我正在尝试编写一个读取本地PC上的凭证文件的迷你脚本,该脚本使用用户/密码作为参数调用远程计算机上的另一个脚本。我在远程机器上使用Fabric2来ssh。这一切都有效,但我不想像现在那样将凭证作为明文发送。我希望它尽可能安全,因为我想在生产中实现它。有什么建议吗?
如果我运行ps -ef |,那么最大的问题就是在远程服务器上grep py我看到两个用户名/密码清除为这样的参数:
armkreuz 6780 6779 0 15:11? 00:00:00 /usr/bin/python3.6 /home/armkreuz/scripts/test_password.py [email protected] test123
#Local script
from os.path import expanduser,isfile
from getpass import getpass
import sys
home = expanduser('~')
from fabric import Connection
if not isfile(f"{home}\AppData\Roaming\comcast_credential"):
user = input('Enter your email adress: ')
password = getpass("Enter your password: ")
with open(f"{home}\AppData\Roaming\comcast_credential", 'w') as cred_file:
cred_file.write(f"{user}\n")
cred_file.write(password)
else:
with open(f"{home}\AppData\Roaming\comcast_credential") as cred_file:
user=cred_file.readline().rstrip('\n')
password=cred_file.readline()
conn = Connection('[email protected]')
if user == "" or password == "":
print("No user or password")
exit(0)
print(f"User = {user}")
print(f"Password = {password}")
conn.run(f"/home/armkreuz/scripts/test_password.py {user} {password}")
#Remote script
import sys
from time import sleep
user = sys.argv[1]
password = sys.argv[2]
with open('test.txt', 'w') as file:
file.write(f"User = {user}\n")
file.write(f"Password = {password}")
for x in range(1000):
print(x)
sleep(10)