase, ssh can be used without prompting for a password.

回复 原文
无人问我粥可暖 2024-07-14 15:45:27

这可以通过在要连接的目标主机上设置公钥/私钥来完成。
第一步是为在本地主机上运行脚本的用户生成 ssh 密钥,方法是执行:

ssh-keygen
Enter file in which to save the key (/home/myuser/.ssh/id_rsa): <Hit enter for default>
Overwrite (y/n)? y

然后输入空白密码。 之后,将您的 ssh 密钥复制到您要连接的目标主机上。

ssh-copy-id <remote_user>@<other_host>
remote_user@other_host's password: <Enter remote user's password here>

注册 ssh 密钥后,您将能够从本地主机执行静默 ssh remote_user@other_host

This can be done by setting up public/private keys on the target hosts you will be connecting to.
The first step would be to generate an ssh key for the user running the script on the local host, by executing:

ssh-keygen
Enter file in which to save the key (/home/myuser/.ssh/id_rsa): <Hit enter for default>
Overwrite (y/n)? y

Then enter a blank password. After that, copy your ssh key onto the target host which you will be connecting to.

ssh-copy-id <remote_user>@<other_host>
remote_user@other_host's password: <Enter remote user's password here>

After registering the ssh keys, you would be able to perform a silent ssh remote_user@other_host from you local host.

回复 原文
伪心 2024-07-14 15:45:27

当没有更好的选择(如其他人建议的)时, man socat 可以提供帮助:

   (sleep 5; echo PASSWORD; sleep 5; echo ls; sleep 1) |
   socat - EXEC:'ssh -l user server',pty,setsid,ctty

          EXEC’utes an ssh session to server. Uses a pty for communication
          between socat and ssh, makes it ssh’s  controlling  tty  (ctty),
          and makes this pty the owner of a new process group (setsid), so
          ssh accepts the password from socat.

所有 pty、setsid、ctty 复杂性都是必要的,虽然您可能不需要睡眠那么长时间,但您需要睡眠。 echo=0 选项也值得一看,就像在 ssh 命令行上传递远程命令一样。

When there's no better choice (as suggested by others), then man socat can help:

   (sleep 5; echo PASSWORD; sleep 5; echo ls; sleep 1) |
   socat - EXEC:'ssh -l user server',pty,setsid,ctty

          EXEC’utes an ssh session to server. Uses a pty for communication
          between socat and ssh, makes it ssh’s  controlling  tty  (ctty),
          and makes this pty the owner of a new process group (setsid), so
          ssh accepts the password from socat.

All of the pty,setsid,ctty complexity is necessary and, while you might not need to sleep as long, you will need to sleep. The echo=0 option is worth a look too, as is passing the remote command on ssh's command line.

回复 原文
尘世孤行 2024-07-14 15:45:27

看一下 expect Linux 实用程序。

它允许您根据标准输入上的简单模式匹配将输出发送到标准输入输出。

Take a look at expect linux utility.

It allows you to send output to stdio based on simple pattern matching on stdin.

回复 原文
執念 2024-07-14 15:45:27
echo <password> | su -c <command> <user>

这是有效的。

echo <password> | su -c <command> <user>

This is working.

回复 原文
故人的歌 2024-07-14 15:45:27
ssh -t -t [email protected] << EOF
echo SOMEPASSWORD | sudo -S do something
sudo do something else
exit
EOF

ssh -t -t [email protected] << EOF
echo SOMEPASSWORD | sudo -S do something
sudo do something else
exit
EOF
回复 原文
找回味觉 2024-07-14 15:45:27

将 SSH 设置为公钥身份验证,密钥上没有密码。 网上有大量指南。 届时您将不需要密码即可登录。 然后,您可以根据客户端主机名限制密钥的连接。 提供合理的安全性,非常适合自动登录。

Set SSH up for Public Key Authentication, with no pasphrase on the Key. Loads of guides on the net. You won't need a password to login then. You can then limit connections for a key based on client hostname. Provides reasonable security and is great for automated logins.

回复 原文
酒解孤独 2024-07-14 15:45:27

更好的 sshpass 替代方案是:passh
https://github.com/clarkwang/passh

登录远程服务器

 $ passh -p password ssh user@host

在远程服务器上运行命令

 $ passh -p password ssh user@host date

其他传递密码的方法

-p 密码(默认:`password')

-p env:从环境变量中读取密码

-p file:从文件中读取密码

此处< /a> 我解释了为什么它比 sshpass 和其他解决方案更好。

a better sshpass alternative is: passh
https://github.com/clarkwang/passh

Login to a remote server

 $ passh -p password ssh user@host

Run a command on remote server

 $ passh -p password ssh user@host date

other methods to pass the password

-p The password (Default: `password')

-p env: Read password from env var

-p file: Read password from file

here I explained why it is better than sshpass, and other solutions.

