如何使用 Bash 脚本中的密码运行 sftp 命令?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/5386482/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to run the sftp command with a password from Bash script?
提问by anubhava
I need to transfer a log file to a remote host using sftpfrom a Linux host. I have been provided credentials for the same from my operations group. However, since I don't have control over other host, I cannot generate and share RSA keys with the other host.
我需要使用sftp从 Linux 主机将日志文件传输到远程主机。我已经从我的操作组获得了相同的凭据。但是,由于我无法控制其他主机,因此我无法与其他主机生成和共享 RSA 密钥。
So is there a way to run the sftpcommand (with the username/password provided) from inside the Bash script through a cronjob?
那么有没有办法sftp通过cron作业从 Bash 脚本内部运行命令(使用提供的用户名/密码)?
I found a similar Stack Overflow question, Specify password to sftp in a Bash script, but there was no satisfactory answer to my problem.
我发现了一个类似的 Stack Overflow 问题,Specify password to sftp in a Bash script,但我的问题没有令人满意的答案。
回答by anubhava
You have a few options other than using public key authentication:
除了使用公钥身份验证之外,您还有一些选择:
- Use keychain
- Use sshpass(less secured but probably that meets your requirement)
- Use expect(least secured and more coding needed)
If you decide to give sshpass a chance here is a working script snippet to do so:
如果您决定给 sshpass 一个机会,这里有一个工作脚本片段可以这样做:
export SSHPASS=your-password-here
sshpass -e sftp -oBatchMode=no -b - sftp-user@remote-host << !
cd incoming
put your-log-file.log
bye
!
回答by Karassik
Another way would be to use lftp:
另一种方法是使用lftp:
lftp sftp://user:password@host -e "put local-file.name; bye"
The disadvantage of this method is that other users on the computer can read the password from tools like psand that the password can become part of your shell history.
这种方法的缺点是计算机上的其他用户可以从诸如此类的工具读取密码ps,并且密码可以成为您的 shell 历史记录的一部分。
A more secure alternative which is available since LFTP 4.5.0 is setting the LFTP_PASSWORDenvironment variable and executing lftp with --env-password. Here's a full example:
自 LFTP 4.5.0 以来可用的更安全的替代方法是设置LFTP_PASSWORD环境变量并使用--env-password. 这是一个完整的例子:
LFTP_PASSWORD="just_an_example"
lftp --env-password sftp://user@host -e "put local-file.name; bye"
LFTP also includes a cool mirroring feature (can include delete after confirmed transfer '--Remove-source-files'):
LFTP 还包括一个很酷的镜像功能(可以包括在确认传输后删除“--Remove-source-files”):
lftp -e 'mirror -R /local/log/path/ /remote/path/' --env-password -u user sftp.foo.com
回答by rezizter
Expect is a great program to use.
Expect 是一个很好用的程序。
On Ubuntu install it with:
在 Ubuntu 上安装它:
sudo apt-get install expect
On a CentOS Machine install it with:
在 CentOS 机器上安装它:
yum install expect
Lets say you want to make a connection to a sftp server and then upload a local file from your local machine to the remote sftp server
假设您想连接到 sftp 服务器,然后将本地文件从本地机器上传到远程 sftp 服务器
#!/usr/bin/expect
spawn sftp [email protected]
expect "password:"
send "yourpasswordhere\n"
expect "sftp>"
send "cd logdirectory\n"
expect "sftp>"
send "put /var/log/file.log\n"
expect "sftp>"
send "exit\n"
interact
This opens a sftp connection with your password to the server.
这将使用您的密码打开一个到服务器的 sftp 连接。
Then it goes to the directory where you want to upload your file, in this case "logdirectory"
然后它转到您要上传文件的目录,在本例中为“logdirectory”
This uploads a log file from the local directory found at /var/log/ with the files name being file.log to the "logdirectory" on the remote server
这将从位于 /var/log/ 的本地目录中上传一个日志文件,文件名为 file.log 到远程服务器上的“logdirectory”
回答by Mike S.
You can use lftp interactively in a shell script so the password not saved in .bash_history or similar by doing the following:
您可以在 shell 脚本中以交互方式使用 lftp,因此通过执行以下操作,密码不会保存在 .bash_history 或类似文件中:
vi test_script.sh
Add the following to your file:
将以下内容添加到您的文件中:
#!/bin/sh
HOST=<yourhostname>
USER=<someusername>
PASSWD=<yourpasswd>
cd <base directory for your put file>
lftp<<END_SCRIPT
open sftp://$HOST
user $USER $PASSWD
put local-file.name
bye
END_SCRIPT
And write/quit the vi editor after you edit the host, user, pass, and directory for your put file typing :wq.Then make your script executable chmod +x test_script.shand execute it ./test_script.sh.
