如何从调用 bash 的 Tcl 脚本验证密钥?
我有一个 tcl 脚本,它从 bash 调用很多函数,包括 ssh。我正在努力解决的部分看起来像这样:
proc connect {where} {
set bash c:/cygwin/bin/bash
catch {exec $bash -c "ssh $where"} result
puts $result
}
connect user@localhost
我收到身份验证失败消息:
Pseudo-terminal will not be allocated because stdin is not a terminal.
Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,password,keyboard-interactive).
我无法弄清楚如何提示(显示控制台或 tk 窗口,并不重要)用户输入密码,因此身份验证通过。
我使用 bash 来 ssh 的原因是因为最终我想用脚本连接到 github(需要提示输入密码)。
I have a tcl script that calls a lot of functions from bash including ssh. The part I'm struggling with looks like this:
proc connect {where} {
set bash c:/cygwin/bin/bash
catch {exec $bash -c "ssh $where"} result
puts $result
}
connect user@localhost
I get the authentication failed message:
Pseudo-terminal will not be allocated because stdin is not a terminal.
Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,password,keyboard-interactive).
I can't figure out how to prompt (either showing the console or a tk window, doesn't really matter) the user for the password so the authentication goes through.
The reason I'm using bash to ssh is because eventually I want to connect to a github with the script (need to prompt for a passkey).
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
试试这个:
exec的<<参数将给定值传递给其标准输入上的命令如果这不起作用,您必须尝试 Expect,或使用没有密码的密钥。
Try this:
The
<<argument toexecpasses the given value to the command on its stdinIf that doesn't work, you'll have to try Expect, or use a key with no passphrase.
一个重要的替代方案(我建议)是设置一个本地密钥处理代理(例如,
ssh-agent或pageant)来保存解密的密钥,以便您的代码根本不需要处理密码。我发现总体上这是一个更简单的方法,因为它使许多代码不必理解有关密码的任何内容(这比您想象的更难正确处理......)One important alternative (which I advise) is to set up a local key-handling agent (e.g.,
ssh-agentorpageant) to hold the decrypted key so that your code doesn't need to handle passwords at all. I find that's a much simpler method overall because it stops a lot of code from having to understand anything about passwords (which are harder to handle correctly than you might think…)