我想通过命令行直接提供密码来执行 SSH 登录到一台机器,就像我们执行命令的方式一样,sudo如下所示:
echo mypass | sudo -S sh -c 'echo "blablabla" > /etc/1.txt'
需要考虑的要点:
- 我不想使用 sshPass
- 我不想设置无密码 SSH
答案1
存储mypass在脚本中 ( echo mypass | ssh ...) 是一个众所周知的非常糟糕的想法(安全)。它使任何可以读取脚本或ps在您登录到远程系统时运行的人都可以获取密码。这是一个已知问题,并且有一个经过充分测试的解决方案:ssh-copy-id。 来自man page:
trusty (1) ssh-copy-id.1.gz
Provided by: openssh-client_6.6p1-2ubuntu1_i386 bug
NAME
ssh-copy-id — use locally available keys to authorise logins on a remote
machine
SYNOPSIS
ssh-copy-id [-n] [-i [identity_file]] [-p port] [-o ssh_option]
[user@]hostname
ssh-copy-id -h | -?
DESCRIPTION
ssh-copy-id is a script that uses ssh(1) to log into a remote machine
(presumably using a login password, so password authentication should be
enabled, unless you've done some clever use of multiple identities). It
assembles a list of one or more fingerprints (as described below) and
tries to log in with each key, to see if any of them are already
installed (of course, if you are not using ssh-agent(1) this may result
in you being repeatedly prompted for pass-phrases). It then assembles a
list of those that failed to log in, and using ssh, enables logins with
those keys on the remote server. By default it adds the keys by
appending them to the remote user's ~/.ssh/authorized_keys (creating the
file, and directory, if necessary).
如果您不愿意设置无密码 SSH 登录,可以通过使用备用 SSH 密钥(在原始系统上)并仅ssh-add在您想要登录远程系统时使用该密钥来解决。