为什么SSH无法在stdin上使用管道密码? [英] Why doesn't SSH work with a piped password on stdin?
问题描述
在典型的Unix系统上,如果我尝试通过管道将原始密码传递到SSH中,则会收到类似
On a typical Unix system, if I try passing a raw password into SSH through a pipe I will get an error like
$ echo password | ssh user@host
Pseudo-terminal will not be allocated because stdin is not a terminal.
完全相同的操作将与键盘输入一起工作,据我了解,键盘输入是通过stdin以完全相同的方式提供的.
The exact same thing will work with keyboard input which as I understand is provided over stdin in exactly the same manner.
我不希望将原始密码传递给SSH(出于太多原因,这很可怕)
I'm not interested in passing a raw password to SSH (this would be terrible for too many reasons to list)
在这种情况下,我想了解键盘输入的stdin与Unix管道输入的stdin之间的区别.
I want to understand what's different in this case between the stdin from a keyboard and the stdin from a Unix pipe.
编辑:我知道SSH密钥的存在以及如何使用它们.我还知道,将纯文本密码传递给ssh是一个坏主意.这个问题只是关于了解通过管道进行的stdin与通过键盘进行的stdin之间发生了什么不同的事情.
I am aware of the existence of SSH keys and how to use them. I am also aware that passing a plaintext password to ssh is a bad idea. This question is only about understanding what is happening differently between stdin from a pipe and the stdin from a keyboard.
推荐答案
如其他答案所述,安全是原因.
As mentioned in the other answer, security is the reason.
从技术角度来看,通过执行echo password | ssh user@host,将字符串推入管道,并且字符正在ssh一侧等待读取.但是大多数密码提示会在显示提示之前将输入截断(并修改为不显示字符-稍后说明).
From technical point of view, by doing echo password | ssh user@host, you push the string to pipe and the characters are waiting on the ssh side to be read. But most of password prompts truncate this input before showing prompt (and modifying it to not-show the characters -- described later).
要回答有关差异的最后一个问题,两者都是某种管道,但是当您在另一侧拥有终端时,可以使用控制字符与此侧进行通信,并且可以读取/设置终端的特定属性,显然在echo的普通管道上都失败了.
To answer the final question about difference, both are some kind of pipes, but when you have terminal on the other side, you can communicate with this side using control characters and you can reading/setting specific properties of the terminal, which both obviously fails on normal pipe from echo.
该错误消息是由于以下事实造成的:当您从终端读取密码时,您修改了终端属性,因此不会显示已写入的字符(即
The error message is caused by the fact, that when you read the password from terminal, you modify terminal properties, so it will not show characters written (so called raw mode). And if the ssh program can't communicate with the terminal it fails like this.
这篇关于为什么SSH无法在stdin上使用管道密码?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
