我需要使用 sftp 从 Linux 主机将日志文件传输到远程主机。我的运营团队已向我提供了相同的凭据。但是,由于我无法控制其他主机,因此我无法生成 RSA 密钥并与其他主机共享。
那么有没有办法通过 cron 工作?
我发现了一个类似的 Stack Overflow 问题,在 Bash 脚本中指定 sftp 的密码,但没有我的问题的满意答案。
I need to transfer a log file to a remote host using sftp from a Linux host. I have been provided credentials for the same from my operations group. However, since I don't have control over other host, I cannot generate and share RSA keys with the other host.
So is there a way to run the sftp command (with the username/password provided) from inside the Bash script through a cron job?
I found a similar Stack Overflow question, Specify password to sftp in a Bash script, but there was no satisfactory answer to my problem.
发布评论
评论(15)
Bash 程序等待 sftp 要求输入密码,然后将其发送:
您可能需要安装 Expect,将“密码”的措辞更改为小写“p”以匹配您的提示符收到的内容。这里的问题是它会在文件和命令历史记录中以纯文本形式公开您的密码。这几乎违背了拥有密码的初衷。
Bash program to wait for sftp to ask for a password then send it along:
You may need to install expect, change the wording of 'Password' to lowercase 'p' to match what your prompt receives. The problems here is that it exposes your password in plain text in the file as well as in the command history. Which nearly defeats the purpose of having a password in the first place.
您可以使用 sshpass 来实现。 步骤
sudo apt-get install sshpass如果是第一次,请将远程 IP 添加到您的已知主机文件中对于 Ubuntu -> ssh 用户@IP ->输入 'yes'
下面是战争应对远程tomcat的示例代码
sshpass -p '#Password_For_remote_machine' scp /home/ubuntu/latest_build/abc.war #user@#RemoteIP:/var/lib/tomcat7/webappsYou can use sshpass for it. Below are the steps
sudo apt-get install sshpassFor Ubuntu -> ssh user@IP -> enter 'yes'
Below is a sample code for war coping to remote tomcat
sshpass -p '#Password_For_remote_machine' scp /home/ubuntu/latest_build/abc.war #user@#RemoteIP:/var/lib/tomcat7/webapps有几个人提到了 sshpass,但没有很多清晰的编码示例...
这就是我们使用 bash 脚本进行 rsync 备份的方式:
请记住,您必须 sudo apt install sshpass 才能正常工作。
A few people have mentioned
sshpassbut not many clear coding examples...This is how we are doing it with bash scripts for rsync backups:
Keep in mind you will have to
sudo apt install sshpassbefore this works properly.对于标准输入,LOCALPATH 可能是
-。 NETRC 文件的行格式如下:(也可以使用
--user USER:PASSWORD代替--netrc-file但这会向任何运行 < code>ps 同时在本地,所以不要这样做。)如果 NETRC 文件不永久存在,您的脚本可以创建一个临时文件(可能借助
mktemp)。感谢@ASammour 指出curl 使用SFTP。
LOCALPATH may be
-for stdin. The NETRC file has lines with format:(It's also possible to use
--user USER:PASSWORDinstead of--netrc-filebut that reveals the password to anyone runningpslocally at the same time, so don't do that.)If the NETRC file does not exist permanently, your script can create a temporary file (possibly with the help of
mktemp).Thanks to @ASammour for pointing out that curl speaks SFTP.
您可以使用带有 scp 和 os 库的 Python 脚本来进行系统调用。
You can use a Python script with scp and os library to make a system call.
@ASamour 启发我将其放入我的 .bashrc 中:
@ASamour inspired me to put this in my .bashrc:
我来这里只是为了获得身份验证技巧,然后在终端中手动运行命令。该解决方案仅涉及身份验证部分:
我必须安装 sshpass。
然后您将登录 sftp 手动运行命令,而无需输入密码。
I came here only to get the auth trick, and then run the commands manually in the terminal. This solution is ONLY ABOUT the authentication part:
I had to install sshpass.
Then you will be logged on sftp to run commands manually, without having to type the password.
