Linux 如何在不覆盖 TTY 的情况下将密码传递给 su/sudo/ssh?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/233217/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to pass the password to su/sudo/ssh without overriding the TTY?
提问by n-alexander
I'm writing a C Shell program that will be doing suor sudoor ssh. They all want their passwords in console input (the TTY) rather than stdin or the command line.
我正在编写一个 C Shell 程序,它将执行suorsudo或ssh。他们都希望在控制台输入(TTY)而不是标准输入或命令行中输入密码。
Does anybody know a solution?
有人知道解决方案吗?
Setting up password-less sudois not an option.
设置无密码sudo不是一种选择。
expectcould be an option, but it's not present on my stripped-down system.
expect可能是一个选项,但它不存在于我的精简系统中。
采纳答案by Jesse Webb
For sudo there is a -S option for accepting the password from standard input. Here is the man entry:
对于 sudo,有一个 -S 选项用于接受来自标准输入的密码。这是 man 条目:
-S The -S (stdin) option causes sudo to read the password from
the standard input instead of the terminal device.
This will allow you to run a command like:
这将允许您运行如下命令:
echo myPassword | sudo -S ls /tmp
As for ssh, I have made many attempts to automate/script it's usage with no success. There doesn't seem to be any build-in way to pass the password into the command without prompting. As others have mentioned, the "expect" utility seems like it is aimed at addressing this dilemma but ultimately, setting up the correct private-key authorization is the correct way to go when attempting to automate this.
至于 ssh,我曾多次尝试将其使用自动化/编写脚本,但均未成功。似乎没有任何内置方式可以在没有提示的情况下将密码传递给命令。正如其他人所提到的,“ expect”实用程序似乎旨在解决这个难题,但最终,在尝试自动执行此操作时,设置正确的私钥授权是正确的方法。
回答by Marko
Take a look at expectlinux utility.
看看expectlinux 实用程序。
It allows you to send output to stdio based on simple pattern matching on stdin.
它允许您根据 stdin 上的简单模式匹配将输出发送到 stdio。
回答by Aleksandar Ivanisevic
Hardcoding a password in an expect script is the same as having a passwordless sudo, actually worse, since sudo at least logs its commands.
在期望脚本中硬编码密码与使用无密码 sudo 相同,实际上更糟,因为 sudo 至少记录其命令。
回答by diciu
The usual solution to this problem is setuiding a helper app that performs the task requiring superuser access: http://en.wikipedia.org/wiki/Setuid
这个问题的通常解决方案是设置一个帮助应用程序,该应用程序执行需要超级用户访问的任务:http: //en.wikipedia.org/wiki/Setuid
Sudo is not meant to be used offline.
Sudo 不能离线使用。
Later edit: SSH can be used with private-public key authentication. If the private key does not have a passphrase, ssh can be used without prompting for a password.
后期编辑:SSH 可与私钥-公钥身份验证一起使用。如果私钥没有密码短语,则可以在不提示输入密码的情况下使用 ssh。
回答by Marko
You can provide password as parameter to expect script.
您可以提供密码作为期望脚本的参数。
回答by Marko
Set SSH up for Public Key Authentication, with no pasphrase on the Key. Loads of guides on the net. You won't need a password to login then. You can then limit connections for a key based on client hostname. Provides reasonable security and is great for automated logins.
为公钥身份验证设置 SSH,密钥上没有密码。网上有大量的指南。那时您将不需要密码即可登录。然后,您可以根据客户端主机名限制密钥的连接。提供合理的安全性,非常适合自动登录。
回答by mlambie
I wrote some Applescript which prompts for a password via a dialog box and then builds a custom bash command, like this:
我写了一些 Applescript,它通过对话框提示输入密码,然后构建一个自定义的 bash 命令,如下所示:
echo <password> | sudo -S <command>
I'm not sure if this helps.
我不确定这是否有帮助。
It'd be nice if sudo accepted a pre-encrypted password, so I could encrypt it within my script and not worry about echoing clear text passwords around. However this works for me and my situation.
如果 sudo 接受预先加密的密码,那就太好了,这样我就可以在我的脚本中对其进行加密,而不必担心会回显明文密码。但是,这对我和我的情况有效。
回答by Shankar
su -c "Command" < "Password"
Hope it is helpful.
希望它有帮助。
回答by DevOz
echo <password> | su -c <command> <user>
This is working.
这是有效的。
回答by David Dawson
I've got:
我有:
ssh user@host bash -c "echo mypass | sudo -S mycommand"
Works for me.
为我工作。
