具有传递变量的问题,以子shell [英] Having an issue passing variables to subshell
问题描述
因此,这里是我的问题,我有这个剧本我写在那里我出口两个变量,但是他们没有使它成为子shell。
该脚本的一点是要改变一个用户密码,并清除了他们在CentOS和Ubuntu主机pam_tally。
一个小背景是这样的环境中的用户由伪军管理,但密码是所有地方,SSH密钥不允许要么(这是一成不变的,不能改变,所以我有什么,我开始工作)其原因是,每一个日志中必须手动(偶数会议仅限于两个,所以你甚至可以不是用户csshX有效)。
下面是我的脚本
#!/斌/庆典回声请输入用户要更改其密码
阅读NEWUSER
回声用户请输入新密码
阅读-s -p临时密码:TEMPPASSWORDPASSWORD = $ TEMPPASSWORD
出口密码
NEWUSER2 = $ NEWUSER
出口NEWUSER2因为我在HOST {Cluster1中,Cluster2中,cluster3 0} {0} 1..9
做平-c 2 $ I和;&安培; (回声$ I; SSH -t $我'须藤pam_tally2 --user = $ NEWUSER2 --reset回声-e$ PASSWORD \\ n $的密码| sudo的passwd文件$ NEWUSER2须藤CHAGE -d 0 $ NEWUSER2')DONE
您正在使用 SSH
来连接到远程主机并运行该主机上的脚本。 SSH
不当地环境导出到远程会话,而是执行它根据远程用户的远程主机上的配置设置环境在远程主机上登录。
我建议你通过的命令的要执行传递所有需要的值。这可以这样进行:
的ssh -t $ I'
须藤pam_tally2 --user =$ NEWUSER2'--reset
回声-e'$ PASSWORD的'\\ n'$ PASSWORD'|须藤passwd文件'$ NEWUSER2'
须藤CHAGE -d 0'$ NEWUSER2
仔细留心如何使用引号。在您使用的变量每一次,我终止了单引号的字符串(使用
),然后加双引号使用变量(如$ PASSWORD
),然后再次启动单引号的字符串(使用
)。通过这种方式,外壳执行 SSH
命令将扩大变量了,所以你也没有必要将它们传递到远程shell。
但要知道,在密码中的特殊字符(如或
或
或者其它字符一堆)可能意味着使用这种简单的机制。为了反对这种安全以及麻烦,你需要使用%q
在的printf
命令的格式说明符传递之前引用您的值:
的ssh -t$ I$(printf的'
须藤pam_tally2 --user =%Q --reset
{回声%Q;回声%Q; } |须藤的passwd%Q
须藤CHAGE -d 0%Q'\\
$ NEWUSER2$ PASSWORD$ PASSWORD$ NEWUSER2$ NEWUSER2)
So here is my problem, I have this script I wrote where I'm exporting two variables however they're not making it into the subshell.
The point of this script is to change a users password and clear out their pam_tally for CentOS and Ubuntu hosts.
A little background is that this environment's users are managed by puppet but the passwords are all local, ssh keys are not allowed either (this is set in stone and can't be changed so I have to work with what I got) and the reason is that every log in has to be manual (even number of sessions are limited to two so you can't even user csshX effectively).
Here is my script
#!/bin/bash
echo "Please enter user whose password you want to change"
read NEWUSER
echo "Please enter new password for user"
read -s -p "Temp Password:" TEMPPASSWORD
PASSWORD=$TEMPPASSWORD
export PASSWORD
NEWUSER2=$NEWUSER
export NEWUSER2
for i in HOST{cluster1,cluster2,cluster3}0{1..9}
do
ping -c 2 $i && (echo $i ; ssh -t $i '
sudo pam_tally2 --user=$NEWUSER2 --reset
echo -e "$PASSWORD\n$PASSWORD" | sudo passwd $NEWUSER2
sudo chage -d 0 $NEWUSER2
')
done
You are using ssh
to connect to a remote host and run a script on that host. ssh
does not export the local environment to the remote session but instead performs a login on the remote host which sets the environment according to the remote user's configuration on the remote host.
I suggest you pass all needed values via the command you want to execute. This could be done like this:
ssh -t $i '
sudo pam_tally2 --user='"$NEWUSER2"' --reset
echo -e "'"$PASSWORD"'\n'"$PASSWORD"'" | sudo passwd '"$NEWUSER2"'
sudo chage -d 0 '"$NEWUSER2"
Watch closely how this uses quotes. At each occasion where you used a variable, I terminate the single-quoted string (using '
), then add a double-quoted use of the variable (e. g. "$PASSWORD"
) and then start the single-quoted string again (using '
again). This way, the shell executing the ssh
command will expand the variables already, so you have no need to pass them into the remote shell.
But be aware that special characters in the password (like "
or '
or or maybe a bunch of other characters) can mean trouble using this simple mechanism. To be safe against this as well, you would need to use the
%q
format specifier of the printf
command to quote your values before passing them:
ssh -t "$i" "$(printf '
sudo pam_tally2 --user=%q --reset
{ echo %q; echo %q; } | sudo passwd %q
sudo chage -d 0 %q' \
"$NEWUSER2" "$PASSWORD" "$PASSWORD" "$NEWUSER2" "$NEWUSER2")"
这篇关于具有传递变量的问题,以子shell的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!