Aika kalmar sirri ta SSH a kan layi ɗaya tare da fakitin sshpass

Ga wadanda daga cikinmu suke amfani da SSH, ma'ana, daga cikinmu da muke buƙatar samun dama ga kwamfutoci ko kuma sabobin sadarwa koyaushe a cikin kwanakinmu na yau, sun kai ga gajiyawa da buga kalmomin shiga, zai zama:

  1. Mabudi a cikin m: ssh mai amfani @ uwar garke
  2. Jira secondsan seconds
  3. Sabar da muke son haɗawa zata nemi kalmar sirri
  4. Da zarar mun sanya kalmar wucewa kuma danna [Shigar] to za mu sami damar zuwa sabar nesa

Kuma yanzu tambayata, ba sauki a buga kawai ba?

sshpass -p «PASSWORD» ssh root@servidor

Misali, a ce mai amfani yana tushen, sabar ita ce: dev.desdelinux.net kuma kalmar sirri itace mummunan ... to layin zai zama:

sshpass -p xunil ssh root@dev.desdelinux.net

Don cimma wannan kawai dole ne mu girka fakitin shshpassa Debian / Ubuntu ko kayyadaddu zai kasance tare da su sudo dace-samu shigar sshpass A halin yanzu a ArchLinux ko kayyadaddun kaya zasu wadatar da sudo pacman -S sshpass

Idan muna so mu tantance tashar (saboda SSH baya kan tashar jirgin ruwa 22) mun kara -p «tashar jirgin ruwa» ... ma'ana, idan akace tashar 9122 ce:

sshpass -p xunil ssh root@dev.desdelinux.net -p 9122

Don sauƙaƙe duk wannan har ma fiye da haka zamu iya ƙirƙirar laƙabiMisali, yayin aiwatar da server1, dukkan layin ana aiwatar dashi don haɗawa ta hanyar SSH zuwa uwar garken1 (sshpass -p mai amfani da kalmar sirri @ uwar garken1) ko wani abu makamancin haka, saboda haka zamu adana saka dogon layi 😉

Koyaya, Ina fata wannan ya kasance mai amfani a gare ku.

A hanyar, wata hanyar don kauce wa rubuta kalmar sirri lokacin da muke samun dama ta hanyar SSH ita ce ta amfani mabuɗan jama'a da masu zaman kansu.

gaisuwa


29 comments, bar naka

Bar tsokaci

Your email address ba za a buga. Bukata filayen suna alama da *

*

*

  1. Wanda ke da alhakin bayanan: Miguel Ángel Gatón
  2. Manufar bayanan: Sarrafa SPAM, sarrafa sharhi.
  3. Halacci: Yarda da yarda
  4. Sadarwar bayanan: Ba za a sanar da wasu bayanan ga wasu kamfanoni ba sai ta hanyar wajibcin doka.
  5. Ajiye bayanai: Bayanin yanar gizo wanda Occentus Networks (EU) suka dauki nauyi
  6. Hakkoki: A kowane lokaci zaka iyakance, dawo da share bayanan ka.

  1.   linuxito m

    Nayi hakuri amma wannan mummunan lalacewar tsaro ne !! Kuna da kalmar wucewa a cikin rubutun, fayilolin rubutu bayyananne, tarihin bash, da dai sauransu.
    Don haka, openssh yana tallafawa ingantaccen maɓallin jama'a ta amfani da RSA.
    Godiya ga irin wannan aikin (wanda aka aiwatar da shi ta hanyar batutuwa waɗanda suke kiran kansu "masu gudanarwa") akwai rashin tsaro na kwamfuta da yawa.
    Na gode.

    1.    kari m

      Bari mu gani. Ee, matsala ce ta tsaro amma ba ya nufin cewa "batutuwa" waɗanda suke masu gudanarwa ne ko kuma ba dole bane suyi amfani da wannan hanyar ba. Hanyar ta wanzu kuma ana nuna ta idan yana buƙatar amfani da shi a cikin yanayin da batun tsaro ba batun batun bane. A cikin shagon suke siyar maka da wuka, ka yanke shawara idan kayi amfani da shi don yanke kayan lambu ko kashe wani.

      1.    linuxito m

        Na fahimci matsayinku, amma ina nadamar cewa a cikin wani shafin yanar gizo na irin wannan sanannen suna karfafa irin wannan aikin, kusan kamar "neman gafara ne ga mummunan tsarin gudanarwar" hehe.
        Rungume !!

