如何使用Bash脚本的密码运行sftp命令?

时间:2022-01-11 22:11:45

I need to transfer a log file to a remote host using sftp from a Linux host. I have been provided credentials for the same from my operations group. However, since I don't have control over other host, I cannot generate and share RSA keys with the other host.

我需要将一个日志文件传输到远程主机,使用来自Linux主机的sftp。我已经从我的操作组提供了相同的凭证。但是,由于我无法控制其他主机,所以无法与其他主机生成和共享RSA密钥。

So is there a way to run the sftp command (with the username/password provided) from inside the Bash script through a cron job?

那么,是否有一种方法可以通过cron作业在Bash脚本中运行sftp命令(提供用户名/密码)?

I found a similar Stack Overflow question, Specify password to sftp in a Bash script, but there was no satisfactory answer to my problem.

我发现了一个类似的堆栈溢出问题,在Bash脚本中指定了sftp的密码,但是我的问题没有令人满意的答案。

9 个解决方案

#1

126  

You have a few options other than using public key authentication:

除了使用公钥身份验证之外,您还有一些选项:

  1. Use keychain
  2. 使用钥匙链
  3. Use sshpass (less secured but probably that meets your requirement)
  4. 使用sshpass(不安全但可能符合您的要求)
  5. Use expect (least secured and more coding needed)
  6. 使用expect(最不安全,需要更多编码)

If you decide to give sshpass a chance here is a working script snippet to do so:

如果您决定给sshpass一个机会,这里有一个工作脚本代码片段:

export SSHPASS=your-password-here
sshpass -e sftp -oBatchMode=no -b - sftp-user@remote-host << !
   cd incoming
   put your-log-file.log
   bye
!

#2

68  

Another way would be to use lftp:

另一种方法是使用lftp:

lftp sftp://user:password@host  -e "put local-file.name; bye"

The disadvantage of this method is that other users on the computer can read the password from tools like ps and that the password can become part of your shell history.

这种方法的缺点是,计算机上的其他用户可以从像ps这样的工具中读取密码,而密码可以成为shell历史的一部分。

A more secure alternative which is available since LFTP 4.5.0 is setting the LFTP_PASSWORDenvironment variable and executing lftp with --env-password. Here's a full example:

由于LFTP 4.5.0设置了LFTP_PASSWORDenvironment变量,并使用-env-password执行LFTP,因此可以使用更安全的替代方法。这是一个完整的例子:

LFTP_PASSWORD="just_an_example"
lftp --env-password sftp://user@host  -e "put local-file.name; bye"

LFTP also includes a cool mirroring feature (can include delete after confirmed transfer '--Remove-source-files'):

LFTP还包括一个很酷的镜像功能(可以在经过确认的传输“——Remove-source-files”后删除):

lftp -e 'mirror -R /local/log/path/ /remote/path/' --env-password -u user sftp.foo.com

#3

38  

Expect is a great program to use.

Expect是一个很好的应用程序。

On Ubuntu install it with:

在Ubuntu上安装:

sudo apt-get install expect

On a CentOS Machine install it with:

在CentOS的机器上安装:

yum install expect

Lets say you want to make a connection to a sftp server and then upload a local file from your local machine to the remote sftp server

假设您想要连接到sftp服务器,然后将本地文件从本地计算机上传到远程sftp服务器。

#!/usr/bin/expect

spawn sftp username@hostname.com
expect "password:"
send "yourpasswordhere\n"
expect "sftp>"
send "cd logdirectory\n"
expect "sftp>"
send "put /var/log/file.log\n"
expect "sftp>"
send "exit\n"
interact

This opens a sftp connection with your password to the server.

这将打开一个与您的密码到服务器的sftp连接。

Then it goes to the directory where you want to upload your file, in this case "logdirectory"

然后它会转到你想上传文件的目录,在这个例子中是"logdirectory"

This uploads a log file from the local directory found at /var/log/ with the files name being file.log to the "logdirectory" on the remote server

这将从位于/var/log/与文件名称为文件的本地目录上传日志文件。登录到远程服务器上的“logdirectory”。

#4

17  

You can use lftp interactively in a shell script so the password not saved in .bash_history or similar by doing the following:

您可以在shell脚本中交互式地使用lftp,这样就不会在.bash_history或类似的情况下保存密码:

vi test_script.sh

Add the following to your file:

在文件中添加以下内容:

#!/bin/sh
HOST=<yourhostname>
USER=<someusername>
PASSWD=<yourpasswd>

cd <base directory for your put file>

lftp<<END_SCRIPT
open sftp://$HOST
user $USER $PASSWD
put local-file.name
bye
END_SCRIPT

And write/quit the vi editor after you edit the host, user, pass, and directory for your put file typing :wq .Then make your script executable chmod +x test_script.sh and execute it ./test_script.sh.

