47
SSH密码验证绕过
source link: https://www.linuxprobe.com/sshpass-bypass.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
导读
经常我们使用脚本登入服务器的时候,如果使用ssh 命令,经常会提示密码输入,我们不得不手动输入密码,因为ssh 没有 密码的选项。为了能绕过交互式验证,我们使用sshpass命令解决这个问题:
1. 安装
➜ Desktop sudo yum install sshpass [sudo] password for xuyaowen: Last metadata expiration check: 0:04:22 ago on Mon 02 Jul 2018 11:25:32 AM CST. Package sshpass-1.06-5.fc28.x86_64 is already installed, skipping. Dependencies resolved. Nothing to do. Complete!
检查是否安装
[root@yaowenxu Desktop]# rpm -qa sshpass sshpass-1.06-5.fc28.x86_64
2. 查看 sshpass 命令帮助, 也可以使用 man sshpass
View Code
[root@yaowenxu Desktop]# sshpass Usage: sshpass [-f|-d|-p|-e] [-hV] command parameters -f filename Take password to use from file -d number Use number as file descriptor for getting password -p password Provide password as argument (security unwise) -e Password is passed as env-var "SSHPASS" With no parameters - password will be taken from stdin -P prompt Which string should sshpass search for to detect a password prompt -v Be verbose about what you're doing -h Show help (this screen) -V Print version information At most one of -f, -d, -p or -e should be used
3. 使用密码验证登录
➜ ~ sshpass -p 123 ssh [email protected]
4. ssh 第一次登录提示问题使用:
ssh -o StrictHostKeyChecking=no
来解决
➜ Desktop sshpass -p 123 ssh -o StrictHostKeyChecking=no [email protected] Warning: Permanently added '10.66.8.142' (ECDSA) to the list of known hosts. Last login: Mon Jul 2 10:51:29 2018
5. 优缺点
优点: 快速,便捷
缺点: 密码明文暴露,可以使用 history 命令查找到
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK