1. 首頁
  2. 問答
  3. pexpect和ssh:如何格式化su命令後的一串命令-c

pexpect和ssh:如何格式化su命令後的一串命令-c

2012-02-03 83 views
3

我正在嘗試遍歷服務器列表&密碼來更改一組服務器上的sshd配置,以便我可以登錄/運行命令通過root使用無密碼的SSH密鑰。pexpect和ssh:如何格式化su命令後的一串命令-c

我可以在bash中輕鬆地做到這一點,但我試圖學習Python和(顯然)想要放棄手動輸入密碼。

這裏是我想要做的是bash:

scp ~/.ssh/id_rsa.pub /etc/ssh/sshd_config [email protected]:/tmp/ 

ssh -o StrictHostKeyChecking=no -t [email protected] "su - root -c \"chown root:root /tmp/id_rsa.pub; chmod 600 /tmp/id_rsa.pub; chown root:root /tmp/sshd_config; mkdir /root/.ssh; chown root:root /root/.ssh; chmod 700 /root/.ssh; mv /tmp/id_rsa.pub /root/.ssh/authorized_keys; mv /tmp/sshd_config /etc/ssh/; service sshd reload\""

我已經得到接近用Python Pexpect的這樣做:

import pexpect 

USER="user" 
HOST="192.168.1.1" 
USERPASS="userpass" 
ROOTPASS="rootpass" 

COMMAND1="scp /Users/user/.ssh/id_rsa.pub /Users/user/github/ssh-pexpect/sshd_config %[email protected]%s:/tmp/" % (USER, HOST) 

COMMAND2="ssh -o StrictHostKeyChecking=no -t %[email protected]%s \"su - root -c \"chown root:root /tmp/id_rsa.pub; chmod 600 /tmp/id_rsa.pub; chown root:root /tmp/sshd_config; mkdir /root/.ssh; chown root:root /root/.ssh; chmod 700 /root/.ssh; mv /tmp/id_rsa.pub /root/.ssh/authorized_keys; mv /tmp/sshd_config /etc/ssh/; service sshd reload\"\"" % (USER, HOST) 

child = pexpect.spawn(COMMAND1) 
child.expect('password:') 
child.sendline(USERPASS) 
child.expect(pexpect.EOF) 
print child.before 

child = pexpect.spawn(COMMAND2) 
child.expect('password:') 
child.sendline(USERPASS) 
child.expect('Password:') 
child.sendline(ROOTPASS) 
child.expect(pexpect.EOF) 
print child.before

當我運行COMMAND1(scp'ing ) 工作正常。 但是命令2失敗:

server1:ssh-pexpect user$ python test4.py 

id_rsa.pub         100% 410  0.4KB/s 00:00  
sshd_config         100% 3498  3.4KB/s 00:00  

Traceback (most recent call last): 
    File "test4.py", line 25, in <module> 
    child.expect(pexpect.EOF) 
    File "/Library/Python/2.7/site-packages/pexpect.py", line 1316, in expect 
    return self.expect_list(compiled_pattern_list, timeout, searchwindowsize) 
    File "/Library/Python/2.7/site-packages/pexpect.py", line 1330, in expect_list 
    return self.expect_loop(searcher_re(pattern_list), timeout, searchwindowsize) 
    File "/Library/Python/2.7/site-packages/pexpect.py", line 1414, in expect_loop 
    raise TIMEOUT (str(e) + '\n' + str(self)) 
pexpect.TIMEOUT: Timeout exceeded in read_nonblocking(). 
<pexpect.spawn object at 0x102b796d0> 
version: 2.4 ($Revision: 516 $) 
command: /usr/bin/ssh 
args: ['/usr/bin/ssh', '-o', 'StrictHostKeyChecking=no', '-t', '[email protected]', 'su - root -c chown', 'root:root', '/tmp/id_rsa.pub;', 'chmod', '600', '/tmp/id_rsa.pub;', 'chown', 'root:root', '/tmp/sshd_config;', 'mkdir', '/root/.ssh;', 'chown', 'root:root', '/root/.ssh;', 'chmod', '700', '/root/.ssh;', 'mv', '/tmp/id_rsa.pub', '/root/.ssh/authorized_keys;', 'mv', '/tmp/sshd_config', '/etc/ssh/;', 'service', 'sshd', 'reload'] 
searcher: searcher_re: 
    0: EOF 
buffer (last 100 chars): : Permission denied 
mv: try to overwrite `/etc/ssh/sshd_config', overriding mode 0600 (rw-------)? 
before (last 100 chars): : Permission denied 
mv: try to overwrite `/etc/ssh/sshd_config', overriding mode 0600 (rw-------)? 
after: <class 'pexpect.TIMEOUT'> 
match: None 
match_index: None 
exitstatus: None 
flag_eof: False 
pid: 3612 
child_fd: 4 
closed: False 
timeout: 30 
delimiter: <class 'pexpect.EOF'> 
logfile: None 
logfile_read: None 
logfile_send: None 
maxread: 2000 
ignorecase: False 
searchwindowsize: None 
delaybeforesend: 0.05 
delayafterclose: 0.1 
delayafterterminate: 0.1

如果我運行該腳本之前刪除遠程服務器上的/ etc/ssh/sshd_config文件獲取:

server1:ssh-pexpect user$ python test4.py 
id_rsa.pub         100% 410  0.4KB/s 00:00  
sshd_config         100% 3498  3.4KB/s 00:00  


chown: missing operand 
Try `chown --help' for more information. 
chown: changing ownership of `/tmp/sshd_config': Operation not permitted 
mkdir: cannot create directory `/root/.ssh': Permission denied 
chown: cannot access `/root/.ssh': Permission denied 
chmod: cannot access `/root/.ssh': Permission denied 
mv: accessing `/root/.ssh/authorized_keys': Permission denied 
mv: cannot move `/tmp/sshd_config' to `/etc/ssh/sshd_config': Permission denied 
bash: service: command not found 
Connection to 192.168.1.1 closed.

我甚至不知道如何調試這看看它在哪裏搞亂了。不過,我認爲它並沒有正確解析COMMAND2。 對Python很新,所以任何建議表示讚賞。 謝謝。

來源

2012-02-03 senile_genius

+0

爲了確保安全,您應該在遠程主機上的'/ tmp'中創建一個受限制的目錄,然後再複製這些目錄。如果惡意用戶在名爲id_rsa.pub的'/ tmp'中創建了一個符號鏈接,他們可以做各種令人討厭的事情。要獲得稍微好一點的安全性,請將文件複製到您的主目錄,據推測攻擊者不會擁有任何權限。 – tripleee 2012-02-04 10:25:12

回答

3

你有雙引號COMMAND2,並正確地轉義任何嵌入的雙引號,但你也需要雙轉義任何已經轉義的雙引號。換句話說,並不是真正的Python問題。不過,您可以切換到最外層引號的Python三重引號。這也會更容易閱讀。

編輯:其實,引用的任何適當的消歧將做。由於shell也提供單引號,因此使用單引號的解決方案很好。 Python會允許你使用單引號或其他一些引用工具,如果你還沒有解決問題,我會推薦它(因爲你可以選擇不需要對字符串本身進行任何修改的引號;更少的空間爲錯誤)。

因此,任何這些應該是罰款:

COMMAND2='ssh -o StrictHostKeyChecking=no -t %[email protected]%s "su - root -c \"chown root:root /tmp/id_rsa.pub; chmod 600 /tmp/id_rsa.pub; chown root:root /tmp/sshd_config; mkdir /root/.ssh; chown root:root /root/.ssh; chmod 700 /root/.ssh; mv /tmp/id_rsa.pub /root/.ssh/authorized_keys; mv /tmp/sshd_config /etc/ssh/; service sshd reload\""' % (USER, HOST) 

COMMAND2="""ssh -o StrictHostKeyChecking=no -t %[email protected]%s "su - root -c \"chown root:root /tmp/id_rsa.pub; chmod 600 /tmp/id_rsa.pub; chown root:root /tmp/sshd_config; mkdir /root/.ssh; chown root:root /root/.ssh; chmod 700 /root/.ssh; mv /tmp/id_rsa.pub /root/.ssh/authorized_keys; mv /tmp/sshd_config /etc/ssh/; service sshd reload\"" """ % (USER, HOST) 

COMMAND2="ssh -o StrictHostKeyChecking=no -t %[email protected]%s 'su - root -c \"chown root:root /tmp/id_rsa.pub; chmod 600 /tmp/id_rsa.pub; chown root:root /tmp/sshd_config; mkdir /root/.ssh; chown root:root /root/.ssh; chmod 700 /root/.ssh; mv /tmp/id_rsa.pub /root/.ssh/authorized_keys; mv /tmp/sshd_config /etc/ssh/; service sshd reload\"'" % (USER, HOST)

我需要一個空間,以澄清對相鄰的雙引號添加到三重引號。但是,您可以使用三重單引號。此外,三引號(單人或雙人),允許你嵌入換行符,這顯著提高可讀性:

COMMAND2='''ssh -o StrictHostKeyChecking=no -t %[email protected]%s "su - root -c ' 
    chown root:root /tmp/id_rsa.pub 
    chmod 600 /tmp/id_rsa.pub 
    chown root:root /tmp/sshd_config 
    mkdir /root/.ssh 
    chown root:root /root/.ssh 
    chmod 700 /root/.ssh 
    mv /tmp/id_rsa.pub /root/.ssh/authorized_keys 
    mv /tmp/sshd_config /etc/ssh/ 
    service sshd reload'"''' % (USER, HOST)

來源

2012-02-03 06:26:40 tripleee

+0

謝謝@tripleee。你能複製/過去一個字符串的例子嗎?我嘗試了幾個版本的雙轉義和三引用最外面的引號,它仍然沒有正確解釋COMMAND2。絕對不是Python問題,而是我的大腦問題。 :) – 2012-02-03 16:43:17

+0

感謝澄清和很好的解釋。 – 2012-02-05 05:50:07

1

我最終去爲單引號,而不是試圖找出如何逃脫的雙引號:

COMMAND2="ssh -o StrictHostKeyChecking=no -t %[email protected]%s \"su - root -c 'chown root:root /tmp/id_rsa.pub; chmod 600 /tmp/id_rsa.pub; chown root:root /tmp/sshd_config; mkdir /root/.ssh; chown root:root /root/.ssh; chmod 700 /root/.ssh; mv /tmp/id_rsa.pub /root/.ssh/authorized_keys; mv /tmp/sshd_config /etc/ssh/; service sshd reload'\"" % (USER, HOST)

來源

2012-02-03 21:33:50

相關問題

 相關問題