        1.    kari m

          Har yanzu ban fahimci menene matsalar ba 🙁

          Kamar yadda muka yi magana akan "yadda ake samun ƙarin tsaro" ta fuskoki daban-daban, haka nan muna iya magana akan wasu batutuwa "marasa tsaro". Manufarmu ita ce bayar da bayanan, ya rage naku ku san abin da za mu yi da shi. Kari kan hakan, marubucin dandazon labarai game da tsaro ba zai iya zama, yi imani da ni ba, idan ya zo ga Gudanar da Tsarin Mulki, ba ya yin irin wannan aikin.

          Gaisuwa 😉

          1.    linuxito m

            Na farko, lokacin da nace 'aiwatarwa ta hanyar batutuwan da suke kiran kansu "masu gudanarwa"', banyi magana a kowane lokaci ga marubucin labarin ba, ban fahimci dalilin da yasa suke da saukin kai ba.

            Matsalar, a ra'ayina, ita ce wannan kayan aikin ya sabawa duk kyawawan ayyukan tsaro. Na yi imanin cewa daga al'ummar GNU / Linux dole ne mu kiyaye tsarin aikinmu mai mahimmanci kamar yadda ya kamata. Ina nufin, Ba zan so in ga GNU / Linux sun zama Windows (mai hikima ba).

            Abun takaici akwai da yawa daga cikin masu gudanarwa waɗanda basu san madaidaiciyar hanyar yin abubuwa ba, kuma sun ƙare da amfani da waɗannan kayan aikin akan tsarin mahimmanci.

            Tabbas kuna da 'yancin buga abin da kuke so, amma na maimaita, Na yi nadama da cewa wannan rukunin yanar gizon (ɗayan mafiya mahimmanci a cikin harshen Mutanen Espanya) yana ba da kayan aikin da ke barazanar tsaro.

            Saludos !!

            1.    kari m

              Kuma ku ba Juana da kwanon wankin. Daidai, saboda shafin yanar gizon tunani ne, muna son samar da kowane irin bayani. Na fahimci wannan:

              Wani mai amfani ya zo ya tambaya: Ta yaya zan iya haɗawa zuwa sabar ta hanyar SSH ba tare da neman kalmar sirri ba?
              Suna amsa masa a kowane dandalin: Noooo, wannan batun tsaro ne, ba wanda yake yin hakan.

              Aún sabiendo, el usuario no le dice porque es un problema de seguridad. Mal, muy mal, es bueno que se sepa como hacer las cosas, por eso en Desdelinux:

              Wani mai amfani ya zo ya tambaya: Ta yaya zan iya haɗawa zuwa sabar ta hanyar SSH ba tare da neman kalmar sirri ba?
              Mun rubuta post kuma mu ce: Kuna iya amfani da wannan hanyar, yana aiki ta wannan hanyar amma BA lafiya. Abu mafi aminci shine amfani da wannan ɗayan.

              Wanne kuke ganin ya fi kyau?


            2.    linuxito m

              Yayi, Ina mutunta matsayinku. Gaisuwa mafi kyau!!


            3.    KZKG ^ Gaara m

              SSHPass baya barazanar tsaro, ainihin mutumin da ke barazanar tsaro a kowane hali shine mai amfani da shi yayi amfani da shi.
              Misali, a nan akwai kyakkyawan misali cewa ba a amfani da SSHPass kawai don abin da na yi sharhi a cikin gidan ba, ana iya amfani da shi (misali) fatattakar OpenSSH-Server: http://paste.desdelinux.net/4810

              Aikace-aikacen ba komai bane face hakan, aikace-aikace, amfanin da aka bashi shine zai haifar da gazawa wanda zai kawo cikas ga tsaro ko a'a.

              Dangane da juyayi ko mai saukin kamuwa, kwata-kwata, wataƙila ta yadda kuka faɗi ta (ko kuma cewa karatun yana da wahalar fahimta daidai) amma na fassara cewa an faɗi ra'ayin ne a kaina, idan ba haka ba, ina neman afuwa.

              PS: Tabbas za'a sami da yawa waɗanda zasu sami rubutun da na sanya mai ban sha'awa har ma da LOL!


            4.    linuxito m

              Ok, naji dadin yadda muka cimma yarjejeniya. Murna !!