回复 原文
—━☆沉默づ 2024-07-14 15:45:27

如下所示:

您还可以传递各种参数, 回声 y | sudo -S pacman -Syu

(虽然这是一个坏主意,但这只是一个例子)

You can also pass various parameters as follows:

echo password | echo y | sudo -S pacman -Syu

(Although that's a bad idea, it's just an example)

回复 原文
归途 2024-07-14 15:45:27

我有同样的问题。 用于在远程电脑上创建目录的对话框脚本。
与 ssh 的对话很容易。 我使用 sshpass (之前安装的)。

   dialog --inputbox "Enter IP" 8 78 2> /tmp/ip

   IP=$(cat /tmp/ip)


   dialog --inputbox "Please enter username" 8 78 2> /tmp/user

   US=$(cat /tmp/user)


   dialog --passwordbox "enter password for \"$US\" 8 78 2> /tmp/pass

   PASSWORD = $(cat /tmp/pass)


   sshpass -p "$PASSWORD" ssh $US@$IP mkdir -p /home/$US/TARGET-FOLDER


   rm /tmp/ip

   rm /tmp/user

   rm /tmp/pass

问候

来自德国泰特斯的

I had the same problem. dialog script to create directory on remote pc.
dialog with ssh is easy. I use sshpass (previously installed).

   dialog --inputbox "Enter IP" 8 78 2> /tmp/ip

   IP=$(cat /tmp/ip)


   dialog --inputbox "Please enter username" 8 78 2> /tmp/user

   US=$(cat /tmp/user)


   dialog --passwordbox "enter password for \"$US\" 8 78 2> /tmp/pass

   PASSWORD = $(cat /tmp/pass)


   sshpass -p "$PASSWORD" ssh $US@$IP mkdir -p /home/$US/TARGET-FOLDER


   rm /tmp/ip

   rm /tmp/user

   rm /tmp/pass

greetings from germany

titus

回复 原文
山有枢 2024-07-14 15:45:27

基于 @Jahid 的答案,这对我在 macOS 10.13 上有效:

ssh <remote_username>@<remote_server> sudo -S <<< <remote_password> cat /etc/sudoers

Building on @Jahid's answer, this worked for me on macOS 10.13:

ssh <remote_username>@<remote_server> sudo -S <<< <remote_password> cat /etc/sudoers
回复 原文
他夏了夏天 2024-07-14 15:45:27

我曾经有一个用例,我需要在同一个命令中运行 Sudo 和 ssh,而无需 stdin 指定所需的所有变量。

这是我使用的命令

echo sudopassword | sudo -S -u username sshpass -p  extsshpassword ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no  username@ipaddress " CMD on external machine"

将该命令分成几部分!

这将允许您使用超级用户通过您的计算机运行命令:

echo password | sudo -S -u username

这将允许您传递 ssh 密码并在外部计算机上执行命令:

sshpass -p  sshpassword  ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no  username@ipaddress " CMD on external machine"

<块引用>

确保您的计算机上安装了 sudo 和 openssh 软件包。

I once had a use case where I needed to run Sudo and ssh in the same command without stdin specifying all the variables needed.

This is the command I used

echo sudopassword | sudo -S -u username sshpass -p  extsshpassword ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no  username@ipaddress " CMD on external machine"

Breaking that command into pieces!

This will allow you to run commands through your machine using Superuser:

echo password | sudo -S -u username

This will allow you to pass ssh password and execute commands on external machines:

sshpass -p  sshpassword  ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no  username@ipaddress " CMD on external machine"

make sure you install the sudo and openssh packages on your machine.

回复 原文
或十年 2024-07-14 15:45:27

一种方法是使用 read -s 选项..这样密码字符就不会回显到屏幕上。 我为一些用例编写了一个小脚本,您可以在我的博客中看到它:
http://www.datauniv.com/博客/2013/02/21/a-quick-little-expect-script/

One way would be to use read -s option .. this way the password characters are not echoed back to the screen. I wrote a small script for some use cases and you can see it in my blog:
http://www.datauniv.com/blogs/2013/02/21/a-quick-little-expect-script/

回复 原文
放血 2024-07-14 15:45:27

使用:

echo password | sudo command

示例:

echo password | sudo apt-get update; whoami

希望有帮助..

USE:

echo password | sudo command

Example:

echo password | sudo apt-get update; whoami

Hope It Helps..

回复 原文
一梦浮鱼 2024-07-14 15:45:27

您可以提供密码作为期望脚本的参数。

You can provide password as parameter to expect script.

回复 原文
冷清清 2024-07-14 15:45:27
su -c "Command" < "Password"

希望对您有所帮助。

su -c "Command" < "Password"

Hope it is helpful.

回复 原文
爱人如己 2024-07-14 15:45:26

对于 sudo,有一个 -S 选项用于接受来自标准输入的密码。 这是 man 条目:

    -S          The -S (stdin) option causes sudo to read the password from
                the standard input instead of the terminal device.

这将允许您运行如下命令:

echo myPassword | sudo -S ls /tmp

至于 ssh,我已经做了很多尝试来自动化/脚本化它的使用,但没有成功。 似乎没有任何内置方法可以在没有提示的情况下将密码传递到命令中。 正如其他人提到的,“expect”实用程序似乎旨在解决这一困境,但最终,设置正确的私钥授权是尝试自动化此操作时的正确方法。

For sudo there is a -S option for accepting the password from standard input. Here is the man entry:

    -S          The -S (stdin) option causes sudo to read the password from
                the standard input instead of the terminal device.

This will allow you to run a command like:

echo myPassword | sudo -S ls /tmp

As for ssh, I have made many attempts to automate/script it's usage with no success. There doesn't seem to be any build-in way to pass the password into the command without prompting. As others have mentioned, the "expect" utility seems like it is aimed at addressing this dilemma but ultimately, setting up the correct private-key authorization is the correct way to go when attempting to automate this.

回复 原文
~没有更多了~

关于作者

隔纱相望

暂无简介

0 文章
0 评论
22 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

1CH1MKgiKxn9p

文章 0 评论 0

ゞ记忆︶ㄣ

文章 0 评论 0

JackDx

文章 0 评论 0

信远

文章 0 评论 0

yaoduoduo1995

文章 0 评论 0

霞映澄塘

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文