当前位置: 文江博客话题详情

在 Bash 脚本中指定 sftp 的密码

发布于 2024-10-21 05:50:54 字数 279 浏览 1 评论 0原文

我正在尝试编写一个脚本来通过 SFTP 备份文件。问题是,它需要密码,而且我认为没有办法手动指定 SFTP 的密码。我听说过使用公钥不需要密码,但这需要能够 ssh 进入远程服务器并修改一些配置文件,而我无法做到这一点。

目前我的解决方案是使用 cURL,但这是不安全的(使用普通的 FTP)。我还查看了 .netrc 文件,但这似乎是针对 FTP 而不是 SFTP。如何手动指定 sftp 密码?

原文

I am trying to write a script to back up a file over SFTP. The problem is, it requires a password, and I see no way to manually specify a password to SFTP. I've heard about requiring no password by using public keys, but that requires being able to ssh into the remote server and modify some configuration files, which I cannot do.

Currently my solution is to use cURL, but that is insecure (uses normal FTP). I also looked at the .netrc file, but that seems to be for FTP instead of SFTP. How do I manually specify a password for sftp?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(6

萌︼了一个春 2024-10-28 05:50:54

cURL 可以支持 sftp,如手册所述:

USING PASSWORDS

 FTP

   To ftp files using name+passwd, include them in the URL like:

        curl ftp://name:[email protected]:port/full/path/to/file

   or specify them with the -u flag like

        curl -u name:passwd ftp://machine.domain:port/full/path/to/file

 FTPS

   It is just like for FTP, but you may also want to specify and use
   SSL-specific options for certificates etc.

   Note that using FTPS:// as prefix is the "implicit" way as described in the
   standards while the recommended "explicit" way is done by using FTP:// and
   the --ftp-ssl option.

 SFTP / SCP

   This is similar to FTP, but you can specify a private key to use instead of
   a password. Note that the private key may itself be protected by a password
   that is unrelated to the login password of the remote system.  If you
   provide a private key file you must also provide a public key file.

cURL can support sftp, as documented by the manual:

USING PASSWORDS

 FTP

   To ftp files using name+passwd, include them in the URL like:

        curl ftp://name:[email protected]:port/full/path/to/file

   or specify them with the -u flag like

        curl -u name:passwd ftp://machine.domain:port/full/path/to/file

 FTPS

   It is just like for FTP, but you may also want to specify and use
   SSL-specific options for certificates etc.

   Note that using FTPS:// as prefix is the "implicit" way as described in the
   standards while the recommended "explicit" way is done by using FTP:// and
   the --ftp-ssl option.

 SFTP / SCP

   This is similar to FTP, but you can specify a private key to use instead of
   a password. Note that the private key may itself be protected by a password
   that is unrelated to the login password of the remote system.  If you
   provide a private key file you must also provide a public key file.
回复 原文
给我一枪 2024-10-28 05:50:54

Lftp 允许为 ftp 和 sftp 指定密码,并且根本不需要公钥。您的 sh 同步脚本可能如下所示:

#!/bin/sh
# Define folders
THEFOLDER='/mnt/my/folder'
# List files
THEFILES=`ls -p $THEFOLDER | grep -v "/"`

for file in $THEFILES
do
  echo "Processing $file"
  lftp -u login,password -e "put $THEFOLDER/$file;quit"  theftp/sub/folder
done

Lftp allows specifying passwords for both ftp and sftp and does not require public keys at all. Your sh sync script may look like this:

#!/bin/sh
# Define folders
THEFOLDER='/mnt/my/folder'
# List files
THEFILES=`ls -p $THEFOLDER | grep -v "/"`

for file in $THEFILES
do
  echo "Processing $file"
  lftp -u login,password -e "put $THEFOLDER/$file;quit"  theftp/sub/folder
done
回复 原文
南汐寒笙箫 2024-10-28 05:50:54

您可能还想考虑使用 python(paramiko 模块),因为可以从 shell 快速调用它。

安装模块

pip install paramiko

示例 FTP 上传脚本

import paramiko

username = 'my_username'
password = 'my_password'

transport = paramiko.Transport((server, 22))
transport.connect(username=username, password=password)
sftp = paramiko.SFTPClient.from_transport(transport)    

local_filename = '/tmp/filename'
remote_filename = 'MyFiles/temp.txt'

sftp.put( local_filename, remote_filename )

You might also want to consider using python (the paramiko module), as it can quickly be called from the shell.

