免手工输入密码java写法
2018-01-31
我们可以使用 ssh 互信,sshpass 和 expect 等工具来避免手工输密码。使用过程可能会碰到如下需要手工输入 yes 的繁琐场景:
1 2 3 4 | $ ssh username@hostnameThe authenticity of host ... can't be established.ECDSA key fingerprint is ...Are you sure you want to continue connecting (yes/no)? |
为了避免出现上述场景,往 ssh 命令添加如下参数:
1 | $ ssh -o "StrictHostKeyChecking no" username@password |
SSH 互信的配置非常简单,首先生成 ssh key:
1 | $ ssh-keygen |
把 public key 拷贝到信任方中:
1 | $ ssh-copy-id -i ~/.ssh/id_rsa.pub username@hostname |
之后免密执行命令:
1 | $ ssh -o "StrictHostKeyChecking no" username@password cmd |
sshpass 是一个用于非交互的 ssh 密码验证工具,使用前先安装:
1 | $ yum install sshpass |
使用如下:
1 | $ sshpass -p password ssh -o "StrictHostKeyChecking no" username@hostname cmd |
Expect 是用来进行自动化控制和测试的软件工具。虽然学习成本较高,但是 expect 的功能强大,利用 expect 可以方便的执行远程命令。使用前先安装:
1 | $ yum install expect |
例如:
1 2 3 4 5 6 7 8 9 10 | #!/usr/bin/expectspawn ssh -o "StrictHostKeyChecking no" username@hostnameexpect "*assword*"send "password\n"expect "*$*"send "command\n"expect "*$*"send "exit\n"expect eof |
Expect 不仅支持 ssh,还支持 scp, ftp 等工具。
sshpass 和 expect 在支持多条命令上非常类似,只需用 && 连接命令即可:
1 2 | # ssh trust$ ssh -o "StrictHostKeyChecking no" username@password "cmd1 && cmd2" |
例如:
1 2 3 4 5 6 7 8 | # sshpass$ sshpass -p password ssh -o "StrictHostKeyChecking no" username@password "ls -a && mkdir test"# expect......expect "*$*"send "ls -a && mkdir test\n"...... |
对于执行本地脚本,ssh 和 sshpass 的用法类似。
1 2 3 4 5 | # ssh trust$ ssh -o "StrictHostKeyChecking no" username@password bash -s < shell_script.sh# sshpass$ sshpass -p password ssh -o "StrictHostKeyChecking no" username@password bash -s < shell_script.sh |
对于 expect,首先需要把脚本拷贝到远程主机,然后在远程主机执行该脚本,步骤如下:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 | ...# Copy script to remote hostspawn scp -o "StrictHostKeyChecking no" shell_script.sh username@hostname:~/expect "*assword*"send "password\n"expect "*100%*"expect eof# Execute the shell script at remote hostspawn ssh -o "StrictHostKeyChecking no" username@hostnameexpect "*assword*"send "password\n"expect "*$*"send "sh shell_script.sh\n"...... |
有些命令需要 sudo 权限才能执行,但是我们不希望重复的输入密码,我们可以把每条命令修改为如下:
1 | cmd ---> 'echo password | sudo -S cmd' |
例如:
1 | sshpass -p password ssh -o "StrictHostKeyChecking no" username@password "echo password | sudo -S mkdir /newdir" |
对于如 echo, dd 等部分命令,有时会出现如下失败场景:
1 2 | $ sshpass -p password ssh -o "StrictHostKeyChecking no" username@password 'echo password | sudo -S echo hello > /newdir/newfile'bash: /newdir/newfile: 权限不够 |
解决办法如下:
1 2 3 4 | cmd ---> 'echo password | sudo -S sh -c "cmd"'# For example$ sshpass -p password ssh -o "StrictHostKeyChecking no" username@password 'echo WSfdl097018= | sudo -S sh -c "echo hello > /newdir/newfile"' |
如果采用 expect,需要把脚本拷贝到远程主机,然后在远程主机采用 sudo 执行该脚本,相对 sshpass 更简便和健壮:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 | ...# Copy script to remote hostspawn scp -o "StrictHostKeyChecking no" shell_script.sh username@hostname:~/expect "*assword*"send "password\n"expect "*100%*"expect eof# Execute the shell script at remote hostspawn ssh -o "StrictHostKeyChecking no" username@hostnameexpect "*assword*"send "password\n"expect "*$*"send "sudo sh shell_script.sh\n"expect "*assword*"send "password\n"...... |
尚马教育java培训学校
