C program for automatic ssh login

trollkotze · 01-05-2008, 11:51 PM

Hi!
I am living in a student's hostel. In order to get Internet access here I must login to an ssh server (rather uncommon method, I guess). I then have access to the Internet as long as the ssh connection is alive. Internet access is not tunneled through ssh though. The ssh connection is only for authenticiation and serves no other purpose.
My problem now is that I find it rather unconvenient to login manually everytime I turn on the computer and leave one terminal occupied by the ssh client all the time.
The login process looks like this:

Code:

$ ssh -l 121581 139.18.143.253
... blah blah blah... password:

At this point I must enter my password and then I'm online.

I would like to automate the login process, e.g. write a C program or a bash script that I can put into the rc.local so that it does the login for me at startup without asking for my password.
I tried it this way:

Code:

$ ssh -l 121581 139.18.143.253 < sshpass

where sshpass was an ascii file where I saved my password. But piping didn't seem to work. I still had to enter it manually.

Why does piping not work here? I also tried it this weird way:

Code:

$ mkfifo fifo
$ mkfifo fofi
$ cat fofi | ssh -l 121581 139.18.143.253 > fifo & for x in `cat fifo | grep password`; do echo mypassword- > fofi; done

where "mypassword" is of course replaced by my password.
My computer then told me:

Code:

Pseudo-terminal will not be allocated because stdin is not a terminal.

whatever that means.

I don't understand much of this ssh stuff. In another forum I was told that I could try it via "public key authorization". That way I would not have to enter my password every time. I followed the instructions I was given there.
First I did this

Code:

trollkotze@a149010:~$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/trollkotze/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/trollkotze/.ssh/id_dsa.
Your public key has been saved in /home/trollkotze/.ssh/id_dsa.pub.
The key fingerprint is:
b0:51:76:3c:0c:7f:97:e0:ca:a5:fb:23:63:e5:6e:07 trollkotze@a149010
trollkotze@a149010:~$ ssh-copy-id -i ~/.ssh/id_dsa.pub 121581@139.18.143.253
32
121581@139.18.143.253's password:

and left the passphrase empty.
And after that I tried to login the way I was told:

Code:

trollkotze@a149010:~$ ssh 121581@139.18.143.253
121581@139.18.143.253's password:
Permission denied, please try again.
121581@139.18.143.253's password:
Permission denied, please try again.
121581@139.18.143.253's password:

As you can see I was still asked for a password but when I entered it now it was rejected.
I was told "public key authorization" must be activated on the server in order for this method to work. Due to the fact that it doesn't work I guess it is not activated. So this method is not an option for me either.

I guess a bash script with some piping won't do the job as the above examples suggest. So I would like to write a C program that logs in to the ssh server with my password. But I have absolutely no idea how to do that. Neither do I know much about sockets and network programming nor do I have any clue how exactly ssh works.
Is there an other and less painful way to do what I want to do?
Or is here, by chance, anyone with some experience in that field who could effortlessly hack together a chunk of C code or something that would do the job?

Any hints are highly appreciated.
Greetings

trollkotze

jrtayloriv · 01-06-2008, 12:10 AM

You might want to take a look at Net::SSH::Perl module. It would be much easier than writing it in C. You won't have to know any sockets or networking programming -- it will take care of all of that for you.

http://search.cpan.org/dist/Net-SSH-...et/SSH/Perl.pm

--jrtayloriv

trollkotze · 01-06-2008, 12:32 AM

Thank you. That looks very promising.

Dinithion · 01-06-2008, 04:58 AM

This can be made with a realy easy script:

Code:

#!/usr/bin/expect -f
spawn ssh username@isp_server_ip
expect "*password:*"
send -- "<password>\r"
interact

As you see out of this script, you will have to store your password in clear text, and that's a pretty lame security risk.

trollkotze · 01-06-2008, 05:33 AM

@Dinithion: Thank you very much. That helped me out. I didn't get that Perl stuff to work by now.
But about the security issue: Wouldn't that be the same in Perl? I mean, Perl is also an interpreter language and I would have to put my password into the code in plain text, or wouldn't I?

jrtayloriv · 01-09-2008, 08:53 PM

If you leave the password in plain text, make sure that you leave the script in root's home directory (/root). If somebody has access to /root, then the plain-text password stored there will be the least of your worries.

It shouldn't be that big of a risk if it's just the password to connect to get internet access at a hostel. I wouldn't worry about it. Just don't put it somewhere where any user other than root can read the file.