    2.    KZKG ^ Gaara m

      Shin ban taɓa cewa wannan hanyar ta fi aminci fiye da amfani da maɓallan jama'a da masu zaman kansu ba?

      A cikin wani labarin Na riga na raba yadda za a yi amfani da su [1], yanzu kawai na bayyana wata hanyar don cimma nasara iri ɗaya ko wani abu makamancin haka.

      Kowane mutum na amfani da wanda ya fi dacewa da su, wanda suka fi so. Anan kawai nayi bayanin ɗayan amfani da za'a iya yiwa sshpass, wani kuma zai iya kasancewa ta hanyar rubutun Bash zuwa fatattakar SSH ta hanyar amfani da ƙamus ... amma ku zo, wannan kawai wani amfani ne.

      Ina maimaitawa, Ina raba ilimin da ya shafi GNU / Linux ne kawai. SSHPass bazai zama mafi kyawun zaɓi ga kowane hali ba, amma yana da amfani, kar a yi shakka.

      BTW, yana nufin: (wanda aka aiwatar da shi ta hanyar batutuwa waɗanda suke kiran kansu "masu gudanarwa") ... heh ... heh ... heh ... Na fi so in ba da baki, ba ni da abin da zan tabbatar wa kowa, ban da cewa abokina, ba ku da yawa nesa game da ni wane ne, ƙasa da abin da na sani 😉

      [1] https://blog.desdelinux.net/ssh-sin-password-solo-3-pasos/

      1.    linuxito m

        Kada ku firgita, ya faru cewa a fagen na san mutanen da suke kafa ayyukansu akan Google kuma lokacin warware matsaloli suna kwafa & liƙa irin wannan abu. Sannan mai kula da tsaro shine wanda ke "sanya ƙafafun cikin ƙafafun" lokacin da ya gano irin waɗannan lamuran. Murna !!

      2.    msx m

        Huta mutum, ba shi da daraja 😉

  2.   xykyz m

    Tabbas, amma to kalmar sirri an yi rajista a cikin umarnin da aka yi amfani da su. Saboda dalilan tsaro, bai kamata ayi haka ba ...

    1.    davidlg m

      Wannan shine abin da nake tunani lokacin karanta post ɗin

    2.    KZKG ^ Gaara m

      Ara wannan zuwa ga .bashrc ɗinmu ba zai adana umarnin da ya shafi sshpass ba:
      HISTIGNORE='sshpass *'

      Zan yi post a kan yadda zan yi watsi da umarni don kar su sami tsira zuwa tarihin bash ba da daɗewa ba :)

      1.    safin m

        Wata hanyar don umarni kada a sami ceto shine koyaushe sanya sarari a gaban umarnin. __ ^

  3.   Ignacio m

    Ina tsammanin ya fi aminci don amfani da maɓallan don haɗawa ta hanyar SSH ba tare da shigar da kalmar sirri ba.

    A gefe guda, ƙirƙirar cikakken umarnin laƙabi inda aka adana kalmar sirri na iya zama batun tsaro.

  4.   Saito m

    Idan har a gare ni kuskure ne a cikin tsaro na kwamfuta, amma za mu tabbatar da cewa ba a adana su a cikin tarihin bash ba matsalar da muke yi ba (sai dai wani laƙabi wanda zai zama babba), kuma kamar yadda elav yace a shago saida mana wukar mu ne zamu ga abin da zamu yi amfani da shi

  5.   yayaya 22 m

    Abin sha'awa, amma na fi amfani da mabuɗin jama'a da na sirri waɗanda kuka nuna a wata shigarwa.

  6.   msx m

    @KZKG
    Ina tsammanin ya fi dacewa - kuma amintacce! - Yi amfani da maɓallan RSA / ECDSA tare da maɓallin kewaya (wakilin SSH) don ingantaccen atomatik.
    A halin da nake ciki, ina amfani da maɓallin kewayawa na SSH zuwa Keychain, wanda mutanen Funtoo suka haɓaka, wanda ke aiki sosai, yana amfani da ƙananan albarkatu kuma yana da tsaro sosai:
    http://www.funtoo.org/Keychain

    Alal misali:

    j:0 ~ > AliasSearch ssh
    # SSH management
    alias SSHCOPYIDecdsa='ssh-copy-id -i ~/.ssh/id_ecdsa.pub'
    alias SSHCOPYIDrsa='ssh-copy-id -i ~/.ssh/id_rsa.pub'
    alias SSHKEYGENecdsa='ssh-keygen -t ecdsa -b 521 -C "$(whoami)@$(hostname)-$(date -I)"'
    alias SSHKEYGENrsa='ssh-keygen -t rsa -b 4096 -C "$(whoami)@$(hostname)-$(date -I)"'

    Yadda ake amfani da:
    SSHKEYGEN {ecdsa, rsa}
    SSHCOPYID {ecdsa, rsa} mai amfani @ {saba, ip}


    # SSH servers
    alias SERVER1mosh='eval $(keychain --eval --agents ssh -Q --quiet id_ecdsa) && mosh -p # usr1@server1'
    alias SERVER1='eval $(keychain --eval --agents ssh -Q --quiet id_ecdsa) && ssh -v -p # usr1@server1.local'
    alias SERVER101='eval $(keychain --eval --agents ssh -Q --quiet id_ecdsa) && ssh -v -p # usr1@[direc. ip].101'

    Inda:
    -p #: tashar jiragen ruwa
    usr1 @ server1: mai amfani @ uwar garken AVAHI
    usr1@server1.local: mai amfani @ AVAHI uwar garken (ya danganta da yadda aka saita sabar a wasu tsarin ya zama dole a kara kari .local)
    usr1 @ [addr. ip] .101: adireshin adireshin IP.

    / sauransu / ssh / sshd_config: http://paste.chakra-project.org/4974/
    ~ / .ssh / jeri: http://paste.chakra-project.org/4975/
    Tsarin aiki: Arch Linux / Chakra

    Ina fatan zai yi muku hidima, gaisuwa!

    1.    KZKG ^ Gaara m

      A gaskiya ina amfani da makulli, ba SSHPass ba don isa ga sabobina ... Na gano SSHPass lokacin da nake buƙatar hanyar yin wannan rubutun: http://paste.desdelinux.net/4810

      Amma ... da kyau, Ina so in raba SSHPass tare da kowa, amma a bayyane ba zan iya sanya nan rubutun da ke ba da damar amfani da ƙamus don ƙoƙarin keta OpenSSH-Server HAHAHA ba!

      1.    msx m

        «[…] Ba zan iya sanya nan rubutun da ke ba da damar amfani da ƙamus don ƙoƙarin keta OpenSSH-Server HAHAHA ba!»
        Amma me yasa ba !!?
        Shin yin Hacking & fatattaka ba wani bangare bane na koyon kyawawan matakan tsaro [0]!?
        Don Allah mutum, ci gaba !!!

        [0] Shin ba kyau bane amfani da kalmomi don ma'anar kishiyar abinda suke nufi a zahiri!? Kashe ilimin harshe !!! ; -D

      2.    guzmanweb m

        Barka dai, na sami wannan kuskuren:

        Yana gwada kalmomin shiga zuwa 192.168.20.11 akan tashar jiragen ruwa 22 tare da mai amfani da tushen
        cat: con-haruffa. txt: Babu irin wannan fayil ɗin ko kundin adireshi

        fayil din da haruffa.txt na kirkiresu?

        gaisuwa

  7.   Eduardo m

    Ba a yi wannan ba, tunda kalmar sirri tana cikin bash_history azaman rubutu bayyananne, baya ga hakan ana iya gano shi ta wata hanyar. Don haka ssh baya tambayar ku kalmar sirri, madaidaiciyar hanyar tana tare da "maɓallan jama'a da masu zaman kansu".

  8.   oscar meza m

    Ina amfani da RSA don haɗawa da sabobin na nesa, duk da haka ina tsammanin cewa haɗi zuwa wasu kwamfutar inda bamu buƙatar irin wannan tsaro mai ƙarfi kayan aiki ne mai kyau, godiya ga tip!

  9.   Nelson m

    Ciuu

  10.   Nebukadnezzar m

    Kuma me zai sa ba za a buga lambata ba don kowa ya samu?

  11.   mario m

    Madalla da kyau !!!!!! kuma a cikin Sifen.

  12.   Gonzalo jarjury m

    Labari mai kyau, kamar yadda koyaushe mutane ke korafi maimakon yin godiya, kodayake hanyar ba ta da tsaro sai ta dogara da inda kuma yadda kuke amfani da ita, na gode sosai 🙂