跳转至

sshpass

1. 起因

      在某云平台创建云服务器后,生成了巨长、巨复杂的一串密码,在输入几十次密码后,依然是密码错误。这时候就想如果密码是非交互式输入,可以将密码做为参数或从文件输入就太好了。sshpass就是一款密码输入辅助工具,它可以从命令行明文参数、文件或环境变量中指定密码,从而避免交互式密码输入。

2. 部署

2.1 在线装

# ubuntu 
root@leco:~# apt-get install sshpass -y
# centos
root@leco:~# yum install sshpass -y
# mac
brew install sshpass

2.2 离线安装

​ 若是没有网络的机器,可以选择离线安装。https://sourceforge.net/projects/sshpass/

下载后解码压,然后进入源码目录:

tar -zxvf sshpass-1.06.tar.gz
cd sshpass-1.06
./configure
make &&make install

详细操作

[root@207_syslog src]# ls
sshpass_1.06.orig.tar.gz
[root@207_syslog src]# tar xf sshpass_1.06.orig.tar.gz
[root@207_syslog src]# ls
sshpass-1.06  sshpass_1.06.orig.tar.gz
[root@207_syslog src]# cd sshpass-1.06/
[root@207_syslog sshpass-1.06]# ls
aclocal.m4  compile      configure.ac  INSTALL     Makefile.am  NEWS
AUTHORS     config.h.in  COPYING       install-sh  Makefile.in  README
ChangeLog   configure    depcomp       main.c      missing      sshpass.1
[root@207_syslog sshpass-1.06]# ./configure
[root@207_syslog sshpass-1.06]# make && make install

3. 基本参数

    sshpass参数

root@leco:~# sshpass
Usage: sshpass [-f|-d|-p|-e] [-hV] command parameters
   -f filename   Take password to use from file
   -d number     Use number as file descriptor for getting password
   -p password   Provide password as argument (security unwise)
   -e            Password is passed as env-var "SSHPASS"
   With no parameters - password will be taken from stdin

   -h            Show help (this screen)
   -V            Print version information
At most one of -f, -d, -p or -e should be used

    如上所示,command parameters为你要执行的需要交互式输入密码的命令,如:ssh、scp等。当sshpass没有指定参数时会从stdin获取密码,几个密码输入相关参数如下:

-f filename:从文件中获取密码
-d number:  使用数字作为获取密码的文件描述符
-p password:指定明文本密码输入(安全性较差)
-e:         从环境变量SSHPASS获取密码

4. 基本使用

4.1 文件方式

[root@207_syslog ~]# sshpass echo "cmz" > user.passwd
[root@207_syslog ~]# sshpass -f user.passwd ssh root@172.17.9.200
Last login: Wed Dec  7 10:40:13 2016 from 172.17.9.206

4.2 环境变量方式

[root@207_syslog sshpass-1.06]#  export SSHPASS="cmz"
[root@207_syslog sshpass-1.06]# sshpass -e ssh root@172.17.9.200
Last login: Wed Dec  7 11:02:34 2016 from 172.17.9.207

4.3 密码方式

[root@207_syslog sshpass-1.06]# sshpass -p cmz ssh root@172.17.9.200
Last login: Wed Dec  7 11:00:12 2016 from 172.17.9.206

4.4 远程执行命令

[root@207_syslog sshpass-1.06]# sshpass -p cmz ssh root@172.17.9.200 "ifconfig|grep inet"
    inet 172.17.9.200  netmask 255.255.255.192  broadcast 172.17.9.255
    inet6 fe80::250:56ff:feb0:710e  prefixlen 64  scopeid 0x20<link>
    inet 127.0.0.1  netmask 255.0.0.0
    inet6 ::1  prefixlen 128  scopeid 0x10<host>
    inet 172.17.9.208  netmask 255.255.255.255
    inet 192.168.122.1  netmask 255.255.255.0  broadcast 192.168.122.255

4.5 远程执行脚本

4.5.1 远程新建脚本

[root@200_tomcat ~]# ll /opt/test.sh
-rw-r--r--. 1 root root 61 Dec  7 11:18 /opt/test.sh
[root@200_tomcat ~]# cat /opt/test.sh
#!/bin/bash
echo "this test for remote"
ifconfig | grep inet

4.5.2 本地远程执行

[root@207_syslog sshpass-1.06]# sshpass -p cmz ssh root@172.17.9.200 "sh /opt/test.sh"
this test for remote
inet 172.17.9.200  netmask 255.255.255.192  broadcast 172.17.9.255
inet6 fe80::250:56ff:feb0:710e  prefixlen 64  scopeid 0x20<link>
inet 127.0.0.1  netmask 255.0.0.0
inet6 ::1  prefixlen 128  scopeid 0x10<host>
inet 172.17.9.208  netmask 255.255.255.255
inet 192.168.122.1  netmask 255.255.255.0  broadcast 192.168.122.255

此时说明,已经执行了远端程序。