Install the Module

pip install paramiko

Example FTP Upload Script

import paramiko

username = 'my_username'
password = 'my_password'

transport = paramiko.Transport((server, 22))
transport.connect(username=username, password=password)
sftp = paramiko.SFTPClient.from_transport(transport)    

local_filename = '/tmp/filename'
remote_filename = 'MyFiles/temp.txt'

sftp.put( local_filename, remote_filename )
回复 原文
您的好友蓝忘机已上羡 2024-10-28 05:50:54

Bash 程序等待 sftp 请求输入密码,然后将其发送:

#!/bin/bash
expect -c "
spawn sftp username@your_host
expect \"assword\"
send \"your_password_here\r\"
interact "

将其放入名为 sftp_autologin.sh 的文件中。 \r 发送一个到 sftp 来执行命令。我不在密码中包含“p”,因为在某些系统上它是大写的,而其他系统上是小写的。 Expect 会生成 sftp 命令。等待看到字符串“assword”并发送命令。然后结束。

要使其正常工作:

  1. 安装expect,我使用的是5.44.1.15
  2. 确保您可以以交互模式通过sftp 到您的盒子并提供密码。
  3. 确保该 bash 脚本具有可执行权限。

然后运行它:

chmod +x sftp_autologin.sh
./sftp_autologin.sh

它应该会让您进入 sftp 命令行,而不提示您输入密码。

它不安全吗?

这是您可以运行的最不安全的命令。它将密码暴露给命令行历史记录以及任何可以读取“ps”输出的其他人,并且基本上完全违背了密码的全部目的。

但是,嘿,欺诈火灾的另一个记录是什么,每年受害者损失只有大约 250b 美元。咱们去500b吧。

这会自动使用 sftp shell 运行一些命令,并在完成后自动退出:

#!/bin/bash
expect -c "
spawn sftp [email protected]
expect \"assword\"
send \"yourpassword\r\"
expect \"sftp\"
send \"get your_directory/yourfilename.txt\r\"
expect \"sftp\"
send \"exit\r\"
interact "

Bash program to wait for sftp to ask for a password then send it along:

#!/bin/bash
expect -c "
spawn sftp username@your_host
expect \"assword\"
send \"your_password_here\r\"
interact "

Put that in a file called sftp_autologin.sh. The \r sends an to sftp to execute the command. I don't include the 'p' in password because on some systems it's uppercase, others lowercase. expect spawns the sftp command. Waits for the string 'assword' to be seen and sends a command. Then ends.

To get this to work:

  1. Install expect, I'm using 5.44.1.15
  2. Make sure you can sftp to your box in interactive mode and supply a password.
  3. Make sure this bash script has executable permissions.

Then run it:

chmod +x sftp_autologin.sh
./sftp_autologin.sh

It should drop you into the sftp commandline without prompting you for a password.

Is it insecure?

It's about the most unsecure command you can run. It exposes the password to the commandline history, to anyone else who can read 'ps' output, and basically defeats the entire purpose of passwords all together.

But hey what's another log on the fraud fire, it's only about 250b dollars in victim losses per year. Lets go for 500b.

This automatically runs some commands with the sftp shell and exits automatically when done:

#!/bin/bash
expect -c "
spawn sftp [email protected]
expect \"assword\"
send \"yourpassword\r\"
expect \"sftp\"
send \"get your_directory/yourfilename.txt\r\"
expect \"sftp\"
send \"exit\r\"
interact "
回复 原文
那片花海 2024-10-28 05:50:54

为了使用公钥,您不需要修改任何“配置文件”。您只需将公钥的副本保留在 ssh 知道查找的位置(通常是 ~/.ssh/authorized_keys)。您可以使用 sftp 来完成此操作。如果您尚未在服务器上建立任何authorized_keys 文件,则只需将id_rsa.pub 文件放在其位置即可。

In order to use public keys you do not need to modify any "configuration files". You merely need to leave a copy of your public key in a place where ssh knows to look (normally ~/.ssh/authorized_keys). You can do this with sftp. If you haven't established any authorized_keys file on the server, you can simply put your id_rsa.pub file in its place.

回复 原文
红玫瑰 2024-10-28 05:50:54

您无法从命令行指定 ssh / scp 或 sftp 的密码。不提示输入密码进行连接的唯一方法是使用公钥身份验证。

您说您无法 ssh 到服务器来修改配置文件,但如果您可以 sftp 到服务器,您可能可以上传您的公钥。

您的公钥只需位于主目录中的 .ssh 目录下即可。

You can't specify a password to ssh / scp or sftp from the command line. The only way to connect without prompting for a password is to use public key authentication.

You say that you can't ssh to the server to modify configuration files but if you can sftp to the server you can probably upload your public key.

Your public key just has to go under the .ssh directory in your home directory.

回复 原文
~没有更多了~

关于作者

赠佳期

暂无简介

0 文章
0 评论
22 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

linfzu01

文章 0 评论 0

§对你不离不弃

文章 0 评论 0

可遇━不可求

文章 0 评论 0

枕梦

文章 0 评论 0

qq_3LFa8Q

文章 0 评论 0

JP

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文