除了使用公钥身份验证之外,您还有其他一些选择:
如果您决定给 sshpass 一个机会,这里是一个工作脚本片段:
更新:但是请理解,使用环境变量与使用命令行选项
-p一样不安全用于传递密码。最好使用
-f选项从这样的文件中存储和读取密码:You have a few options other than using public key authentication:
If you decide to give sshpass a chance here is a working script snippet to do so:
Update: However do understand that using environment variables is also insecure as using command line option
-pfor passing password.It is better to store and read password from a file like this using
-foption:另一种方法是使用 lftp:
此方法的缺点是计算机上的其他用户可以从
ps等工具读取密码,并且该密码可能成为您的 shell 历史记录的一部分。自 LFTP 4.5.0 起提供的更安全的替代方案是设置
LFTP_PASSWORD环境变量并使用--env-password执行 lftp。这是一个完整的示例:LFTP 还包括一个很酷的镜像功能(可以包括确认传输后删除
--Remove-source-files):Another way would be to use lftp:
The disadvantage of this method is that other users on the computer can read the password from tools like
psand that the password can become part of your shell history.A more secure alternative which is available since LFTP 4.5.0 is setting the
LFTP_PASSWORDenvironment variable and executing lftp with--env-password. Here's a full example:LFTP also includes a cool mirroring feature (can include delete after confirmed transfer
--Remove-source-files):EXPECT是一个很好用的程序。在 Ubuntu 上安装它:
在 CentOS 机器上安装它:
假设您想要连接到 sftp 服务器,然后将本地文件从本地计算机上传到远程 sftp 服务器
这将使用您的密码打开一个 sftp 连接服务器。
然后它会转到您要上传文件的目录,在本例中为“logdirectory”。
这会将日志文件从位于 /var/log/ 的本地目录(文件名为 file.log)上传到上的“logdirectory”远程服务器
EXPECTis a great program to use.On Ubuntu install it with:
On a CentOS Machine install it with:
Lets say you want to make a connection to a sftp server and then upload a local file from your local machine to the remote sftp server
This opens a sftp connection with your password to the server.
Then it goes to the directory where you want to upload your file, in this case "logdirectory"
This uploads a log file from the local directory found at /var/log/ with the files name being file.log to the "logdirectory" on the remote server
您可以在 shell 脚本中交互使用 lftp,这样密码就不会保存在 .bash_history 或类似文件中,方法如下:
将以下内容添加到您的文件中:
编辑主机、用户、密码和目录后写入/退出 vi 编辑器对于您的放置文件,输入
:wq。然后使您的脚本可执行chmod +x test_script.sh并执行它./test_script.sh。You can use lftp interactively in a shell script so the password not saved in .bash_history or similar by doing the following:
Add the following to your file:
And write/quit the vi editor after you edit the host, user, pass, and directory for your put file typing
:wq.Then make your script executablechmod +x test_script.shand execute it./test_script.sh.最近,我被要求从 ftp 切换到 sftp,以确保服务器之间的文件传输安全。我们使用 Tectia SSH 包,它有一个选项
--password来在命令行上传递密码。示例:
sftp --password="password" "userid"@"servername"批处理示例:
我认为我应该共享此信息,因为我在运行帮助命令之前正在查看各种网站 (< code>sftp -h),我很惊讶地看到密码选项。
I was recently asked to switch over from ftp to sftp, in order to secure the file transmission between servers. We are using Tectia SSH package, which has an option
--passwordto pass the password on the command line.example :
sftp --password="password" "userid"@"servername"Batch example :
I thought I should share this information, since I was looking at various websites, before running the help command (
sftp -h), and was i surprised to see the password option.我发现实现此目的的最简单方法是使用 CURL< 的组合,而无需安装任何第三方库,例如 Expect、SSHPASS...等/strong> 和 SFTP。这两个几乎存在于每台 Linux 机器中。
这是更改值后应执行的命令。
示例:
说明:
我们正在连接到服务器 10.10.10.10:77使用用户名admin和密码123456,将文件/home/admin/test.txt从该服务器移动到您正在使用的服务器当前执行上述命令。
The easiest way I found to accomplish this, without installing any third-party library like Expect, SSHPASS...etc, is by using a combination of CURL, and SFTP. Those two are almost in every Linux machine.
This is the command you should execute, after changing the values.
Example:
Explanation:
We are connecting to the server 10.10.10.10:77 using the username admin and password 123456, to move the file /home/admin/test.txt from that server to the server you are using currently to execute the above command.
您可以通过启用无密码身份验证来覆盖。但您应该在执行此操作之前安装密钥(pub、priv)。
在本地服务器上执行以下命令。
按 ENTER 键查看所有提示选项。无需输入任何值。
使用以下命令连接到远程服务器
在远程服务器上执行以下命令
在本地服务器上执行以下命令以测试无密码身份验证。
应该无需密码即可连接。
You can override by enabling Password less authentication. But you should install keys (pub, priv) before going for that.
Execute the following commands at local server.
Press ENTER for all options prompted. No values need to be typed.
Connect to remote server using the following command
Execute the following commands at remote server
Execute the following command at local server to test password-less authentication.
It should be connected without password.
将 sshpass 与锁定的凭据文件结合起来,在实践中,它与任何东西一样安全 - 如果您拥有 root 权限来读取凭据文件,那么无论如何,所有的赌注都会被取消。
Combine sshpass with a locked-down credentials file and, in practice, it's as secure as anything - if you've got root on the box to read the credentials file, all bets are off anyway.