使用 .netrc 文件的 CURL 请求

使用 .netrc 文件的 CURL 请求

我正在尝试编写一个脚本,将凭据保存到 .netrc 文件中,然后从该文件中读取,以便将它们传递给curl 命令并保存返回的 cookie 文件以供将来使用。我感兴趣的是,这是否是传递用户名和密码的安全方式,如果有中间人攻击,如果我尝试访问的服务器是通过 HTTP 访问的,他们是否能够嗅探凭据。

#!/bin/bash

IP="192.168.0.1"
user="Administrator"
pass="Password1234"

function credentials {
    mkdir "${HOME}"/.netrc
    rm "${HOME}"/.netrc/credentials.txt
    touch "${HOME}"/.netrc/credentials.txt
    { echo "machine ${IP}"; echo "login ${user}"; echo "password ${pass}"; } >> "${HOME}"/.netrc/credentials.txt
    chmod 600 "${HOME}"/.netrc/credentials.txt
}

function cookie {
    curl -v -c cookie.txt -n "${HOME}"/.netrc/credentials.txt http://"${IP}"/setup.php
}

credentials
cookie

我已经检查过,credentials.txt 文件已正确保存在相应的目录中,并且凭据具有正确的权限,但是当我尝试运行 cookie 功能时,出现以下错误:Couldn't find host 192.168.0.1 in the .netrc file; using defaults。为什么curl无法从credentials.txt文件中获取配置的用户名和密码?

答案1

据我了解(curl 的)手册页,该选项-n仅允许查找.netrc文件,但不需要该文件的文件路径。这是选项--netrc-file。从手册页:

--netrc-file
   This option is similar to --netrc, except that you provide the 
   path (absolute or relative) to the netrc file that Curl should use. 
   You can  only  specify one netrc file per invocation. If several 
   --netrc-file options are provided, only the last one will be used.       
   (Added in 7.21.5)

   This option overrides any use of --netrc as they are mutually 
   exclusive.  It will also abide by --netrc-optional if specified.

相关内容