LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (http://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   ssh autologin using scripting under vi (http://www.linuxquestions.org/questions/linux-newbie-8/ssh-autologin-using-scripting-under-vi-934448/)

jefsa 03-14-2012 02:08 PM

ssh autologin using scripting under vi
 
Hi All,

Pretty new to Linux and I could use some help.

I am trying to write a script where I will be able to automaticaly access a Cisco 2950 switch and then later perform some functions. I have the switch setup manually using ssh with no problems.

The problem with the several attempts at this is I do not know how to enter the password in the script so it sees it after the switch prompts for it and enters it autmattically.

When I run the script this is what I want run in the background (I do not want to see any replies back on the terminal):
ssh -l rici cisco1 <command to login into switch>
rici@cisco1's password: <this is what comes back, and at this point I would manually enter the password. I would like to automate this step>.

I have looked all over the web for some guidance but do not understand most of what is being said. Just need a little help!

I am running Slackware using vi.

Thanks,

Regards,

Jeff

theNbomr 03-14-2012 05:09 PM

Can you store a SSH key on the switch? If so, that would be the simplest solution. Otherwise, consider trying the expect tool.

--- rod.

Tinkster 03-14-2012 05:10 PM

Hi, welcome to LQ!


I'm not sure I understand the relation between the cisco switch and vi in your
scenario; the common solution to automatic logins (if the device doesn't allow
for passwordless logins via ssh-keys) is to use expect. You can use any editor
to write an expect script, including vi.

https://www.google.com/search?q=linu...sh+login+cisco



Cheers,
Tink

P.S.: Too slow :D

jonmcc 03-15-2012 03:40 AM

Basically, you need promptless access to the switch. Instructions here...

http://www.cisco.com/en/US/docs/ios/...html#wp1082784

Repost if you still having problems ;0)

jefsa 03-20-2012 10:43 AM

Hi All,

This is what is happening since my first post. I have been trying to install expect5.45 which is the latest version. When I cd to expect5.45 and try to run ./configure I get the following message at the end:
"checking for Tcl private include files... configure: error: Cannot find private header tclInt.h in /tmp/tcl8.5.5". I have no clue on what this means but I am sure this is stoping the creation of the Makefile that is required for the installation process.

I really could use some help with this!

Thanks.

Regards,
Jeff

Tinkster 03-20-2012 12:37 PM

Silly question, but why don't you just use the expect that
already comes with Slackware? Does the version you're trying
to build from source give you features the current one doesn't?


Cheers,
Tink

jefsa 03-29-2012 03:05 PM

Hi All,

I finally after sometime got my script working using expect and yes Tinkster with the version that was installed already. Now my question concerning the script itself:

Is there a way to mask/hide the password that I have entered into the script after the "send" command?
Meaning, when I re-open the script I do not want to see the password that is required to access the Cisco switch.

Thanks.

Regards,

Jeff

suicidaleggroll 03-29-2012 03:28 PM

Quote:

Originally Posted by jefsa (Post 4639957)
Is there a way to mask/hide the password that I have entered into the script after the "send" command?
Meaning, when I re-open the script I do not want to see the password that is required to access the Cisco switch.

I don't believe it's possible. Anything you code in your script to extract and decode some encrypted password stored somewhere, can be replicated by anybody who views your script. It would be no more secure than just writing the password in plain text. The easiest way would be to just restrict the permissions on your script so that only you can read it. Remove the read permission for all other users.

Another option is to store the password in plain text in a separate file and pull it into your script, then use something like gpg to encrypt that file. Whenever you need to run your script, decrypt the password file, run the script, then re-encrypt the password file when you're done.

Tinkster 03-29-2012 03:53 PM

Quote:

Originally Posted by jefsa (Post 4639957)
Hi All,

I finally after sometime got my script working using expect and yes Tinkster with the version that was installed already. Now my question concerning the script itself:

Is there a way to mask/hide the password that I have entered into the script after the "send" command?
Meaning, when I re-open the script I do not want to see the password that is required to access the Cisco switch.

Thanks.

Regards,

Jeff

As suicidal said - that (hiding) is not possible.

I still don't see why you won't simply use password-less ssh connections; which
version of IOS is your switch running?



Cheers,
Tink

jefsa 03-29-2012 04:09 PM

Hi Tink,

Not clear on what password-less is. The only way I know how to access the switch is setting up keys and creating a password.

Cisco 2950
Version 12.1(22)EA9

Thanks.

Regards,

Jeff

suicidaleggroll 03-29-2012 05:18 PM

Password-less login uses SSH keys without a passphrase, so when you ssh or scp to the remote machine, the remote machine compares your machine's key against its own list in its authorized_keys file, if it matches, it lets you in without prompting for a password or passphrase.

Tinkster 03-29-2012 06:02 PM

Quote:

Originally Posted by jefsa (Post 4639994)
Hi Tink,

Not clear on what password-less is. The only way I know how to access the switch is setting up keys and creating a password.

Cisco 2950
Version 12.1(22)EA9

Thanks.

Regards,

Jeff

keys is the key, indeed. You'd set-up a passphrase. And once you have
ssh-agent going for your user-account, and have added yourself to it (ssh-add)
using the passphrase it will let you connect to the switch w/o having to enter
a password.



Cheers,
Tink


All times are GMT -5. The time now is 04:23 PM.