Linux下非交互式sshpass登录

服务器

浏览数:112

2019-10-16

AD:资源代下载服务

摘要

在命令行 非交互的SSH登录的时候,一般我们可以借助于生成用户的公钥私钥对,然后把公钥添加到远程主机的authorized_keys文件,可以实现非交互无密码登录。

其实这里也可以有另外一种方式实现,即用sshpass命令。

这种情况比较适合Mac下用iterm2 SSH登录到远程主机的时候,长时间不操作导致
packet_write_wait: Connection to 192.168.xxx.xxx port 22: Broken pipe问题的解决办法

安装sshpass

#!/usr/bin/env bash
#coding:    utf-8
#author:    Colin
#date:      2016-12-27
#desc:      install sshpass command 
# 

## download 
cd /tmp

wget http://downloads.sourceforge.net/project/sshpass/sshpass/1.06/sshpass-1.06.tar.gz

## extract
tar -zxvf sshpass-1.06.tar.gz

## compile and install
cd sshpass-1.06

sudo ./configure --prefix=/usr/local/sshpass
Password:
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... ./install-sh -c -d
checking for gawk... no
checking for mawk... no
checking for nawk... no
checking for awk... awk
...

sudo make install

## cp it into path 
cp /usr/local/sshpass/bin/sshpass /usr/bin/

## verify
sshpass
Usage: sshpass [-f|-d|-p|-e] [-hV] command parameters
   -f filename   Take password to use from file
   -d number     Use number as file descriptor for getting password
   -p password   Provide password as argument (security unwise)
   -e            Password is passed as env-var "SSHPASS"
   With no parameters - password will be taken from stdin

   -P prompt     Which string should sshpass search for to detect a password prompt
   -v            Be verbose about what you're doing
   -h            Show help (this screen)
   -V            Print version information
At most one of -f, -d, -p or -e should be used

配置使用

从上面的显示可以看到,sshpass可以使用-p,-f-e参数

Usage: sshpass [-f|-d|-p|-e] [-hV] command parameters
  • -p password 直接跟密码
  • -f filename 把密码明文写入到一个文件中通过文件来读取
  • -e 默认从 SSHPASS 系统变量取值,注意是系统变量

举例

使用-p 参数

root@pts/1 $ /usr/bin/sshpass -p 'root' ssh root@192.168.200.23
Warning: Permanently added '192.168.200.23' (ECDSA) to the list of known hosts.
Last login: Tue Dec 27 17:20:58 2016 from 192.168.200.1
apollo-web-test [~] 2016-12-27 20:16:53
root@pts/9 $
apollo-web-test [~] 2016-12-27 20:17:16
root@pts/9 $
apollo-web-test [~] 2016-12-27 20:17:16
root@pts/9 $ exit
登出
Connection to 192.168.200.23 closed.

使用-f参数

QA-DB [/tmp/sshpass-1.06] 2016-12-27 20:17:25
root@pts/1 $ vim /tmp/200.23password
QA-DB [/tmp/sshpass-1.06] 2016-12-27 20:17:33
root@pts/1 $ /usr/bin/sshpass -f /tmp/200.23password ssh root@192.168.200.23
Warning: Permanently added '192.168.200.23' (ECDSA) to the list of known hosts.
Last login: Tue Dec 27 20:16:53 2016 from 192.168.200.9
apollo-web-test [~] 2016-12-27 20:17:52
root@pts/9 $ exit
登出
Connection to 192.168.200.23 closed.

使用-e参数,注意 SSHPASS系统变量

使用非系统变量报错,不能正确执行,如下:

QA-DB [/tmp/sshpass-1.06] 2016-12-27 20:17:54
root@pts/1 $ SSHPASS='root'
QA-DB [/tmp/sshpass-1.06] 2016-12-27 20:18:08
root@pts/1 $ /usr/bin/sshpass -e ssh root@192.168.200.23
sshpass: -e option given but SSHPASS environment variable not set
Usage: sshpass [-f|-d|-p|-e] [-hV] command parameters
   -f filename   Take password to use from file
   -d number     Use number as file descriptor for getting password
   -p password   Provide password as argument (security unwise)
   -e            Password is passed as env-var "SSHPASS"
   With no parameters - password will be taken from stdin

   -P prompt     Which string should sshpass search for to detect a password prompt
   -v            Be verbose about what you're doing
   -h            Show help (this screen)
   -V            Print version information
At most one of -f, -d, -p or -e should be used
QA-DB [/tmp/sshpass-1.06] 2016-12-27 20:18:18

检查系统变量

root@pts/1 $ env |grep -i SSHPASS
PWD=/tmp/sshpass-1.06
QA-DB [/tmp/sshpass-1.06] 2016-12-27 20:19:32

通过export设置系统变量

root@pts/1 $ export SSHPASS='root'
QA-DB [/tmp/sshpass-1.06] 2016-12-27 20:19:41
root@pts/1 $ env |grep -i SSHPASS
PWD=/tmp/sshpass-1.06
SSHPASS=root
QA-DB [/tmp/sshpass-1.06] 2016-12-27 20:19:42

再使用 -e 连接

root@pts/1 $ /usr/bin/sshpass -e  ssh root@192.168.200.23
Warning: Permanently added '192.168.200.23' (ECDSA) to the list of known hosts.
Last login: Tue Dec 27 20:17:52 2016 from 192.168.200.9
apollo-web-test [~] 2016-12-27 20:19:45
root@pts/9 $

执行远程命令

root@pts/1 $ /usr/bin/sshpass -f /tmp/.password/pass200.23 ssh root@192.168.200.23 'ls -l /tmp'
总用量 6196
drwxr-xr-x 3 root       root          4096 12月 14 21:01 audit-live-log
drwxr-xr-x 7        600        600    4096 12月 27 17:09 child-code

Mac下iterm2配置定制profile

在Mac下可以定制profile,也就类似windows的xshell下主机的定义,具体如下图:

Paste_Image.png
公众号: DailyJobOps

作者:全栈运维