我正在尝试编写一个脚本,将凭据保存到 .netrc 文件中,然后从该文件中读取,以便将它们传递给curl 命令并保存返回的 cookie 文件以供将来使用。我感兴趣的是,这是否是传递用户名和密码的安全方式,如果有中间人攻击,如果我尝试访问的服务器是通过 HTTP 访问的,他们是否能够嗅探凭据。
#!/bin/bash
IP="192.168.0.1"
user="Administrator"
pass="Password1234"
function credentials {
mkdir "${HOME}"/.netrc
rm "${HOME}"/.netrc/credentials.txt
touch "${HOME}"/.netrc/credentials.txt
{ echo "machine ${IP}"; echo "login ${user}"; echo "password ${pass}"; } >> "${HOME}"/.netrc/credentials.txt
chmod 600 "${HOME}"/.netrc/credentials.txt
}
function cookie {
curl -v -c cookie.txt -n "${HOME}"/.netrc/credentials.txt http://"${IP}"/setup.php
}
credentials
cookie
我已经检查过,credentials.txt 文件已正确保存在相应的目录中,并且凭据具有正确的权限,但是当我尝试运行 cookie 功能时,出现以下错误:Couldn't find host 192.168.0.1 in the .netrc file; using defaults。为什么curl无法从credentials.txt文件中获取配置的用户名和密码?
答案1
据我了解(curl 的)手册页,该选项-n仅允许查找.netrc文件,但不需要该文件的文件路径。这是选项--netrc-file。从手册页:
--netrc-file
This option is similar to --netrc, except that you provide the
path (absolute or relative) to the netrc file that Curl should use.
You can only specify one netrc file per invocation. If several
--netrc-file options are provided, only the last one will be used.
(Added in 7.21.5)
This option overrides any use of --netrc as they are mutually
exclusive. It will also abide by --netrc-optional if specified.