LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Blogs > mathew_p_a
User Name
Password

Notices



Rate this Entry

expect script vs authorized keys login

Posted 10-09-2009 at 09:28 AM by mathew_p_a

Most of the time, a linux script writer must have encountered reasons to automate the scripts that require login to the server, copying of data without the need of giving a password at the shell prompt. Most of the time, people will settle down with setting up the secure key access. ie, using authorized keys. But there is also another way of automating login to the servers. It is by using the expect script.

If expect is installed on your machine you can see it at /usr/bin/expect. If not, just install it using Yum

Quote:
[root@centos ~]# yum install expect
Loading “fastestmirror” plugin
Loading mirror speeds from cached hostfile
* base: mirror.dhsrv.com
* updates: mirror.nic.uoregon.edu
* addons: repo.genomics.upenn.edu
* extras: mirror.dhsrv.com
Setting up Install Process
Parsing package install arguments
Resolving Dependencies
–> Running transaction check
—> Package expect.i386 0:5.43.0-5.1 set to be updated
–> Finished Dependency Resolution

Dependencies Resolved

=============================================================================
Package Arch Version Repository Size
=============================================================================
Installing:
expect i386 5.43.0-5.1 base 158 k

Transaction Summary
=============================================================================
Install 1 Package(s)
Update 0 Package(s)
Remove 0 Package(s)

Total download size: 158 k
Is this ok [y/N]: y
Downloading Packages:
(1/1): expect-5.43.0-5.1. 100% |=========================| 158 kB 00:03
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing: expect ######################### [1/1]

Installed: expect.i386 0:5.43.0-5.1
Complete!

Simple! Now go ahead and put the script as follows

#!/usr/bin/expect -f

set timeout -1
spawn ssh 10.70.5.26 -l mathew
expect “mathew\@10.70.5.26’s password:”
send — “mathew\r”
interact
Here , mathew is the username and 10.70.5.26 is the server to which you want to login. I will explain the working of expect script in detail

Quote:
set timeout -1
How much time the script have to wait. “-1″ means wait indefinitely since we are expecting to login to the server. If you want to use the script for some other purpose, better choose default, which is 10 secs, by not specifying the timeout line at all.

Quote:
spawn ssh 10.70.5.26 -l mathew
spawn will execute whatever command that is put after that in the line

Quote:
expect “mathew@10.70.5.26’s password:”
This is where the catch is . The expect will wait for a feedback similar to “mathew@10.70.5.26’s password:”

Quote:
send — “mathew\r”
Once the expect sees the specified keywords, the next send command will send the value in quotes (mathew) to the shell. The “\r” at the end is mandatory since it instruct to put a newline at the end after writing “mathew” to the prompt.

Quote:
interact
This will free the control from the script we just ran and give control back to the shell so that we can “interact”

AUTHORIZED KEYS

Many people are having trouble setting up secure keys on their machine. It is very simple and here are the steps

Let us assume that the machine you want to login is the Server and the machine from where you login is the client

We will start with the Client. Do the following steps at the Client.

step 1) Create the keypair using dsa encryption. This can be done by passing the key encryption method type to ssh-keygen.

Quote:
ssh-keygen -t dsa
Hit enter when asked for passphrase. The ssh-keygen program will generate a public and a private key. They are by default named as “id_dsa.pub” (public key) and private key as id_dsa and is stored in .ssh folder of your home directory by default. You need to safeguard your id_dsa file by encryption and other means like permission restrictions.

ON the server side

Step 1) cd .ssh/ (If the directory is not there , create one)

Step 2) Copy the id_dsa.pub generated in the first step to the Server and append it to the file authorized_keys in .ssh directory.

Quote:
cat id_dsa.pub >> .ssh/authorized_keys
Step3 ) Make sure that the permissions on the authorized_keys file is “600″

Quote:
chmod 600 authorized_keys
Remove the public key file that you have copied. The mistake that most people make is in forgetting the last step and also copying the private key instead of the public key file.

How to login from PUTTY using authorized keys.

When you login from a windows machine using PUTTy, Putty is your client.You will have to use the putty keygen tool http://the.earth.li/~sgtatham/putty/...6/puttygen.exe. to generate the keygen described in the first step.

Once the keygen is generated, you will have two files , the same as we have described in the first step. Copy the public file content to the Server and the private key need to be added to the putty session you are using to login. For this open PUTTy, goto Connection -> SSH -> Auth and browse to the private file you have generated. Now goto the login session and you will be able to login without any password.


http://blog.touchriver.net/2009/02/0...ed-keys-login/
Posted in Uncategorized
Views 1142 Comments 0
« Prev     Main     Next »
Total Comments 0

Comments

 

  



All times are GMT -5. The time now is 10:24 PM.

Main Menu
Advertisement

Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration