bash: while read loop - stop if there is variable sshpass

0
votes

i have a problem with my bash script. I read line by line the variable lvm_path_exec, that works. I confirmed it with echo "lvmpath". But as soon as i place a sshpass command into the while statement the script only process the first line which got grepped.

If there is no sshpass command all lines of lvmpath_exec get processed.

Do you see the error? 

lvmpath_exec=$(sshpass -p "${password[$i]}"  ssh ${user[$i]}@${ip[$i]} -p ${port[$i]}  lvdisplay | grep datatest -A 3 | grep Path | awk '{ print $3 }') 

echo "$lvmpath_exec" | while read lvmpath
do
lvmname=datatest
snap=_snapshot
snapname=$lvmname$snap

lvcreate=$(sshpass -p "${password[$i]}"  ssh ${user[$i]}@${ip[$i]} -p ${port[$i]}  lvcreate -L20G -s -n $snapname $lvmpath)

snap_path=$(sshpass -p "${password[$i]}"  ssh ${user[$i]}@${ip[$i]} -p ${port[$i]}  lvdisplay | grep $snapname -A 3 | grep Path | awk '{ print $3 }')

transfer=$(sshpass -p "${password[$i]}"  ssh ${user[$i]}@${ip[$i]} -p ${port[$i]} "dd if=$snap_path | gzip -c" > /tmp/$snapname)

delsnap=$(sshpass -p "${password[$i]}"  ssh ${user[$i]}@${ip[$i]} -p ${port[$i]} lvremove -f $snap_path)

done

UPDATE

I fixed it: replace

echo "$lvmpath_exec" | while read lvmpath

with

for lvmpath in $lvmpath_exec

But shouldnt it work with while read too?

2
bashwhile-loop

2 Answers

1
votes

sshpass works by manipulating stdin to fool ssh into thinking it is getting the password from an interactive user. When you use a ... | while style loop, the loop iterates for every line coming from stdin, which sshpass wipes out after the first call, that's why only the first line gets executed. The for loop doesn't use stdin, that's why it doesn't have this problem.

As man sshpass explains, this tool is inherently insecure and you should really be using public key authentication instead. Also keep in mind that it has other ways of passing the password, using the -p flag is the least safe method of all, and any other method would be safer, for example the -e flag seems trivially easy. I know you might insist you have a legitimate use case, but this is so important I'm just gonna quote from the man page:

   First  and  foremost, users of sshpass should realize that ssh's insis‐
   tance on only getting the password interactively is not without reason.
   It  is close to impossible to securely store the password, and users of
   sshpass should consider whether ssh's public  key  authentication  pro‐
   vides  the  same  end-user  experience, while involving less hassle and
   being more secure.

   The -p option should be considered the least secure of all of sshpass's
   options.   All  system  users  can see the password in the command line
   with a simple "ps" command. Sshpass makes a minimal attempt to hide the
   password,  but such attempts are doomed to create race conditions with‐
   out actually solving the problem. Users of sshpass  are  encouraged  to
   use  one  of  the other password passing techniques, which are all more
   secure.
0
votes

have you tried this..have not tried though

export SSHPASS=password[$i]
sshpass -e ssh -oBatchMode=no user[$i]@{ip[$i]} ..