LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 09-10-2009, 11:56 AM   #1
bartonski
Member
 
Registered: Jul 2006
Location: Louisville, KY
Distribution: Fedora 12, Slackware, Debian, Ubuntu Karmic, FreeBSD 7.1
Posts: 443
Blog Entries: 1

Rep: Reputation: 47
expect -- semi-colon in password being translated.


I'm trying to use 'expect' to log in via ssh to a box at work.

Up front: Key based authentication has been disabled. Gotta use passwords...

Here's my expect script:

Code:
#!/usr/bin/expect -f
set password [lrange $argv 0 0]
set user [lrange $argv 1 1]
set addr [lrange $argv 2 2]
set timeout -1
# now connect to remote UNIX box (ipaddr) with given script to execute
spawn ./zzz $user@$addr
match_max 100000
# Look for passwod prompt
expect -re "word:"
# Send password aka $password
send -- "$password\n"
interact
the expect script has been creatively named 'asdf'.

I initially used "spawn ssh $user@addr"; when I did this, I got a second password prompt... looks like it's not sending the correct password.

so I wrote a shell script called 'zzz' and substituted that for ssh. Here's 'zzz':

Code:
echo -n Password:
The problem is that my password contains a semi-colon. This is being translated by expect, probably in an attempt add a layer of security to expect.

Code:
$ ./asdf 'xxx;xxx' bartonski@foo.bar.com
spawn ./zzz bartonski@foo.bar.com
Password:{xxx;xxx}
If I don't use a semi-colon, I don't run into this problem:

Code:
 $ ./asdf 'bangersandmash' bartonski@foo.bar.com
spawn ./zzz bartonski@foo.bar.com
Password:bangersandmash
It doesn't matter if I escape the semi-colon, rather than quoting it:

Code:
 $ ./asdf  xxx\;xxx bartonski@foo.bar.com
spawn ./zzz bartonski@foo.bar.com
Password:{xxx;xxx}
Any thoughts? (other than changing my password?)
 
Old 09-10-2009, 07:33 PM   #2
jlinkels
Senior Member
 
Registered: Oct 2003
Location: Bonaire
Distribution: Debian Lenny/Squeeze/Wheezy/Sid
Posts: 4,053

Rep: Reputation: 484Reputation: 484Reputation: 484Reputation: 484Reputation: 484
Can't say what goes wrong, this ought to be failty simple if you look at the many examples.

However you should see for yourself what actually is happening, what expect is sending, what it receives and what it matches.

Put
Code:
exp_internal 1
at the top of your code and have fun reading the trace.

BTW AFAIK TCL doesn't do anything with ';', it is not a special character, and single quotes have no meaning at all.

jlinkels
 
Old 09-11-2009, 07:34 AM   #3
bartonski
Member
 
Registered: Jul 2006
Location: Louisville, KY
Distribution: Fedora 12, Slackware, Debian, Ubuntu Karmic, FreeBSD 7.1
Posts: 443
Blog Entries: 1

Original Poster
Rep: Reputation: 47
trying 'exp_internal 1'

jlinkels,

as you suggested, I added 'exp_internal 1' just after the hashbang line. Here's the skinny:

Code:
> ./asdf 'xxx;xxxx' bartonski foo.bar.com
spawn ssh bartonski@foo.bar.com
parent: waiting for sync byte
parent: telling child to go ahead
parent: now unsynchronized from child
spawn: returns {17537}

expect: does "" (spawn_id exp6) match regular expression "word:"? no
Password: 
expect: does "Password: " (spawn_id exp6) match regular expression "word:"? yes
expect: set expect_out(0,string) "word:"
expect: set expect_out(spawn_id) "exp6"
expect: set expect_out(buffer) "Password:"
send: sending "{xxx;xxxx}\n" to { exp6 }
tty_raw_noecho: was raw = 0  echo = 1
spawn id exp6 sent <\r\n>

spawn id exp6 sent <Password: >
Unfortunately, I don't think that this really told me anything that I didn't already know.

