you don't want to spawn twice at all. from the expect perspective you are not spawning a new process, you're just reading a stream of characters from ssh and sending other ones back. It has no idea whatsoever what these letters and numbers mean.
Can you not just use a preshared key for this? Whilst root password logins should be disabled, it's not uncommon to still permit shared key logins for root, making this much simpler, and probably removing the need for expect completely.