Geo*_*nov 1 security bash shell-script curl .netrc
我正在尝试编写一个脚本,该脚本将凭据保存到 .netrc 文件中,然后从文件中读取,以便将它们传递给 curl 命令并保存返回的 cookie 文件以备将来使用。我很感兴趣,如果这是传递用户名和密码的安全方式,并且如果我试图访问的服务器是通过 HTTP 访问的,那么如果中间有攻击者,他们是否能够嗅探凭据。
#!/bin/bash
IP="192.168.0.1"
user="Administrator"
pass="Password1234"
function credentials {
mkdir "${HOME}"/.netrc
rm "${HOME}"/.netrc/credentials.txt
touch "${HOME}"/.netrc/credentials.txt
{ echo "machine ${IP}"; echo "login ${user}"; echo "password ${pass}"; } >> "${HOME}"/.netrc/credentials.txt
chmod 600 "${HOME}"/.netrc/credentials.txt
}
function cookie {
curl -v -c cookie.txt -n "${HOME}"/.netrc/credentials.txt http://"${IP}"/setup.php
}
credentials
cookie
我已经检查和credentials.txt文件被正确保存在相应的目录和证书具有正确的权限,但是当我尝试运行cookie的,我有以下错误:Couldn't find host 192.168.0.1 in the .netrc file; using defaults。为什么 curl 无法从credentials.txt 文件中获取配置的用户名和密码?
小智 9
据我了解( curl 的)手册页,该选项-n只是启用查找.netrc文件,但它不期望该文件的文件路径。这是选项--netrc-file。从手册页:
--netrc-file
This option is similar to --netrc, except that you provide the
path (absolute or relative) to the netrc file that Curl should use.
You can only specify one netrc file per invocation. If several
--netrc-file options are provided, only the last one will be used.
(Added in 7.21.5)
This option overrides any use of --netrc as they are mutually
exclusive. It will also abide by --netrc-optional if specified.