sshpass: Kyakkyawan Kayan aiki don Shigar SSH mara Ma'amala - Kada a taɓa amfani da Sabar Samfurin

A mafi yawan lokuta, masu gudanar da tsarin Linux suna shiga zuwa sabobin Linux masu nisa ta amfani da SSH ko dai ta hanyar samar da kalmar sirri, ko shiga SSH mara kalmar sirri, ko ingantaccen SSH na tushen maɓalli.

Mene ne idan kuna son samar da kalmar sirri tare da sunan mai amfani zuwa SSH da sauri? wannan shine inda sshpass ke zuwa don ceto.

sshpass kayan aiki ne mai sauƙi da nauyi mai nauyi wanda ke ba mu damar samar da kalmar sirri (tabbacin kalmar sirri ba tare da haɗin kai ba) zuwa umarni da sauri da kanta, ta yadda za a iya aiwatar da rubutun harsashi mai sarrafa kansa don ɗaukar madadin ta hanyar mai tsara cron.

ssh yana amfani da madaidaiciyar damar TTY don tabbatar da cewa ainihin mai amfani da madannai yana ba da kalmar wucewa. Sshpass yana gudanar da ssh a cikin tty mai sadaukarwa, ɓatar da shi zuwa gaskanta cewa yana karɓar kalmar sirri daga mai amfani mai mu'amala.

Muhimmi: Yin amfani da sshpass da aka yi la'akari da mafi ƙarancin tsaro, kamar yadda yake bayyana kalmar sirri ga duk masu amfani da tsarin akan layin umarni tare da umarnin ps mai sauƙi. Ina ba da shawarar sosai ta amfani da ingantaccen kalmar wucewa ta SSH.

Shigar da sshpass akan Linux Systems

A cikin tsarin tushen RedHat/CentOS, da farko kuna buƙatar yum umarni kamar yadda aka nuna.

# yum install sshpass
# dnf install sshpass    [On Fedora 22+ versions]

A kan Debian/Ubuntu da abubuwan da suka samo asali, zaku iya shigar da shi ta amfani da umarnin apt-samun kamar yadda aka nuna.

$ sudo apt-get install sshpass

A madadin, zaku iya shigarwa daga tushe don samun sabon sigar sshpass, da farko zazzage lambar tushe sannan cire abubuwan da ke cikin fayil ɗin tar kuma shigar da shi kamar haka:

$ wget http://sourceforge.net/projects/sshpass/files/latest/download -O sshpass.tar.gz
$ tar -xvf sshpass.tar.gz
$ cd sshpass-1.06
$ ./configure
# sudo make install 

Yadda ake amfani da sshpass a cikin Linux

Ana amfani da sshpass tare da ssh, zaku iya duba duk zaɓuɓɓukan amfani da sshpass tare da cikakkun kwatance ta hanyar ba da umarnin da ke ƙasa:

$ sshpass -h

Usage: sshpass [-f|-d|-p|-e] [-hV] command parameters
   -f filename   Take password to use from file
   -d number     Use number as file descriptor for getting password
   -p password   Provide password as argument (security unwise)
   -e            Password is passed as env-var "SSHPASS"
   With no parameters - password will be taken from stdin

   -h            Show help (this screen)
   -V            Print version information
At most one of -f, -d, -p or -e should be used

Kamar yadda na ambata a baya, sshpass ya fi aminci kuma yana da amfani don dalilai na rubutun, la'akari da umarnin misalin da ke ƙasa.

Shiga zuwa uwar garken Linux ssh mai nisa (10.42.0.1) tare da sunan mai amfani da kalmar wucewa kuma duba tsarin tsarin fayil na tsarin nesa kamar yadda aka nuna.

$ sshpass -p 'my_pass_here' ssh [email  'df -h' 

Muhimmi: Anan, ana ba da kalmar wucewa akan layin umarni wanda a zahiri ba shi da tsaro kuma ba a ba da shawarar yin amfani da wannan zaɓi ba.

Koyaya, don hana nuna kalmar sirri akan allon, zaku iya amfani da tutar -e kuma shigar da kalmar wucewa azaman ƙimar canjin yanayi na SSHPASS kamar ƙasa:

$ export SSHPASS='my_pass_here'
$ echo $SSHPASS
$ sshpass -e ssh [email  'df -h' 

Lura: A cikin misalin da ke sama, SSHPASS canjin yanayi na wucin gadi ne kawai kuma za a cire shi yayin sake yi.

Don saita canjin yanayi na SSHPASS na dindindin, buɗe fayil ɗin /etc/profile kuma rubuta bayanin fitarwa a farkon fayil ɗin:

export SSHPASS='my_pass_here'

Ajiye fayil ɗin kuma fita, sannan gudanar da umarnin da ke ƙasa don aiwatar da canje-canje:

$ source /etc/profile 

A gefe guda, kuna iya amfani da alamar -f kuma sanya kalmar sirri a cikin fayil. Ta wannan hanyar, zaku iya karanta kalmar sirri daga fayil ɗin kamar haka:

$ sshpass -f password_filename ssh [email  'df -h'

Hakanan zaka iya amfani da sshpass don madadin/daidaita fayiloli akan rsync ta amfani da SSH kamar yadda aka nuna:

------- Transfer Files Using SCP ------- 
$ scp -r /var/www/html/example.com --rsh="sshpass -p 'my_pass_here' ssh -l aaronkilik" 10.42.0.1:/var/www/html

------- Backup or Sync Files Using Rsync -------
$ rsync --rsh="sshpass -p 'my_pass_here' ssh -l aaronkilik" 10.42.0.1:/data/backup/ /backup/

Don ƙarin amfani, Ina ba ku shawarar karanta ta cikin shafin sshpass man, rubuta:

$ man sshpass

A cikin wannan labarin, mun bayyana sshpass kayan aiki mai sauƙi wanda ke ba da damar tabbatar da kalmar sirri mara hulɗa. Ko da yake, wannan kayan aikin na iya taimakawa, ana ba da shawarar sosai don amfani da mafi amintaccen hanyar tantance maɓalli na jama'a na ssh.

Da fatan za a bar tambaya ko sharhi ta sashin ra'ayoyin da ke ƙasa don ƙarin tattaunawa.