myssh

#!/usr/bin/env bash # # myssh.sh — MobaXterm / Linux 通用：纯 bash，不依赖 Python。 # 默认地址簿: /.myssh/book.tsv（可用 MYSSH_DB 或 -f 指定） # 每行: user<TAB>host<TAB>label<TAB>密码的base64 # # 用法: # ./myssh.sh # ./myssh.sh -l 关键字 # ./myssh.sh user@host [-l label] # # MobaXterm: 若从 Windows 拷贝脚本，请保持 LF 换行；CRLF 会导致 shebang 失效，sh/dash 跑不起来。 # 若仍用 sh 执行，下面会尝试自动切到 bash。 # if [ -z "${BASH_VERSION:-}" ]; then exec bash "$0" "$@" fi set -euo pipefail DEFAULT_DB="/.myssh/book.tsv" die() { echo "myssh: $*" >&2; exit 1; } b64_encode() { # Must never fail under "set -e": pipefail + failing base64/openssl would otherwise exit the whole script. local out out=$(printf '%s' "$1" | base64 -w0 2>/dev/null) || true if [[ -n "${out:-}" ]]; then printf '%s' "$out"; return 0; fi out=$(printf '%s' "$1" | openssl base64 -e -A 2>/dev/null) || true if [[ -n "${out:-}" ]]; then printf '%s' "$out"; return 0; fi out=$(printf '%s' "$1" | base64 2>/dev/null | tr -d '\n\r') || true if [[ -n "${out:-}" ]]; then printf '%s' "$out"; return 0; fi die "cannot base64-encode password (need GNU/base64 or openssl in PATH)" } b64_decode() { local out out=$(printf '%s' "$1" | base64 -d 2>/dev/null) || true if [[ -n "${out:-}" ]]; then printf '%s' "$out"; return 0; fi out=$(printf '%s' "$1" | openssl base64 -d -A 2>/dev/null) || true if [[ -n "${out:-}" ]]; then printf '%s' "$out"; return 0; fi printf '' } usage() { cat <<'EOF' myssh.sh — bash SSH helper with local address book (no Python). Usage: myssh.sh myssh.sh -l KEYWORD myssh.sh user@host [-l LABEL] Options: -l, --label LABEL With user@host: save label. Alone: filter list by label substring. -f, --file PATH Book file (default: ~/.myssh/book.tsv or MYSSH_DB). -h, --help This help. MobaXterm: run inside local bash; chmod +x myssh.sh; optional sshpass for saved passwords. EOF } TARGET="" LABEL_SET=0 LABEL_VAL="" DB_PATH="" while [[ $# -gt 0 ]]; do case "$1" in -h|--help) usage exit 0 ;; -l|--label) [[ $# -ge 2 ]] || die "missing value for $1" LABEL_SET=1 LABEL_VAL="$2" shift 2 ;; -f|--file) [[ $# -ge 2 ]] || die "missing value for $1" DB_PATH="$2" shift 2 ;; -*) die "unknown option: $1" ;; *) [[ -z "$TARGET" ]] || die "unexpected extra argument: $1" TARGET="$1" shift ;; esac done DB="${DB_PATH:-${MYSSH_DB:-$DEFAULT_DB}}" mkdir -p "$(dirname "$DB")" 2>/dev/null || true umask 077 # --- 读写记录（TSV）--- load_all_lines() { [[ -f "$DB" ]] || return 0 # 跳过空行 grep -v '^[[:space:]]*$' "$DB" || true } write_all_lines() { local tmp tmp="$(mktemp "${TMPDIR:-/tmp}/myssh.XXXXXX")" if [[ $# -eq 0 ]]; then : >"$tmp" else printf '%s\n' -- "$@" >"$tmp" fi chmod 600 "$tmp" 2>/dev/null || true mv -f "$tmp" "$DB" chmod 600 "$DB" 2>/dev/null || true } find_record_pw_label() { # args: user host -> sets FOUND_PW FOUND_LABEL via nameref or globals local u="$1" h="$2" FOUND_PW="" FOUND_LABEL="" local line user host label pwb64 while IFS=$'\t' read -r user host label pwb64 || [[ -n "${user:-}" ]]; do [[ -z "${user:-}" ]] && continue if [[ "$user" == "$u" && "$host" == "$h" ]]; then FOUND_PW="$(b64_decode "${pwb64:-}")" FOUND_LABEL="${label:-}" return 0 fi done < <(load_all_lines) return 1 } merge_save() { local u="$1" h="$2" pw="$3" lab="$4" local pwb64 new_line user host label oldb pwb64="$(b64_encode "$pw")" new_line=$(printf '%s\t%s\t%s\t%s' "$u" "$h" "$lab" "$pwb64") local -a out=() local found=0 while IFS=$'\t' read -r user host label oldb || [[ -n "${user:-}" ]]; do [[ -z "${user:-}" ]] && continue if [[ "$user" == "$u" && "$host" == "$h" ]]; then out+=("$new_line") found=1 else out+=("$(printf '%s\t%s\t%s\t%s' "$user" "$host" "${label:-}" "${oldb:-}")") fi done < <(load_all_lines) if [[ "$found" -eq 0 ]]; then out+=("$new_line") fi if [[ ${#out[@]} -eq 0 ]]; then write_all_lines else write_all_lines "${out[@]}" fi } label_contains() { local hay="$1" nd="$2" local lh lnd lh=$(printf '%s' "$hay" | tr '[:upper:]' '[:lower:]') lnd=$(printf '%s' "$nd" | tr '[:upper:]' '[:lower:]') [[ "$lh" == *"$lnd"* ]] } run_ssh() { local u="$1" h="$2" pw="$3" local t="${u}@${h}" if [[ -n "$pw" ]] && command -v sshpass >/dev/null 2>&1; then SSHPASS="$pw" sshpass -e ssh "$t" return $? fi if [[ -n "$pw" ]] && ! command -v sshpass >/dev/null 2>&1; then echo "myssh: sshpass not found; running plain ssh (install sshpass for saved password)." >&2 fi ssh "$t" } pick_ssh_from_lines() { # Arg $1: path to TSV file (do not feed list on stdin — stdin must stay the terminal for "read"). local book="${1:?pick_ssh_from_lines: missing book file}" [[ -f "$book" ]] || { echo " (empty)" >&2; return 1; } local -a users=() hosts=() pws=() local i=0 user host label pwb64 pw while IFS=$'\t' read -r user host label pwb64 || [[ -n "${user:-}" ]]; do [[ -z "${user:-}" ]] && continue pw="$(b64_decode "${pwb64:-}")" i=$((i + 1)) users+=("$user") hosts+=("$host") pws+=("$pw") printf ' %3d [%s] %s@%s\n' "$i" "${label:-}" "$user" "$host" done <"$book" if [[ "$i" -eq 0 ]]; then echo " (empty)" >&2 return 1 fi local raw echo -n "Select 1-${i} (Enter to cancel): " >&2 if [[ -r /dev/tty ]]; then read -r raw < /dev/tty || true else read -r raw || true fi raw="${raw:-}" [[ -n "$raw" ]] || return 1 [[ "$raw" =~ ^[0-9]+$ ]] || { echo "myssh: invalid selection" >&2; return 1; } if [[ "$raw" -lt 1 || "$raw" -gt "$i" ]]; then echo "myssh: out of range" >&2 return 1 fi SSH_PICK_U="${users[$((raw - 1))]}" SSH_PICK_H="${hosts[$((raw - 1))]}" SSH_PICK_PW="${pws[$((raw - 1))]}" return 0 } MYSSH_PW_RESULT="" read_password() { local prompt="$1" MYSSH_PW_RESULT="" if [[ ! -t 0 ]]; then if [[ "${MYSSH_PASSWORD+x}" == "x" ]]; then echo "myssh: stdin not a TTY; using MYSSH_PASSWORD from environment." >&2 MYSSH_PW_RESULT="${MYSSH_PASSWORD-}" return 0 fi die "stdin is not a TTY. Use a real terminal, SSH keys (empty password), or export MYSSH_PASSWORD for this session." fi echo "myssh: password is hidden (no stars); type then press Enter." >&2 # Avoid $(read_password): command substitution runs in a subshell and can break TTY reads on some terminals. read -r -s -p "$prompt" MYSSH_PW_RESULT || true echo "" >&2 } # ----- 主流程 ----- if [[ -z "$TARGET" && "$LABEL_SET" -eq 1 ]]; then echo "Entries matching label '${LABEL_VAL}':" tmpf="$(mktemp "${TMPDIR:-/tmp}/myssh.f.XXXXXX")" while IFS=$'\t' read -r user host label pwb64 || [[ -n "${user:-}" ]]; do [[ -z "${user:-}" ]] && continue if label_contains "${label:-}" "$LABEL_VAL"; then printf '%s\t%s\t%s\t%s\n' "$user" "$host" "${label:-}" "${pwb64:-}" fi done < <(load_all_lines) >"$tmpf" if ! pick_ssh_from_lines "$tmpf"; then rm -f "$tmpf" exit 0 fi rm -f "$tmpf" run_ssh "$SSH_PICK_U" "$SSH_PICK_H" "$SSH_PICK_PW" exit $? fi if [[ -z "$TARGET" ]]; then echo "Saved entries:" tmpf="$(mktemp "${TMPDIR:-/tmp}/myssh.f.XXXXXX")" load_all_lines >"$tmpf" if ! pick_ssh_from_lines "$tmpf"; then rm -f "$tmpf" exit 0 fi rm -f "$tmpf" run_ssh "$SSH_PICK_U" "$SSH_PICK_H" "$SSH_PICK_PW" exit $? fi # user@host (use RUSER/RHOST: avoid clobbering login USER / rare HOST env quirks) [[ "$TARGET" == *"@"* ]] || die "expected user@host, got: $TARGET" RUSER="${TARGET%@*}" RHOST="${TARGET#*@}" [[ -n "$RUSER" && -n "$RHOST" ]] || die "invalid user@host: $TARGET" HAVE=0 PREV_PW="" PREV_LABEL="" if find_record_pw_label "$RUSER" "$RHOST"; then HAVE=1 PREV_PW="$FOUND_PW" PREV_LABEL="$FOUND_LABEL" fi if [[ "$HAVE" -eq 1 ]]; then read_password "Password [Enter to keep saved, or type new]: " PW="$MYSSH_PW_RESULT" [[ -n "$PW" ]] || PW="$PREV_PW" else read_password "Password (empty for key-only; entry still saved): " PW="$MYSSH_PW_RESULT" fi if [[ "$LABEL_SET" -eq 1 ]]; then EFFECTIVE_LABEL="$LABEL_VAL" elif [[ "$HAVE" -eq 1 ]]; then EFFECTIVE_LABEL="$PREV_LABEL" else EFFECTIVE_LABEL="" fi echo "myssh: saving book -> $DB" >&2 merge_save "$RUSER" "$RHOST" "$PW" "$EFFECTIVE_LABEL" echo "myssh: starting ssh..." >&2 run_ssh "$RUSER" "$RHOST" "$PW" exit $?