bash 在需要密码时检查是否可以进行 SSH 连接
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/34360943/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Check if SSH connection is possible when it needs a password
提问by Rodrigo Sasaki
I am trying to write a script that will server more as a health check or security test. I don't need to actually run anything via SSH.
我正在尝试编写一个脚本,该脚本将更多地用作健康检查或安全测试。我实际上不需要通过 SSH 运行任何东西。
We have a few servers running and for safety reasons we don't always allow SSH to them, and I would like to have a script that I could run that would confirm which are accessible and which are not.
我们有几台服务器在运行,出于安全原因,我们并不总是允许对它们进行 SSH,我想要一个可以运行的脚本,以确认哪些可以访问,哪些不可访问。
I realize that StackExchange is filled with questions like these, so I quickly found this suggestion:
我意识到 StackExchange 充满了这样的问题,所以我很快找到了这个建议:
$ ssh -q user@downhost exit
$ echo $?
255
$ ssh -q user@uphost exit
$ echo $?
0
Basically it would return 255whenever connection is not possible, but here is where I have an issue. Our servers require a key file ANDuser/password authentication.
基本上它会255在无法连接时返回,但这是我遇到问题的地方。我们的服务器需要密钥文件和用户/密码身份验证。
Having BatchMode=yesI could test it fine if I didn't have the password constraint as well.
有BatchMode=yes我有机会测试了罚款,如果我没有密码限制为好。
I can give the script the location of the file, no problem there. But I get 255every time because the server requires a password, as can be seen in this answer.
我可以给脚本文件的位置,没问题。但是我255每次都得到,因为服务器需要密码,正如在这个答案中看到的那样。
So basically my question is:
所以基本上我的问题是:
Is it possible to write a script that would let me know if it is possible to connect to these servers via SSH (given my constraints), and if it is what would that look like?
是否可以编写一个脚本,让我知道是否可以通过 SSH 连接到这些服务器(考虑到我的限制),如果它看起来像什么?
I don't need the final script as an answer (although that would be preferable). Just some pointers in the right direction would help me a great deal.
我不需要最终的脚本作为答案(尽管这样更可取)。只是一些指向正确方向的指针会对我有很大帮助。
Thanks!
谢谢!
回答by hek2mgl
You can use netcat.
您可以使用netcat.
If you are just interested if the port is open you can use this:
如果您只是对端口是否打开感兴趣,则可以使用以下命令:
if nc -w 5 -z "$server" 22 ; then
echo "Port 22 on $server is open"
fi
If you are also interested if there is actually an ssh daemon running on that port you may analyze the server's hello message:
如果您也有兴趣在该端口上实际运行 ssh 守护程序,您可以分析服务器的 hello 消息:
if [[ $(nc -w 5 "$server" 22 <<< "#!/usr/bin/expect
set timeout 6
set IP [lindex $argv 0]
spawn ssh -o StrictHostKeyChecking=no teste@$IP
expect "password:" {
send_user "\n1\n"
exit
}
send_user "\n0\n"
" ) =~ "OpenSSH" ]] ; then
echo "open ssh is running"
fi
Btw, using the option -wyou can specify a connection timeout (in seconds). I've chosen 5 seconds for this example
顺便说一句,使用该选项-w可以指定连接超时(以秒为单位)。我为这个例子选择了 5 秒
回答by AsK
Can you use "expect"(TCL)? If so, you could use a script like:
你能用“期望”(TCL)吗?如果是这样,您可以使用如下脚本:
ssh-copy-id user@downhost
To run the script use:
要运行脚本,请使用:
./script.sh "SSH server IP"
./script.sh "SSH server IP"
This script will run expect and launch the ssh program connecting to the IP you passed on the 1st argument. If the "password:" prompt is returned to this script, it simply finishes. Of course this is just an idea, you must develop and parse content the script returns.
此脚本将运行 expect 并启动连接到您在第一个参数中传递的 IP 的 ssh 程序。如果“password:”提示返回到这个脚本,它就完成了。当然这只是一个想法,你必须开发和解析脚本返回的内容。
回答by VK Kashyap
If you have valid key installed in your .ssh, you can use following (one time, not part of your script):
如果您的 .ssh 中安装了有效的密钥,则可以使用以下内容(一次,不是脚本的一部分):
ssh -q user@downhost exit
this will ask for your password and copies the key to server so that you can login without password from next time.
这将询问您的密码并将密钥复制到服务器,以便您下次无需密码即可登录。
after that you should be able to run your command without password:
之后,您应该可以在没有密码的情况下运行您的命令:
##代码##hope it will help.
希望它会有所帮助。