并在为您的 put 文件输入编辑主机、用户、密码和目录后编写/退出 vi 编辑器:wq。然后使您的脚本可执行chmod +x test_script.sh并执行它./test_script.sh。
回答by SriniV
You can override by enabling Password less authentication. But you should install keys (pub, priv) before going for that.
您可以通过启用无密码身份验证来覆盖。但是您应该在开始之前安装密钥(pub,priv)。
Execute the following commands at local server.
在本地服务器上执行以下命令。
Local $> ssh-keygen -t rsa
Press ENTER for all options prompted. No values need to be typed.
对于提示的所有选项,请按 ENTER。不需要输入任何值。
Local $> cd .ssh
Local $> scp .ssh/id_rsa.pub user@targetmachine:
Prompts for pwd$> ENTERPASSWORD
Connect to remote server using the following command
使用以下命令连接到远程服务器
Local $> ssh user@targetmachine
Prompts for pwd$> ENTERPASSWORD
Execute the following commands at remote server
在远程服务器上执行以下命令
Remote $> mkdir .ssh
Remote $> chmod 700 .ssh
Remote $> cat id_rsa.pub >> .ssh/authorized_keys
Remote $> chmod 600 .ssh/authorized_keys
Remote $> exit
Execute the following command at local server to test password-less authentication. It should be connected without password.
在本地服务器上执行以下命令以测试无密码身份验证。它应该没有密码连接。
$> ssh user@targetmachine
回答by Mahony
I was recently asked to switch over from ftp to sftp, in order to secure the file transmission between servers. We are using Tectia SSH package, which has an option --passwordto pass the password on the command line.
我最近被要求从 ftp 切换到 sftp,以确保服务器之间的文件传输。我们正在使用 Tectia SSH 包,它可以选择--password在命令行上传递密码。
example : sftp --password="password" "userid"@"servername"
例子 : sftp --password="password" "userid"@"servername"
Batch example :
批处理示例:
(
echo "
ascii
cd pub
lcd dir_name
put filename
close
quit
"
) | sftp --password="password" "userid"@"servername"
I thought I should share this information, since I was looking at various websites, before running the help command (sftp -h), and was i surprised to see the password option.
我想我应该分享这些信息,因为我在运行帮助命令 ( sftp -h)之前正在查看各种网站,并且看到密码选项让我感到惊讶。
回答by Rich Harding
Combine sshpass with a locked-down credentials file and, in practice, it's as secure as anything - if you've got root on the box to read the credentials file, all bets are off anyway.
将 sshpass 与锁定的凭据文件相结合,实际上,它与任何东西一样安全 - 如果您在盒子上拥有 root 权限来读取凭据文件,那么无论如何都不会下注。
回答by Eric Leschinski
Bash program to wait for sftp to ask for a password then send it along:
Bash 程序等待 sftp 要求输入密码,然后将其发送:
#!/bin/bash
expect -c "
spawn sftp username@your_host
expect \"Password\"
send \"your_password_here\r\"
interact "
You may need to install expect, change the wording of 'Password' to lowercase 'p' to match what your prompt receives. The problems here is that it exposes your password in plain text in the file as well as in the command history. Which nearly defeats the purpose of having a password in the first place.
您可能需要安装expect,将“密码”的措辞更改为小写的“p”以匹配您收到的提示。这里的问题是它会在文件和命令历史记录中以纯文本形式公开您的密码。这几乎违背了拥有密码的初衷。
回答by ravi ranjan
You can use sshpass for it. Below are the steps
您可以使用 sshpass。下面是步骤
- Install sshpass For Ubuntu -
sudo apt-get install sshpass - Add the Remote IP to your known-host file if it is first time For Ubuntu -> ssh user@IP -> enter 'yes'
- give a combined command of scp and sshpass for it.
Below is a sample code for war coping to remote tomcat
sshpass -p '#Password_For_remote_machine' scp /home/ubuntu/latest_build/abc.war #user@#RemoteIP:/var/lib/tomcat7/webapps
- 为 Ubuntu 安装 sshpass -
sudo apt-get install sshpass - 如果是第一次将远程 IP 添加到您的已知主机文件对于 Ubuntu -> ssh user@IP -> 输入“是”
- 为其提供 scp 和 sshpass 的组合命令。以下是远程 tomcat 的War应对示例代码
sshpass -p '#Password_For_remote_machine' scp /home/ubuntu/latest_build/abc.war #user@#RemoteIP:/var/lib/tomcat7/webapps
