l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2006 Jan 06 12:35

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] [OT] Pumping a password using Expect
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] [OT] Pumping a password using Expect

on Fri, Jan 06, 2006 at 09:52:56AM -0700, timriley (timriley@appahost.com) wrote:

> ---------- Original Message ----------------------------------
> From: Ken Bloom <kbloom@gmail.com>
> Reply-To: "lugod's technical discussion forum" <vox-tech@lists.lugod.org>
> Date:  Thu, 5 Jan 2006 21:48:10 -0600
> On Thu, Jan 05, 2006 at 06:33:40PM -0700, timriley wrote:
> > How do you have a crontab executed process using Expect
> > pump a password to another computer?
> Ken Bloom wrote:
> > Is this an SSH password you're giving it? If so, try using an SSH
> > keypair for authentication. A passwordless key is no less secure than
> > having the password in the expect file (it's probably more secure),
> > and you can even create single-purpose keys that can only be used to
> > run a single command (see http://www.arches.uga.edu/~pkeck/ssh/,
> > scroll down to "Single-purpose keys") 
> My ultimate goal is to use public/private key pairs after I cross
> the learning curve. Thanks for the resource:
> http://www.arches.uga.edu/~pkeck/ssh/ . However, if someone
> knows of a simple Expect flag to generate a tty when one
> is missing, I'd appreciate the quick solution. 

What learning curve?

    # Test to see if you've got a key, if not, create one.
    test -f ~/.ssh/id_dsa.pub || ssh-keygen -t dsa -N "passphrase"

    # Copy key to remote host
    ssh ~/.ssh/id_dsa.pub user@remotehost 'mkdir .ssh; \
        touch .ssh/authorized_keys; chmod 600 .ssh/authorized_keys; \
        cat >> .ssh/authorized_keys'

    # Test to see if ssh-agent is running, if not, start it.
    test [ "$SSH_AGENT_PID"x -ne x ] && ps $SSH_AGENT_PID ||
        eval ssh_agent

    # enter passphrase

... You've now got the ability to do stuff like:

   ssh user@remothost 'command [; command ...]' 

... without having to enter a passphrase each time.

You can use passwordless keys in a reasonably secure environment, or
forced-execution keys to run only a single command.

ssh-agent allows you to enter a passphrase once, then, using the agent,
authenticat without having to enter passphrases each time.  If you're
running any modern GNU/Linux under an X session, it's likely already
running and you just need to ensure you've got a key (ssh-keygen) and
'add-key' to activate it.

Using ssh-agent from shell-only or scheduled (cron, at, batch) jobs is
slightly more complicated, but doable.


Karsten M. Self <kmself@ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?

Attachment: signature.asc
Description: Digital signature

vox-tech mailing list

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Appahost Applications
For a significant contribution towards our projector, and a generous donation to allow us to continue meeting at the Davis Library.