Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
sshpass mit anonymen pipes
View unanswered posts
View posts from last 24 hours
View posts from last 7 days

 
Reply to topic    Gentoo Forums Forum Index Deutsches Forum (German) Diskussionsforum
View previous topic :: View next topic  
Author Message
tazinblack
Veteran
Veteran


Joined: 23 Jan 2005
Posts: 1113
Location: Baden / Germany

PostPosted: Tue Jun 26, 2018 8:38 am    Post subject: sshpass mit anonymen pipes Reply with quote

Hallo zusammen,

ich hab hier diverse Geräte im Netzwerk, bei denen ich mich zwar per SSH anmelden kann, aber die kein pubkey auth unterstützen.
Von diesen Geräten möchte ich gerne die Konfiguration regelmäßig und automatisiert sichern, was entweder per FTP oder TFTP vom Gerät selber aus geht.

Dazu möchte ich sshpass verwenden.
In der Manpage steht
Code:

Options
       If no option is given, sshpass reads the password from the standard input. The  user  may  give  at  most  one
       alternative source for the password:

       -ppassword
              The password is given on the command line. Please note the section titled "SECURITY CONSIDERATIONS".

       -ffilename
              The password is the first line of the file filename.

       -dnumber
              number  is  a  file descriptor inherited by sshpass from the runner. The password is read from the open
              file descriptor.

       -e     The password is taken from the environment variable "SSHPASS".

SECURITY CONSIDERATIONS
       First and foremost, users of sshpass should realize that ssh's insistance on only getting the password  inter‐
       actively is not without reason. It is close to impossible to securely store the password, and users of sshpass
       should consider whether ssh's public key authentication provides the same end-user experience, while involving
       less hassle and being more secure.

       The -p option should be considered the least secure of all of sshpass's options.  All system users can see the
       password in the command line with a simple "ps" command. Sshpass makes a minimal attempt to hide the password,
       but  such attempts are doomed to create race conditions without actually solving the problem. Users of sshpass
       are encouraged to use one of the other password passing techniques, which are all more secure.

       In particular, people writing programs that are meant to communicate the password programatically are  encour‐
       aged to use an anonymous pipe and pass the pipe's reading end to sshpass using the -d option.


Um die möglichst sicherste Variante zu verwenden würde ich gerne die -d Option verwenden. Aber da steh ich etwas auf dem Schlauch wie das gehen soll.
Leider ist kein passendes Beispiel aufzutreiben.

Vielleicht gibt es hier einen Profi der weiterhelfen kann :)
_________________
Gruß / Regards
tazinblack
_______________________________________________________
what's the point in being grown up if you can't be childish sometimes
Back to top
View user's profile Send private message
tazinblack
Veteran
Veteran


Joined: 23 Jan 2005
Posts: 1113
Location: Baden / Germany

PostPosted: Tue Jun 26, 2018 9:58 am    Post subject: Reply with quote

ok, ich glaube ich verstehe es:

Code:
#!/bin/bash

  exec 5< /some/password_file

  sshpass -d 5 ssh user@192.168.1.10 some_command



sollte das gleiche sein wie:

Code:
#!/bin/bash

  sshpass -f /some/password_file ssh user@192.168.1.10 some_command


_________________
Gruß / Regards
tazinblack
_______________________________________________________
what's the point in being grown up if you can't be childish sometimes
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Deutsches Forum (German) Diskussionsforum All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum