This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

RE: Expect and ssh


I agree that public key authentication is best. Here is even another way
(gotta love unix type things --- million ways to do the same thing!): perl
and its expect module works fine:

#!/usr/local/bin/perl -w

use strict;
use Expect;

# Optional debugging, explained later.
#$Expect::Debug=1;
#$Expect::Exp_Internal=1;
#$Expect::Log_Stdout=0; # On by default.

# Could put a loop here with different host names so you can ssh to multiple
servers...
my $hostname = "put_server_name_here";
my $user = "put_user_name_here";

my $ssh = Expect->spawn("ssh -l $user $hostname")) or
return "Couldn't spawn ssh connection, ".$ssh->exp_error()."\n";

unless ($ssh->expect(30,-re,'#')) {
	return "Never got the prompt on $hostname during login,
".$ssh->exp_error()."\n";
}
$ssh->clear_accum();

my $cmd = "/usr/bin/ls";
print $ssh "$cmd\r";

# Now we look for a prompt, having (we hope) successfully logged in.
unless ($ssh->expect(30,-re,'#')) {
	return "Never got ssh prompt after sending command $cmd
".$ssh->exp_error()."\n";
}
my $read = $ssh->exp_before();
my @read = split (/\cM/,$read);
@read now has all the ls stuff.
.
.
.
# do another command --- weee!



-----Original Message-----
From: Ville Herva [mailto:vherva@niksula.hut.fi]
Sent: Wednesday, July 03, 2002 4:11 AM
To: cygwin@cygwin.com
Subject: Re: Expect and ssh


On Tue, Jul 02, 2002 at 06:26:54PM -0400, you [Arthur Taylor] wrote:
> Someone had a similar issue to this in May...  But I didn't see any
> follow up...
> Arthur
> 
> Sample expect script:
> 
> ---------------------
> 
> #! /usr/bin/expect -f
> 
> spawn /usr/bin/ssh <name>@<host>
> expect "password:"
> send "<password>\r"
> expect ">"
> send "ls -l\r"
> expect ">"
> send "exit\r"
> exit

First: Any particular reason you are not using public key authentication?
You just need to 

  ssh-keygen -t dsa
  (store the keys somewhere safe)
  append the pub key to remotehost:~user/.ssh/authorized_keys2

then just

  ssh -i <path to priv key> <name>@<host> "ls -l"

You can use empty passphrases for the keys - that's not less safe than your
expect case - but it's always better to have a passphrase. Also, you can
limit the command allowed for that particular key from the remote end by
specifying the command in remotehost:~user/.ssh/authorized_keys2 after the
key. Then anyone who gets access to that particular private key can only
execute "ls -l" or so.

As for your problem: I imagine your script does not work, because ssh
(I'm looking at openssh-3.4) checks in function readpass.c:read_passphrase()
whether stdin is a TTY (in your case it's not) and then tries to to use
ssh_askpass, /dev/tty etc. Have a look at the code yourself. 

lftp had the same problem in its ssh-code, I'm not sure how they solved it.


-- v --

v@iki.fi

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]