安全记住bash脚本中的ssh凭据 [英] Safely remembering ssh credentials in bash script
问题描述
想象一下我有一个bash脚本,该脚本通过ssh在远程计算机上执行命令:
Imagine I have a bash script that executes commands on a remote machine via ssh:
# Do something here
ssh otheruser@host command1
# Do something else
ssh otheruser@host command2
# Do most local tasks
此脚本提示我多次输入otheruser @ host的凭据.有没有一种安全,简便且可以接受的方式在脚本的生命周期内缓存这些凭据,但可以保证在脚本结束后(正常情况下或发生错误时)丢失这些凭据?也许解决方案将使用ssh-agent?
This script prompts me to enter credentials for otheruser@host multiple times. Is there a safe, easy, and accepted way to cache these credentials for the lifetime of the script but guarantee that they are lost after the script ends (either normally or when an error occurs)? Maybe a solution will use ssh-agent?
我正在寻找这样的东西:
I am looking for something like this:
special_credential_saving_command_here # This will prompt for credentials
ssh otheruser@host command1 # This will not prompt now
ssh otheruser@host command2 # This will not prompt either
我在这里的动机是避免在同一脚本中多次输入凭据,而不会冒脚本终止后这些凭据仍然存在的风险.输入凭证不仅麻烦,而且还需要我等待脚本完成,以便我可以输入凭证而不是让凭证独自运行(这是一个长期运行的脚本).
My motivation here is to avoid entering the credentials multiple times in the same script while not running the risk of those credentials persisting after the script has terminated. Not only is entering the credentials cumbersome, it also requires I wait around for the script to finish so that I can enter the credentials rather than leave it to run on its own (it's a long running script).
推荐答案
使用控制套接字在多个进程之间共享经过身份验证的连接:
Use a control socket to share an authenticated connection among multiple processes:
ssh -fNM -S ~/.ssh/sock otheruser@host # Will prompt for password, then exit
...
ssh -S ~/.ssh/sock otheruser@host command1
ssh -S ~/.ssh/sock otheruser@host command2
...
ssh -S ~/.ssh/sock -O exit otheruser@host # Close the master connection
请参阅ControlPath选项下的man ssh_config,以获取有关如何为控制套接字创建唯一路径的信息.
See man ssh_config, under the ControlPath option, for information on how to create a unique path for the control socket.
这篇关于安全记住bash脚本中的ssh凭据的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
