Skip navigation

如何解决远程执行sudo密码明文回显

  • March 9, 2009 – 10:20 am
  • Posted in Uncategorized
  • Tagged ,

当我们使用脚本远程执行sudo命令的时候,例如 ‘ssh somebox sudo somecmd’, 会发现自己的密码被显示在屏幕上了。其根本原因在于ssh执行sudo的时候没有tty设备被创建,因此也就不会有关闭回显的功能。然后却可以使用ssh的-t参数来创建一个伪终端(pseudo-tty)来解决这个问题。下面是一个利用这个参数的expect脚本。 

#!/usr/bin/expect -f
set passwd ""
set range [lindex $argv 0]
set command [lrange $argv 1 end]
send_user "execute '$command' on $range\n"
stty -echo
send_user "(password) "
expect_user -re "(.*)\n"
stty +echo
set passwd $expect_out(1,string)
send_user "\n"
foreach host [exec xnode -r $range] {
    send_user ">> $host: "
    eval spawn -noecho ssh -t -o StrictHostKeyChecking=no $host "$command"
    match_max 10000
    expect {
        "(yes/no)" {
            send -- "yes\r"
            exp_continue;
        }
        "assword:" {
            send -- "$passwd\r"
            exp_continue;
        }
        "Enter passphrase" {
            send -- "\r"
            exp_continue;
        }
        eof {
        }
    }
}

One Comment

  1. 只需要给 ssh 加上 -tt 参数即可.


Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>