Mail Archives: cygwin/2002/07/03/08:21:21
I agree that public key authentication is best. Here is even another way
(gotta love unix type things --- million ways to do the same thing!): perl
and its expect module works fine:
#!/usr/local/bin/perl -w
use strict;
use Expect;
# Optional debugging, explained later.
#$Expect::Debug=1;
#$Expect::Exp_Internal=1;
#$Expect::Log_Stdout=0; # On by default.
# Could put a loop here with different host names so you can ssh to multiple
servers...
my $hostname = "put_server_name_here";
my $user = "put_user_name_here";
my $ssh = Expect->spawn("ssh -l $user $hostname")) or
return "Couldn't spawn ssh connection, ".$ssh->exp_error()."\n";
unless ($ssh->expect(30,-re,'#')) {
return "Never got the prompt on $hostname during login,
".$ssh->exp_error()."\n";
}
$ssh->clear_accum();
my $cmd = "/usr/bin/ls";
print $ssh "$cmd\r";
# Now we look for a prompt, having (we hope) successfully logged in.
unless ($ssh->expect(30,-re,'#')) {
return "Never got ssh prompt after sending command $cmd
".$ssh->exp_error()."\n";
}
my $read = $ssh->exp_before();
my @read = split (/\cM/,$read);
@read now has all the ls stuff.
.
.
.
# do another command --- weee!
-----Original Message-----
From: Ville Herva [mailto:vherva AT niksula DOT hut DOT fi]
Sent: Wednesday, July 03, 2002 4:11 AM
To: cygwin AT cygwin DOT com
Subject: Re: Expect and ssh
On Tue, Jul 02, 2002 at 06:26:54PM -0400, you [Arthur Taylor] wrote:
> Someone had a similar issue to this in May... But I didn't see any
> follow up...
> Arthur
>
> Sample expect script:
>
> ---------------------
>
> #! /usr/bin/expect -f
>
> spawn /usr/bin/ssh <name>@<host>
> expect "password:"
> send "<password>\r"
> expect ">"
> send "ls -l\r"
> expect ">"
> send "exit\r"
> exit
First: Any particular reason you are not using public key authentication?
You just need to
ssh-keygen -t dsa
(store the keys somewhere safe)
append the pub key to remotehost:~user/.ssh/authorized_keys2
then just
ssh -i <path to priv key> <name>@<host> "ls -l"
You can use empty passphrases for the keys - that's not less safe than your
expect case - but it's always better to have a passphrase. Also, you can
limit the command allowed for that particular key from the remote end by
specifying the command in remotehost:~user/.ssh/authorized_keys2 after the
key. Then anyone who gets access to that particular private key can only
execute "ls -l" or so.
As for your problem: I imagine your script does not work, because ssh
(I'm looking at openssh-3.4) checks in function readpass.c:read_passphrase()
whether stdin is a TTY (in your case it's not) and then tries to to use
ssh_askpass, /dev/tty etc. Have a look at the code yourself.
lftp had the same problem in its ssh-code, I'm not sure how they solved it.
-- v --
v AT iki DOT fi
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -