如何使用 bash/expect 检查 SSH 登录是否有效
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/12282251/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to use bash/expect to check if an SSH login works
提问by Daniel Kats
My team manages many servers, and company policy dictates that the passwords on these servers must be changed every couple of weeks. Sometimes, our official database of passwords gets out of date for whatever reason (people forget to update it, usually), but we cannot identify this sometimes until months later, since we don't consistently use every server.
我的团队管理着许多服务器,公司政策规定这些服务器上的密码必须每两周更改一次。有时,我们的官方密码数据库会因任何原因过时(人们通常忘记更新它),但有时直到几个月后我们才能识别出这一点,因为我们并没有始终如一地使用每台服务器。
I want to write a script that will scrape the passwords from the database, and use those passwords to attempt an (ssh) login to each server every night, and send an email with the results to the team. I am able to scrape the database for login information, but I'm not sure how to check whether ssh login was successful or not in expect.
我想编写一个脚本,从数据库中抓取密码,并使用这些密码每晚尝试 (ssh) 登录每台服务器,并将结果通过电子邮件发送给团队。我能够抓取数据库以获取登录信息,但我不确定如何在 expect 中检查 ssh 登录是否成功。
I cannot use public key authentication for this task. I wantpassword authentication so I can verify the passwords.
我无法为此任务使用公钥身份验证。我想要密码验证,以便我可以验证密码。
I disable public-key authentication by specifying the following file:
我通过指定以下文件禁用公钥身份验证:
PasswordAuthentication=yes
PubkeyAuthentication=no
My attempts at the expect script:
我对期望脚本的尝试:
# = host, = user, = password, = config file
expect -c "spawn ssh @ -F
expect -re \".*?assword.*?\"
send \"\n\"
...
send \'^D\'"
I thought maybe exit status could indicate the success? Couldn't find anything in the man pages though.
我想也许退出状态可以表明成功?但是在手册页中找不到任何内容。
采纳答案by crowbent
I've been using something like the script below for a similar task.
我一直在使用类似下面的脚本来完成类似的任务。
#!/bin/sh
# Run using expect from path \
exec expect -f "ssh -o PasswordAuthentication=no USER@HOST 'exit' || echo "SSH login failed."
" "$@"
# Above line is only executed by sh
set i 0; foreach n $argv {set [incr i] $n}
set pid [ spawn -noecho ssh @ ]
set timeout 30
expect {
"(yes/no)" {
sleep 1
send "yes\n"
exp_continue
}
"(y/n)" {
sleep 1
send "y\n"
exp_continue
}
password {
sleep 1
send "\n"
exp_continue
}
Password {
sleep 1
send "\n"
exp_continue
}
"Last login" {
interact
}
"Permission denied" {
puts "Access not granted, aborting..."
exit 1
}
timeout {
puts "Timeout expired, aborting..."
exit 1
}
eof {
#puts "EOF reached."
}
}
set status [split [wait $pid]]
set osStatus [lindex $status 2]
set procStatus [lindex $status 3]
if { $osStatus == 0 } {
exit $procStatus
} else {
exit $procStatus
}
回答by anubhava
crowbent has provided you an expect script to test ssh login however I would recommend using Non-interactive ssh password authfor testing out ssh/sftp. sshpass is much more secured and less error prone than expect.
crowbent 为您提供了一个用于测试 ssh 登录的期望脚本,但是我建议使用非交互式 ssh 密码身份验证来测试 ssh/sftp。sshpass 比预期的更安全,更不容易出错。
回答by Francois G
Do you specifically need to check if you can obtain a shell or is trying to execute a command also OK ?
您是否特别需要检查您是否可以获得 shell 或者是否也可以尝试执行命令?
If you just want to check authentication, you may want to do ssh asimplecommand(using echo, hostname, or something as such) and check if you get the expected result.
如果你只是想检查认证,您可能想要做的ssh asimplecommand(使用echo,hostname或作为东西等),如果你得到预期的结果进行检查。
You may also want to launch ssh with -voption, and look for Authentication succeeded(at the debug1 log level).
您可能还想使用-v选项启动 ssh ,并查找Authentication succeeded(在 debug1 日志级别)。
回答by Ansgar Wiechers
The solution to the underlying problem (password database getting out of sync) is to use public key authentication. For everyone. Do NOT bother with passwords when it comes to SSH.
底层问题(密码数据库不同步)的解决方案是使用公钥认证。为了所有人。当涉及到 SSH 时,不要理会密码。
Successful login could be checked like this:
可以像这样检查成功登录:
##代码##