I suspect that expect (and not the underlying TCL) is adding the braces so that multiple expressions, separated by semi-colons are executed as a group command in a posix shell. In some situations, this might be the right thing to do... I just want to know if there's a way to disable this behavior.
 
Old 09-12-2009, 10:04 AM   #4
jlinkels
Senior Member
 
Registered: Oct 2003
Location: Bonaire
Distribution: Debian Lenny/Squeeze/Wheezy/Sid
Posts: 4,053

Rep: Reputation: 484Reputation: 484Reputation: 484Reputation: 484Reputation: 484
If I understand you well, you are saying that Expect is adding {} around your password because it contains a ';'. As seen in the Expect trace you suspect that the braces are actually sent together with the password, so authentication fails.

From the trace, I see Expect shows it is sending {xxx;xxx}. However I am not sure that it really sends the braces. It is also Expect's way to print a string. But the quotes around the braced string confuse me as well.

As in your previous posts, can you replace the xxx;xxxx password with something else, and see if it shows up braced as well in the trace? I wonder if I see "foobar" or "{foobar}"

I can try to take a look at it tonight if I have more time hw_stat_to_display:and make some tests as well if you haven't found out yet. Or changed your password (Just kidding, this is an interesting problem anyway)

jlinkels
 
Old 09-12-2009, 10:28 AM   #5
bartonski
Member
 
Registered: Jul 2006
Location: Louisville, KY
Distribution: Fedora 12, Slackware, Debian, Ubuntu Karmic, FreeBSD 7.1
Posts: 443
Blog Entries: 1

Original Poster
Rep: Reputation: 47
Quote:
Originally Posted by jlinkels View Post
If I understand you well, you are saying that Expect is adding {} around your password because it contains a ';'. As seen in the Expect trace you suspect that the braces are actually sent together with the password, so authentication fails.
Exactly.

Quote:
From the trace, I see Expect shows it is sending {xxx;xxx}. However I am not sure that it really sends the braces. It is also Expect's way to print a string. But the quotes around the braced string confuse me as well.

As in your previous posts, can you replace the xxx;xxxx password with something else, and see if it shows up braced as well in the trace? I wonder if I see "foobar" or "{foobar}"
Based on the work that I did with "echo" in my first post, I was pretty sure that the braces were literal, but I ran it using 'exp_internal 1' and the password 'bangersandmash' just to make sure:

Code:
> ./asdf 'bangersandmash' bartonski foo.bar.com
spawn ssh bartonski@foo.bar.com
parent: waiting for sync byte
parent: telling child to go ahead
parent: now unsynchronized from child
spawn: returns {21317}

expect: does "" (spawn_id exp6) match regular expression "word:"? no
Password: 
expect: does "Password: " (spawn_id exp6) match regular expression "word:"? yes
expect: set expect_out(0,string) "word:"
expect: set expect_out(spawn_id) "exp6"
expect: set expect_out(buffer) "Password:"
send: sending "bangersandmash\n" to { exp6 }
tty_raw_noecho: was raw = 0  echo = 1
spawn id exp6 sent <\r\n>
As you can see from the line "send: sending "bangersandmash\n" to { exp6 }", it appears that expect is not putting braces around "bangersandmash", so I think that the braces were literal before.

In the FWIW department:

Code:
> expect -v
expect version 5.43.0
 
Old 09-12-2009, 11:34 AM   #6
bartonski
Member
 
Registered: Jul 2006
Location: Louisville, KY
Distribution: Fedora 12, Slackware, Debian, Ubuntu Karmic, FreeBSD 7.1
Posts: 443
Blog Entries: 1

Original Poster
Rep: Reputation: 47
Ok... I have a solution that works for me:

I hard coded the password into the expect script, rather than prompting for it at the command line. Apparently the braces are added when the command line is parsed, not when the command is sent to the remote machine.

Not secure, I know, but if I chmod the script to 0500, I figure that I ought to be OK (that's actually more secure than having all those instances of my password sitting out in my .bash_history).

I"m still having problems getting the interactive part working correctly (even after I log in, expect is still eating and trying to interpret my keystrokes). I'm not sure how much that matters to me though, right now, I'm just testing things out so that I can script connections later.

