使用ssh时如何自动输入密码? [英] how to automatically enter password when using ssh?
问题描述
如何在Perl中自动输入密码?
How can I automate the entering of password in Perl?
代码:
my $makecmd .= system "ssh remotehost;";
system( "$makecmd" );
输出:
Enter passphrase for key '~/.ssh/id_rsa':
推荐答案
您可以使用SSH代理将密码短语存储在内存中.尽管此方法比使用未加密的密钥更麻烦,但它稍微更安全. O'Reilly的书 SSH,《安全外壳:权威指南》 第11.1章,
You can use an SSH agent to store the passphrase in memory. Although this approach is more cumbersome than using an unencrypted key, it is slightly more secure. There is an excellent comparison of the two methods in the O'Reilly book SSH, The Secure Shell: The Definitive Guide under chapter 11.1, Unattended SSH: Batch or cron Jobs.
使用未加密(无密码短语)密钥的最大优点是易于配置.要生成具有空密码短语的密钥或将现有密钥的密码短语设置为空,请运行
The big advantage of using an unencrypted (passphrase-less) key is ease of configuration. To generate a key with an empty passphrase or to set the passphrase to nothing on an existing key, run
ssh-keygen -f ~/.ssh/id_rsa -p
就是这样,不需要更多配置.这样做的最大缺点是您的私钥现在以纯文本格式位于文件系统上.
And that's it, no more configuration required. The big drawback to this is that your private key is now sitting on your filesystem in plain text.
SSH代理的配置过程涉及更多,并且取决于您使用的代理. O'Reilly图书的第6.3章 SSH代理和IBM developerWorks文章 SSH安全和配置入门描述了如何配置ssh-agent,这是OpenSSH随附的默认代理. SSH密钥上的archlinux Wiki页面还描述了其他代理,例如GNOME Keyring和pam_ssh.
The configuration process for an SSH agent is more involved and depends on which agent you use. Chapter 6.3 of the O'Reilly book, SSH Agents, and the IBM developerWorks article Getting started with SSH security and configuration describe how to configure ssh-agent, the default agent included with OpenSSH. The archlinux wiki page on SSH Keys also describes other agents like GNOME Keyring and pam_ssh.
让我们看一下ssh-agent的设置过程.当您运行命令
Let's look at the set-up process for ssh-agent. When you run the command
ssh-agent
它不仅启动代理,还吐出用于设置某些环境变量的shell命令.在Bourne样式的外壳中,输出如下所示:
it not only starts the agent, but also spits out shell commands for setting some environment variables. In a Bourne-style shell, the output looks like this:
$ ssh-agent
SSH_AUTH_SOCK=/tmp/ssh-barrett/ssh-3654-agent; export SSH_AUTH_SOCK;
SSH_AGENT_PID=3655; export SSH_AGENT_PID;
echo Agent pid 3655;
这些环境变量告诉您的Shell如何访问代理.使用代理的任何脚本都需要设置这些环境变量.您可以将shell命令保存到文件中,以供以后调用代理时使用:
These environment variables tell your shell how to access the agent. Any scripts that use the agent will need these environment variables to be set. You can save the shell commands to a file for later use when you first invoke the agent:
$ ssh-agent | head -2 > ~/agent-info
接下来,您需要将私钥添加到代理:
Next you need to add your private key to the agent:
$ source ~/agent-info
$ ssh-add ~/.ssh/id_rsa
Need passphrase for ~/.ssh/id_rsa
Enter passphrase: **************
最后,您需要确保在调用Perl脚本时设置了适当的环境变量.一种方法是编写包装脚本:
Finally, you need to make sure that the appropriate environment variables are set when your Perl script is invoked. One way to do this would be to write a wrapper script:
#!/bin/sh
source ~/agent-info
/path/to/perl/script "$@"
只要代理程序正在运行,您的脚本就可以使用私钥,而无需输入密码.请注意,如果只有一个uid将使用该代理,则最容易在该uid下启动该代理:
As long as the agent is running, your script can use the private key without having to enter the passphrase. Note that if only one uid will be using the agent, it would be easiest to start the agent under that uid:
$ su <script_user> ssh-agent ...
使用代理的一个缺点是您将必须手动重新启动代理,并在服务器重新启动时重新输入密码.这是您使用加密密钥所获得的(可能是边际)额外安全性所要付出的代价.
One drawback to using an agent is that you will have to manually restart the agent and re-enter your passphrase on server reboot. This is the price you pay for the (arguably marginal) additional security you get from using an encrypted key.
这篇关于使用ssh时如何自动输入密码?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