在编辑主机、用户、传递和目录后,编写/退出vi编辑器:wq,然后让脚本可执行chmod +x test_script。sh并执行它。/test_script.sh。

#5

16  

I was recently asked to switch over from ftp to sftp, in order to secure the file transmission between servers. We are using Tectia SSH package, which has an option --password to pass the password on the command line.

我最近被要求从ftp切换到sftp,以确保服务器之间的文件传输。我们使用的是Tectia SSH包,它有一个选项——口令在命令行上传递密码。

example : sftp --password="password" "userid"@"servername"

示例:sftp——密码="password" "userid"@"servername"

Batch example :

批处理的例子:

(
  echo "
  ascii
  cd pub
  lcd dir_name
  put filename
  close
  quit
    "
) | sftp --password="password" "userid"@"servername"

I thought I should share this information, since I was looking at various websites, before running the help command (sftp -h), and was i surprised to see the password option.

我想我应该分享这些信息,因为我在运行帮助命令(sftp -h)之前浏览了各种各样的网站,我惊讶地看到了密码选项。

#6

13  

You can override by enabling Password less authentication. But you should install keys (pub, priv) before going for that.

您可以通过启用密码较少的身份验证来覆盖。但是你应该先安装钥匙(酒吧,priv)。

Execute the following commands at local server.

在本地服务器上执行以下命令。

Local $> ssh-keygen -t rsa

Press ENTER for all options prompted. No values need to be typed.

按回车键提示所有选项。不需要输入值。

Local $> cd .ssh
Local $> scp .ssh/id_rsa.pub user@targetmachine:
Prompts for pwd$>  ENTERPASSWORD

Connect to remote server using the following command

使用以下命令连接到远程服务器。

Local $> ssh user@targetmachine
Prompts for pwd$> ENTERPASSWORD

Execute the following commands at remote server

在远程服务器上执行以下命令。

Remote $> mkdir .ssh
Remote $> chmod 700 .ssh
Remote $> cat id_rsa.pub >> .ssh/authorized_keys
Remote $> chmod 600 .ssh/authorized_keys
Remote $> exit

Execute the following command at local server to test password-less authentication. It should be connected without password.

在本地服务器上执行以下命令,以测试无密码验证。它应该连接没有密码。

$> ssh user@targetmachine

#7

7  

Combine sshpass with a locked-down credentials file and, in practice, it's as secure as anything - if you've got root on the box to read the credentials file, all bets are off anyway.

将sshpass与一个锁定的凭证文件结合起来,在实践中,它就像任何东西一样安全——如果你在盒子上有根来读取凭证文件,那么所有的赌注都是关闭的。

#8

5  

You can use sshpass for it. Below are the steps

你可以使用sshpass。下面的步骤

  1. Install sshpass For Ubuntu - sudo apt-get install sshpass
  2. 安装sshpass给Ubuntu - sudo apt-get安装sshpass。
  3. Add the Remote IP to your known-host file if it is first time For Ubuntu -> ssh user@IP -> enter 'yes'
  4. 将远程IP添加到您的已知主机文件中,如果是第一次使用Ubuntu -> ssh user@IP ->输入'yes'
  5. give a combined command of scp and sshpass for it. Below is a sample code for war coping to remote tomcat sshpass -p '#Password_For_remote_machine' scp /home/ubuntu/latest_build/abc.war #user@#RemoteIP:/var/lib/tomcat7/webapps
  6. 给出scp和sshpass的联合命令。下面是一个用于处理远程tomcat sshpass -p '#Password_For_remote_machine的scp /home/ubuntu/latest_build/abc的示例代码。战# user@ # RemoteIP:/ var / lib / tomcat7 / webapps

#9

3  

Bash program to wait for sftp to ask for a password then send it along:

Bash程序等待sftp请求密码,然后发送:

#!/bin/bash
expect -c "
spawn sftp username@your_host
expect \"Password\"
send \"your_password_here\r\"
interact "

You may need to install expect, change the wording of 'Password' to lowercase 'p' to match what your prompt receives. The problems here is that it exposes your password in plain text in the file as well as in the command history. Which nearly defeats the purpose of having a password in the first place.

