如何从调用 bash 的 Tcl 脚本验证密钥?

发布于 2024-09-04 17:58:46 字数 592 浏览 11 评论 0原文

我有一个 tcl 脚本,它从 bash 调用很多函数,包括 ssh。我正在努力解决的部分看起来像这样:

proc connect {where} {
    set bash c:/cygwin/bin/bash
    catch {exec $bash -c "ssh $where"} result
    puts $result
}
connect user@localhost

我收到身份验证失败消息:

Pseudo-terminal will not be allocated because stdin is not a terminal.
Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,password,keyboard-interactive).

我无法弄清楚如何提示(显示控制台或 tk 窗口,并不重要)用户输入密码,因此身份验证通过。

我使用 bash 来 ssh 的原因是因为最终我想用脚本连接到 github(需要提示输入密码)。

I have a tcl script that calls a lot of functions from bash including ssh. The part I'm struggling with looks like this:

proc connect {where} {
    set bash c:/cygwin/bin/bash
    catch {exec $bash -c "ssh $where"} result
    puts $result
}
connect user@localhost

I get the authentication failed message:

Pseudo-terminal will not be allocated because stdin is not a terminal.
Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,password,keyboard-interactive).

I can't figure out how to prompt (either showing the console or a tk window, doesn't really matter) the user for the password so the authentication goes through.

The reason I'm using bash to ssh is because eventually I want to connect to a github with the script (need to prompt for a passkey).

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

九厘米的零° 2024-09-11 17:58:46

试试这个:

puts -nonewline "enter your passphrase: "
flush stdout
gets stdin passphrase
exec $bash -c "ssh $where" << $passphrase

exec<< 参数将给定值传递给其标准输入上的命令

如果这不起作用,您必须尝试 Expect,或使用没有密码的密钥。

Try this:

puts -nonewline "enter your passphrase: "
flush stdout
gets stdin passphrase
exec $bash -c "ssh $where" << $passphrase

The << argument to exec passes the given value to the command on its stdin

If that doesn't work, you'll have to try Expect, or use a key with no passphrase.

十秒萌定你 2024-09-11 17:58:46

一个重要的替代方案(我建议)是设置一个本地密钥处理代理(例如,ssh-agentpageant)来保存解密的密钥,以便您的代码根本不需要处理密码。我发现总体上这是一个更简单的方法,因为它使许多代码不必理解有关密码的任何内容(这比您想象的更难正确处理......)

One important alternative (which I advise) is to set up a local key-handling agent (e.g., ssh-agent or pageant) to hold the decrypted key so that your code doesn't need to handle passwords at all. I find that's a much simpler method overall because it stops a lot of code from having to understand anything about passwords (which are harder to handle correctly than you might think…)

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文