[vox-tech] [OT] Pumping a password using Expect

Karsten M. Self kmself at ix.netcom.com
Fri Jan 6 12:17:22 PST 2006 

on Fri, Jan 06, 2006 at 09:52:56AM -0700, timriley (timriley at appahost.com) wrote:

> ---------- Original Message ----------------------------------
> From: Ken Bloom <kbloom at gmail.com>
> Reply-To: "lugod's technical discussion forum" <vox-tech at lists.lugod.org>
> Date:  Thu, 5 Jan 2006 21:48:10 -0600
> 
> On Thu, Jan 05, 2006 at 06:33:40PM -0700, timriley wrote:
> > How do you have a crontab executed process using Expect
> > pump a password to another computer?
> 
> Ken Bloom wrote:
> > Is this an SSH password you're giving it? If so, try using an SSH
> > keypair for authentication. A passwordless key is no less secure than
> > having the password in the expect file (it's probably more secure),
> > and you can even create single-purpose keys that can only be used to
> > run a single command (see http://www.arches.uga.edu/~pkeck/ssh/,
> > scroll down to "Single-purpose keys") 
> 
> My ultimate goal is to use public/private key pairs after I cross
> the learning curve. Thanks for the resource:
> http://www.arches.uga.edu/~pkeck/ssh/ . However, if someone
> knows of a simple Expect flag to generate a tty when one
> is missing, I'd appreciate the quick solution. 

What learning curve?

    # Test to see if you've got a key, if not, create one.
    test -f ~/.ssh/id_dsa.pub || ssh-keygen -t dsa -N "passphrase"

    # Copy key to remote host
    ssh ~/.ssh/id_dsa.pub user at remotehost 'mkdir .ssh; \
        touch .ssh/authorized_keys; chmod 600 .ssh/authorized_keys; \
        cat >> .ssh/authorized_keys'

    # Test to see if ssh-agent is running, if not, start it.
    test [ "$SSH_AGENT_PID"x -ne x ] && ps $SSH_AGENT_PID ||
        eval ssh_agent

    # enter passphrase
    ssh-add  

... You've now got the ability to do stuff like:

   ssh user at remothost 'command [; command ...]' 

... without having to enter a passphrase each time.

You can use passwordless keys in a reasonably secure environment, or
forced-execution keys to run only a single command.

ssh-agent allows you to enter a passphrase once, then, using the agent,
authenticat without having to enter passphrases each time.  If you're
running any modern GNU/Linux under an X session, it's likely already
running and you just need to ensure you've got a key (ssh-keygen) and
'add-key' to activate it.

Using ssh-agent from shell-only or scheduled (cron, at, batch) jobs is
slightly more complicated, but doable.


Peace.

-- 
Karsten M. Self <kmself at ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
    DON'T PANIC
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://ns1.livepenguin.com/pipermail/vox-tech/attachments/20060106/3a06e4f9/attachment.pgp

More information about the vox-tech mailing list