您可能需要安装expect,将“Password”的措辞改为小写的“p”,以匹配您的提示接收到的内容。这里的问题是,它在文件中以及在命令历史中暴露了您的密码。这几乎违背了最初拥有密码的目的。

#1

126  

You have a few options other than using public key authentication:

除了使用公钥身份验证之外,您还有一些选项:

  1. Use keychain
  2. 使用钥匙链
  3. Use sshpass (less secured but probably that meets your requirement)
  4. 使用sshpass(不安全但可能符合您的要求)
  5. Use expect (least secured and more coding needed)
  6. 使用expect(最不安全,需要更多编码)

If you decide to give sshpass a chance here is a working script snippet to do so:

如果您决定给sshpass一个机会,这里有一个工作脚本代码片段:

export SSHPASS=your-password-here
sshpass -e sftp -oBatchMode=no -b - sftp-user@remote-host << !
   cd incoming
   put your-log-file.log
   bye
!

#2

68  

Another way would be to use lftp:

另一种方法是使用lftp:

lftp sftp://user:password@host  -e "put local-file.name; bye"

The disadvantage of this method is that other users on the computer can read the password from tools like ps and that the password can become part of your shell history.

这种方法的缺点是,计算机上的其他用户可以从像ps这样的工具中读取密码,而密码可以成为shell历史的一部分。

A more secure alternative which is available since LFTP 4.5.0 is setting the LFTP_PASSWORDenvironment variable and executing lftp with --env-password. Here's a full example:

由于LFTP 4.5.0设置了LFTP_PASSWORDenvironment变量,并使用-env-password执行LFTP,因此可以使用更安全的替代方法。这是一个完整的例子:

LFTP_PASSWORD="just_an_example"
lftp --env-password sftp://user@host  -e "put local-file.name; bye"

LFTP also includes a cool mirroring feature (can include delete after confirmed transfer '--Remove-source-files'):

LFTP还包括一个很酷的镜像功能(可以在经过确认的传输“——Remove-source-files”后删除):

lftp -e 'mirror -R /local/log/path/ /remote/path/' --env-password -u user sftp.foo.com

#3

38  

Expect is a great program to use.

Expect是一个很好的应用程序。

On Ubuntu install it with:

在Ubuntu上安装:

sudo apt-get install expect

On a CentOS Machine install it with:

在CentOS的机器上安装:

yum install expect

Lets say you want to make a connection to a sftp server and then upload a local file from your local machine to the remote sftp server

假设您想要连接到sftp服务器,然后将本地文件从本地计算机上传到远程sftp服务器。

#!/usr/bin/expect

spawn sftp username@hostname.com
expect "password:"
send "yourpasswordhere\n"
expect "sftp>"
send "cd logdirectory\n"
expect "sftp>"
send "put /var/log/file.log\n"
expect "sftp>"
send "exit\n"
interact

This opens a sftp connection with your password to the server.

这将打开一个与您的密码到服务器的sftp连接。

Then it goes to the directory where you want to upload your file, in this case "logdirectory"

然后它会转到你想上传文件的目录,在这个例子中是"logdirectory"

This uploads a log file from the local directory found at /var/log/ with the files name being file.log to the "logdirectory" on the remote server

这将从位于/var/log/与文件名称为文件的本地目录上传日志文件。登录到远程服务器上的“logdirectory”。

#4

17  

You can use lftp interactively in a shell script so the password not saved in .bash_history or similar by doing the following:

您可以在shell脚本中交互式地使用lftp,这样就不会在.bash_history或类似的情况下保存密码:

vi test_script.sh

Add the following to your file:

在文件中添加以下内容:

#!/bin/sh
HOST=<yourhostname>
USER=<someusername>
PASSWD=<yourpasswd>

cd <base directory for your put file>

lftp<<END_SCRIPT
open sftp://$HOST
user $USER $PASSWD
put local-file.name
bye
END_SCRIPT

And write/quit the vi editor after you edit the host, user, pass, and directory for your put file typing :wq .Then make your script executable chmod +x test_script.sh and execute it ./test_script.sh.

在编辑主机、用户、传递和目录后,编写/退出vi编辑器:wq,然后让脚本可执行chmod +x test_script。sh并执行它。/test_script.sh。

#5

16  

I was recently asked to switch over from ftp to sftp, in order to secure the file transmission between servers. We are using Tectia SSH package, which has an option --password to pass the password on the command line.

我最近被要求从ftp切换到sftp,以确保服务器之间的文件传输。我们使用的是Tectia SSH包,它有一个选项——口令在命令行上传递密码。

example : sftp --password="password" "userid"@"servername"

示例:sftp——密码="password" "userid"@"servername"

Batch example :

批处理的例子:

(
  echo "
  ascii
  cd pub
  lcd dir_name
  put filename
  close
  quit
    "
) | sftp --password="password" "userid"@"servername"

I thought I should share this information, since I was looking at various websites, before running the help command (sftp -h), and was i surprised to see the password option.

我想我应该分享这些信息,因为我在运行帮助命令(sftp -h)之前浏览了各种各样的网站,我惊讶地看到了密码选项。

#6

13  

You can override by enabling Password less authentication. But you should install keys (pub, priv) before going for that.

您可以通过启用密码较少的身份验证来覆盖。但是你应该先安装钥匙(酒吧,priv)。

Execute the following commands at local server.

在本地服务器上执行以下命令。

Local $> ssh-keygen -t rsa

Press ENTER for all options prompted. No values need to be typed.

按回车键提示所有选项。不需要输入值。

Local $> cd .ssh
Local $> scp .ssh/id_rsa.pub user@targetmachine:
Prompts for pwd$>  ENTERPASSWORD

Connect to remote server using the following command

使用以下命令连接到远程服务器。

Local $> ssh user@targetmachine
Prompts for pwd$> ENTERPASSWORD

Execute the following commands at remote server

在远程服务器上执行以下命令。

Remote $> mkdir .ssh
Remote $> chmod 700 .ssh
Remote $> cat id_rsa.pub >> .ssh/authorized_keys
Remote $> chmod 600 .ssh/authorized_keys
Remote $> exit

Execute the following command at local server to test password-less authentication. It should be connected without password.

在本地服务器上执行以下命令,以测试无密码验证。它应该连接没有密码。

$> ssh user@targetmachine

#7

7  

Combine sshpass with a locked-down credentials file and, in practice, it's as secure as anything - if you've got root on the box to read the credentials file, all bets are off anyway.

将sshpass与一个锁定的凭证文件结合起来,在实践中,它就像任何东西一样安全——如果你在盒子上有根来读取凭证文件,那么所有的赌注都是关闭的。

#8

5  

You can use sshpass for it. Below are the steps

你可以使用sshpass。下面的步骤

  1. Install sshpass For Ubuntu - sudo apt-get install sshpass
  2. 安装sshpass给Ubuntu - sudo apt-get安装sshpass。
  3. Add the Remote IP to your known-host file if it is first time For Ubuntu -> ssh user@IP -> enter 'yes'
  4. 将远程IP添加到您的已知主机文件中,如果是第一次使用Ubuntu -> ssh user@IP ->输入'yes'
  5. give a combined command of scp and sshpass for it. Below is a sample code for war coping to remote tomcat sshpass -p '#Password_For_remote_machine' scp /home/ubuntu/latest_build/abc.war #user@#RemoteIP:/var/lib/tomcat7/webapps
  6. 给出scp和sshpass的联合命令。下面是一个用于处理远程tomcat sshpass -p '#Password_For_remote_machine的scp /home/ubuntu/latest_build/abc的示例代码。战# user@ # RemoteIP:/ var / lib / tomcat7 / webapps

#9

3  

Bash program to wait for sftp to ask for a password then send it along:

Bash程序等待sftp请求密码,然后发送:

#!/bin/bash
expect -c "
spawn sftp username@your_host
expect \"Password\"
send \"your_password_here\r\"
interact "

You may need to install expect, change the wording of 'Password' to lowercase 'p' to match what your prompt receives. The problems here is that it exposes your password in plain text in the file as well as in the command history. Which nearly defeats the purpose of having a password in the first place.

您可能需要安装expect,将“Password”的措辞改为小写的“p”,以匹配您的提示接收到的内容。这里的问题是,它在文件中以及在命令历史中暴露了您的密码。这几乎违背了最初拥有密码的目的。

标签:

相关文章