My Expect脚本以明文形式显示密码/用户,我想隐藏它。
#!/usr/local/bin/expect
########################################################################################### ############
# Input: It will handle two arguments -> a device and a show command.
########################################################################################### ############
# ######### Start of Script ######################
# #### Set up Timeouts - Debugging Variables
log_user 0
set timeout 10
set userid "USER"
set password "PASS"
# ############## Get two arguments - (1) Device (2) Command to be executed
set device [lindex $argv 0]
set command [lindex $argv 1]
spawn /usr/local/bin/ssh -l $userid $device
match_max [expr 32 * 1024]
expect {
-re "RSA key fingerprint" {send "yes\r"}
timeout {puts "Host is known"}
}
expect {
-re "username: " {send "$userid\r"}
-re "(P|p)assword: " {send "$password\r"}
-re "Warning:" {send "$password\r"}
-re "Connection refused" {puts "Host error -> $expect_out(buffer)";exit}
-re "Connection closed" {puts "Host error -> $expect_out(buffer)";exit}
-re "no address.*" {puts "Host error -> $expect_out(buffer)";exit}
timeout {puts "Timeout error. Is device down or unreachable?? ssh_expect";exit}
}
expect {
-re "\[#>]$" {send "term len 0\r"}
timeout {puts "Error reading prompt -> $expect_out(buffer)";exit}
}
expect {
-re "\[#>]$" {send "$command\r"}
timeout {puts "Error reading prompt -> $expect_out(buffer)";exit}
}
expect -re "\[#>]$"
set output $expect_out(buffer)
send "exit\r"
puts "$output\r\n"
答案 0 :(得分:2)
...并添加-OUseBatchMode=Yes以便在您的密钥出现问题时,ssh会立即失败(您可以验证退出代码),而不是只是回到密码模式并挂起(当您正在运行时)交互)
答案 1 :(得分:1)
任何脚本语言都存在同样的问题。如果密码不知道,脚本就无法输入密码......最简单的解决方案是使用无密码的ssh,使用密钥。
答案 2 :(得分:0)
在这里看看格伦的答案:How can I make an expect script prompt for a password?
我试图做同样的事情,发现这很有用。
答案 3 :(得分:0)
以下是期望提示输入用户名和密码的代码:
send_user "Username?\ "
expect_user -re "(.*)\n"
set user $expect_out(1,string)
send_user "password?\ "
stty -echo
expect_user -re "(.*)\n"
stty echo
set password $expect_out(1,string)
或者,如果您需要多次运行并且不想每次都重新输入密码,那么您可以将密码存储在主目录中具有受限权限的文件中(0400)并从那里读取密码。然后在不再需要时删除密码文件。
答案 4 :(得分:0)
当您通过expect发送密码时,如果您执行'ps',则可以使用密码查看整个命令。为避免这种情况,您可以从另一个bash脚本调用expect脚本,该脚本发送大约500个字符的随机字符串,然后输入密码。然后在expect脚本上,您可以将密码称为$ 1变量。
Bash脚本示例:
#!/斌/庆典
字符串= “6e2884f8bf8418bac1ca224472c5d8206e2884f8bf8418bac1ca224472c5d8206e2884f8bf8418bac1ca224472c5d8206e2884f8bf8418bac1ca224472c5d8206e2884f8bf8418bac1ca224472c5d8206e2884f8bf8418bac1ca224472c5d8206e2884f8bf8418bac1ca224472c5d8206e2884f8bf8418bac1ca224472c5d8206e2884f8bf8418bac1ca224472c5d8206e2884f8bf8418bac1ca224472c5d8206e2884f8bf8418bac1ca224472c5d8206e2884f8bf8418bac1ca224472c5d8206e2884f8bf8418bac1ca224472c5d8206e2884f8bf8418bac1ca224472c5d8206e2884f8bf8418bac1ca224472c5d820”
./ expectedcript $ string“MySuperSecretPassword”
并期待脚本示例:
#!/ usr / bin / expect -f
设置超时20
设置字符串[lindex $ argv 0]
设置密码[lindex $ argv 1]
产生ssh“user@192.168.1.1”
期待“assword”
发送“$ password \ r”
希望这可以解决您的问题