Ssh shell Programming

DenZ · 07-04-2003, 04:16 AM

Hi,

I need a script shell to connect to a machine via ssh with password or pass phrase...

My problem is to not enter a pasword, I mean I don't want give password through keyboard

. I want to pass it with an argument.

Please Help me

Thx

acid_kewpie · 07-04-2003, 04:43 AM

you can connect without a password using DSA authorisation keys instead, but there is no way to store a pssword or anything like that, as it is not secure, so not possible. trying to pipe data to ssh.. e.g:

echo password | ssh user@host.com

will make ssh deliberatly fail. see openssh.com for info on setting up auth keys

DenZ · 07-04-2003, 05:08 AM

Of course I've tryed with echo ... | ssh ...
and it failed :-(

DenZ · 07-07-2003, 05:08 AM

Ok, if someone needs a solution

you can try this (with expect

)

#!/usr/bin/expect -f

set ip [lindex $argv 0]
set login [lindex $argv 1]
set password [lindex $argv 2]
set cmd [lindex $argv 3]

set timeout -1

spawn $env(SHELL)
match_max 100000
send -- "ssh $login@$ip\r"

expect {
"connecting (yes/no)?" {send -- "yes\r"}
"assword:" {send -- "$password\r"}
}
expect {
"assword:" {send -- "$password\r"}
">" {}
}
expect ">"
send -- "$cmd\r"
expect ">"
send -- "exit\r"
expect "closed"
send -- "exit\r"
expect eof

Then you just need to call the script like this (of course you need expect command)
./script user@10.10.10.10 ls
or
./script user@10.10.10.10 "ls;cd..;ls" for multiple commands

nxny · 07-08-2003, 02:30 PM

Maybe you should try using ssh-agent instead of this convoluted (if I may say so ) but imaginative method.

The following chunk of code that would be run at logon, and the agent ENV variables exported to every child shell. The ssh-add statement prompts for the passphrase and stores the unencrypted private RSA/DSA key for future use by client programs that request it. Only if the login-shell was created in any other way but by sshd ( the box runs an ssh server as well ), I dont want to start the freakin agent everytime I remote in.

Part of ~/.bash_profile

Code:

# Run SSH agent: if a login shell (implied) is created NOT via sshd
ps -ax | grep $PPID | grep sshd > /dev/null
if [ $? -eq 1 ] && [ -z "$SSH_AGENT_PID" ]
then
    eval $(/usr/bin/ssh-agent) > /dev/null 2> /dev/null
    /usr/bin/ssh-add
fi

And here's the snippet that kills it in ~/.bash_logout

Code:

# Kill the ssh-agent on logout
if [ -n "$SSH_AGENT_PID" ] && [ $SHLVL -eq 1 ]
then
        eval $(/usr/bin/ssh-agent -k);
fi
clear

With this setup, everytime you start the ssh client programs (ssh, scp, sftp ) from the above-said login shell or a child shell or a shell within an X terminal they check to see if the agent is running and gets the unencrypted private keys from it. Thus, neither the unencrypted keys nor the passphrase are stored in disk ( they are stored in memory and will be cleaned up when the ssh-agent dies) ; hence this is considered a secure alternative to providing the password everytime.

HTH