1

我的 Expect 脚本以明文形式显示密码/用户,我想隐藏它。

#!/usr/local/bin/expect
###########################################################################################    ############
# Input: It will handle two arguments -> a device and a show command.
###########################################################################################    ############
# ######### Start of Script ######################
# #### Set up Timeouts - Debugging Variables
log_user 0
set timeout 10
set userid  "USER"
set password  "PASS"
# ############## Get two arguments - (1) Device (2) Command to be executed
set device  [lindex $argv 0] 
set command [lindex $argv 1]
spawn /usr/local/bin/ssh -l $userid $device
match_max [expr 32 * 1024]
expect {
    -re "RSA key fingerprint" {send "yes\r"}
    timeout {puts "Host is known"}
}
expect {
    -re "username: " {send "$userid\r"} 
    -re "(P|p)assword: " {send "$password\r"}
     -re "Warning:" {send "$password\r"}
    -re "Connection refused" {puts "Host error -> $expect_out(buffer)";exit}
    -re "Connection closed"  {puts "Host error -> $expect_out(buffer)";exit}
   -re "no address.*" {puts "Host error -> $expect_out(buffer)";exit}
    timeout {puts "Timeout error. Is device down or unreachable?? ssh_expect";exit}
}
expect {
   -re "\[#>]$" {send "term len 0\r"}
   timeout {puts "Error reading prompt -> $expect_out(buffer)";exit}
}
expect {
   -re "\[#>]$" {send "$command\r"}
   timeout {puts "Error reading prompt -> $expect_out(buffer)";exit}
}
expect -re "\[#>]$"
set output $expect_out(buffer)
send "exit\r"
puts "$output\r\n"
4

5 回答 5

2

...并添加-OUseBatchMode=Yes,如果您的密钥有问题,ssh 将立即失败(您可以验证退出代码),而不仅仅是退回到密码模式并挂起(因为您正在交互运行)

于 2010-06-08T22:45:47.137 回答
1

任何脚本语言都存在同样的问题。如果脚本不知道密码,则无法输入您的密码……最简单的解决方案是使用无密码 ssh,使用密钥。

于 2010-06-08T15:32:06.573 回答
0

在这里看看格伦的回答:如何让期望脚本提示输入密码?

我试图做同样的事情,发现这很有用。

于 2010-06-09T16:20:34.287 回答
0

以下是提示输入用户名和密码的期望代码:

send_user "Username?\ "
expect_user -re "(.*)\n"
set user $expect_out(1,string)

send_user "password?\ "
stty -echo
expect_user -re "(.*)\n"
stty echo
set password $expect_out(1,string)

或者,如果您需要多次运行并且不想每次都重新输入密码,那么您可以将密码存储在具有受限权限 (0400) 的主目录中的文件中,然后从那里读取密码。然后在不再需要时删除密码文件。

于 2015-04-16T00:36:42.493 回答
0

当你通过expect发送密码时,如果你做了一个'ps',你可以查看整个命令和密码。为避免这种情况,您可以从另一个 bash 脚本调用 expect 脚本,发送大约 500 个字符的随机字符串,然后是密码。然后在期望脚本上,您可以将密码称为 $1 变量。

Bash 脚本示例:

#!/斌/ bash
的字符串= “6e2884f8bf8418bac1ca224472c5d8206e2884f8bf8418bac1ca224472c5d8206e2884f8bf8418bac1ca224472c5d8206e2884f8bf8418bac1ca224472c5d8206e2884f8bf8418bac1ca224472c5d8206e2884f8bf8418bac1ca224472c5d8206e2884f8bf8418bac1ca224472c5d8206e2884f8bf8418bac1ca224472c5d8206e2884f8bf8418bac1ca224472c5d8206e2884f8bf8418bac1ca224472c5d8206e2884f8bf8418bac1ca224472c5d8206e2884f8bf8418bac1ca224472c5d8206e2884f8bf8418bac1ca224472c5d8206e2884f8bf8418bac1ca224472c5d8206e2884f8bf8418bac1ca224472c5d820”

./expectscript $string "MySuperSecretPassword"

并期望脚本示例:

#!/usr/bin/expect -f
set timeout 20
set string [lindex $argv 0]
set password [lindex $argv 1]
spawn ssh "user@192.168.1.1"
expect "assword"
send "$password\r"

希望这能解决您的问题。

于 2017-02-10T11:15:19.897 回答