By the way, I came to this solution after running 'autoexpect', an expect script which generates an expect script of of a live login. Autoexpect can be found here.

Using autoexpect:
  1. the hashbang line is incorrect, change it to use the absolute path to expect.
  2. Start autoexpect
  3. Log in to the remote server
  4. Use Control-D to stop the autoexpect session.

Thanks for the pointers so far.

Last edited by bartonski; 09-12-2009 at 11:39 AM. Reason: s/inspect/expect/
 
Old 09-12-2009, 11:46 AM   #7
bartonski
Member
 
Registered: Jul 2006
Location: Louisville, KY
Distribution: Fedora 12, Slackware, Debian, Ubuntu Karmic, FreeBSD 7.1
Posts: 443
Blog Entries: 1

Original Poster
Rep: Reputation: 47
Trouble with interactive login on remote box went away after I removed 'exp_internal 1'.

I'm going to keep this thread open for a couple of days, just because I'm curious to see if anyone else has any ideas about how to get around the issue of including a semi-colon in arguments to expect (like jlinkels said, it's an interesting problem), but it's an academic problem to me at this point.
 
Old 09-12-2009, 08:23 PM   #8
jlinkels
Senior Member
 
Registered: Oct 2003
Location: Bonaire
Distribution: Debian Lenny/Squeeze/Wheezy/Sid
Posts: 4,053

Rep: Reputation: 484Reputation: 484Reputation: 484Reputation: 484Reputation: 484
Quote:
Originally Posted by bartonski View Post
Trouble with interactive login on remote box went away after I removed 'exp_internal 1'.
Usually it's the other way around...

I first overlooked that there was a difference when you entered your password from the console or from a file. My first tought that that xxx;xxx was considered as two strings, and treated like a list, so Expect decided to put braces around them.

I found no proof for that. If I enter "my password" a call to llength does return 2, but there are still no braces when Expect sends this to the console. I didn't use another host, but echoed this on my own console.

Mind you, "my;password" returned a llenght of 1 so no reason at all to put it between braces. I read the input from stdin, not using interact like you did.

So I can't shed any light on this, sorry.

Your solution to make the file permissions 500 is good. More often, a password containing file is made 600, the executable 755 or so, while it includes your 600 file. This is generally considered safe practice.

Note if you want to read from stdin with Expect using the gets function, you must set gets to be blocking otherwise it returns EOF immediately.
Code:
fconfigure stdin -blocking 1
I don't assume this has anything to do with your problem, it is just for general interest.

jlinkels
 
Old 09-13-2009, 09:04 AM   #9
bartonski
Member
 
Registered: Jul 2006
Location: Louisville, KY
Distribution: Fedora 12, Slackware, Debian, Ubuntu Karmic, FreeBSD 7.1
Posts: 443
Blog Entries: 1

Original Poster
Rep: Reputation: 47
Quote:
Originally Posted by jlinkels View Post
I first overlooked that there was a difference when you entered your password from the console or from a file.
Actually, I wasn't entering the password from a file. "./xxx" was simply a command that I could use as a placeholder for "ssh", which would echo what expect was passing to it. Think of it as a poor man's "exp_internal 1".

I really can't tell what expect is doing with those strings. Short of reading source code (and I'm not really keen on learning TCL just for that) or asking Don Libes personally, I'm not sure that I'm going to find out.

Last edited by bartonski; 09-14-2009 at 12:51 AM.
 
  


Reply

Tags
expect


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
expect script to change user password sherimm Linux - Software 1 03-13-2009 05:36 AM
Need help using expect to set password Arodef Linux - General 2 03-03-2005 07:30 PM
Expect.pm /bin/su incorrect password newuser455 Linux - Software 5 02-06-2005 04:23 PM
Expect.pm /bin/su incorrect password newuser455 Linux - Software 0 01-21-2005 06:38 PM
need a semi colon .. but vert spooge Linux - General 4 09-19-2004 03:52 PM


All times are GMT -5. The time now is 02:35 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration