在 Bash 脚本中指定 sftp 的密码
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/5268865/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Specify password to sftp in a Bash script
提问by Eli
I am trying to write a script to back up a file over SFTP. The problem is, it requires a password, and I see no way to manually specify a password to SFTP. I've heard about requiring no password by using public keys, but that requires being able to ssh into the remote server and modify some configuration files, which I cannot do.
我正在尝试编写一个脚本来通过 SFTP 备份文件。问题是,它需要密码,而且我看不到手动为 SFTP 指定密码的方法。我听说使用公钥不需要密码,但这需要能够通过 ssh 进入远程服务器并修改一些配置文件,而我做不到。
Currently my solution is to use cURL, but that is insecure (uses normal FTP). I also looked at the .netrcfile, but that seems to be for FTP instead of SFTP. How do I manually specify a password for sftp?
目前我的解决方案是使用cURL,但这是不安全的(使用普通的 FTP)。我还查看了该.netrc文件,但这似乎是针对 FTP 而不是 SFTP。如何手动为 sftp 指定密码?
回答by Ilya Kharlamov
Lftp allows specifying passwords for both ftp and sftp and does not require public keys at all. Your sh sync script may look like this:
Lftp 允许为 ftp 和 sftp 指定密码,并且根本不需要公钥。您的 sh 同步脚本可能如下所示:
#!/bin/sh
# Define folders
THEFOLDER='/mnt/my/folder'
# List files
THEFILES=`ls -p $THEFOLDER | grep -v "/"`
for file in $THEFILES
do
echo "Processing $file"
lftp -u login,password -e "put $THEFOLDER/$file;quit" theftp/sub/folder
done
回答by Qiang Xu
cURL can support sftp, as documented by the manual:
cURL 可以支持 sftp,如手册所述:
USING PASSWORDS
FTP
To ftp files using name+passwd, include them in the URL like:
curl ftp://name:[email protected]:port/full/path/to/file
or specify them with the -u flag like
curl -u name:passwd ftp://machine.domain:port/full/path/to/file
FTPS
It is just like for FTP, but you may also want to specify and use
SSL-specific options for certificates etc.
Note that using FTPS:// as prefix is the "implicit" way as described in the
standards while the recommended "explicit" way is done by using FTP:// and
the --ftp-ssl option.
SFTP / SCP
This is similar to FTP, but you can specify a private key to use instead of
a password. Note that the private key may itself be protected by a password
that is unrelated to the login password of the remote system. If you
provide a private key file you must also provide a public key file.
回答by Homer6
You might also want to consider using python (the paramiko module), as it can quickly be called from the shell.
您可能还想考虑使用 python(paramiko 模块),因为它可以从 shell 快速调用。
Install the Module
安装模块
pip install paramiko
Example FTP Upload Script
FTP 上传脚本示例
import paramiko
username = 'my_username'
password = 'my_password'
transport = paramiko.Transport((server, 22))
transport.connect(username=username, password=password)
sftp = paramiko.SFTPClient.from_transport(transport)
local_filename = '/tmp/filename'
remote_filename = 'MyFiles/temp.txt'
sftp.put( local_filename, remote_filename )
回答by Jared Kells
You can't specify a password to ssh / scp or sftp from the command line. The only way to connect without prompting for a password is to use public key authentication.
您不能从命令行为 ssh / scp 或 sftp 指定密码。在不提示输入密码的情况下进行连接的唯一方法是使用公钥身份验证。
You say that you can't ssh to the server to modify configuration files but if you can sftp to the server you can probably upload your public key.
你说你不能 ssh 到服务器来修改配置文件,但是如果你可以 sftp 到服务器,你可能可以上传你的公钥。
Your public key just has to go under the .ssh directory in your home directory.
您的公钥只需放在主目录中的 .ssh 目录下即可。
回答by Eric Leschinski
Bash program to wait for sftp to ask for a password then send it along:
Bash 程序等待 sftp 要求输入密码,然后将其发送:
#!/bin/bash
expect -c "
spawn sftp username@your_host
expect \"assword\"
send \"your_password_here\r\"
interact "
Put that in a file called sftp_autologin.sh. The \rsends an to sftp to execute the command. I don't include the 'p' in password because on some systems it's uppercase, others lowercase. expect spawns the sftp command. Waits for the string 'assword' to be seen and sends a command. Then ends.
把它放在一个名为sftp_autologin.sh. 的\r发送为sftp要执行的命令。我没有在密码中包含“p”,因为在某些系统上它是大写的,而其他系统是小写的。期望产生 sftp 命令。等待看到字符串“assword”并发送命令。然后结束。
To get this to work:
要使其工作:
- Install expect, I'm using 5.44.1.15
- Make sure you can sftp to your box in interactive mode and supply a password.
- Make sure this bash script has executable permissions.
- 安装expect,我用的是5.44.1.15
- 确保您可以在交互模式下 sftp 到您的盒子并提供密码。
- 确保此 bash 脚本具有可执行权限。
Then run it:
然后运行它:
chmod +x sftp_autologin.sh
./sftp_autologin.sh
It should drop you into the sftp commandline without prompting you for a password.
它应该让您进入 sftp 命令行,而不会提示您输入密码。
Is it insecure?
它不安全吗?
It's about the most unsecure command you can run. It exposes the password to the commandline history, to anyone else who can read 'ps' output, and basically defeats the entire purpose of passwords all together.
这是关于您可以运行的最不安全的命令。它将密码暴露给命令行历史记录,任何其他可以读取“ps”输出的人,并且基本上完全破坏了密码的全部目的。
But hey what's another log on the fraud fire, it's only about 250b dollars in victim losses per year. Lets go for 500b.
但是,嘿,欺诈火灾的另一个日志是什么,每年受害者损失仅约 250b 美元。让我们去500b。
This automatically runs some commands with the sftp shell and exits automatically when done:
这会自动使用 sftp shell 运行一些命令,并在完成后自动退出:
#!/bin/bash
expect -c "
spawn sftp [email protected]
expect \"assword\"
send \"yourpassword\r\"
expect \"sftp\"
send \"get your_directory/yourfilename.txt\r\"
expect \"sftp\"
send \"exit\r\"
interact "
回答by kojiro
In order to use public keys you do not need to modify any "configuration files". You merely need to leave a copy of your public key in a place where ssh knows to look (normally ~/.ssh/authorized_keys). You can do this with sftp. If you haven't established any authorized_keys file on the server, you can simply put your id_rsa.pub file in its place.
为了使用公钥,您不需要修改任何“配置文件”。您只需要在 ssh 知道要查看的地方(通常是~/.ssh/authorized_keys)留下您的公钥副本。你可以用 sftp 做到这一点。如果您还没有在服务器上建立任何authorized_keys 文件,您可以简单地将您的id_rsa.pub 文件放在它的位置。
