LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   expect script using gpg decrypted file as variable (https://www.linuxquestions.org/questions/linux-newbie-8/expect-script-using-gpg-decrypted-file-as-variable-911359/)

mike909 11-01-2011 06:42 PM
expect script using gpg decrypted file as variable
 
I'm trying to automate a login to a device (which does not accept key authentication), using expect, but keeping it secure by encrypting my password with the seahorse (or gpg) agent.
"gpg --decrypt --quiet --batch my_file" sends the decyrpted file's contents, in this case my password, to stdout. So I need to have an expect script that basically does the following:
1. expects to see: Password
2. uses the output of "gpg --decrypt" as a variable
3. sends that variable and hits enter, to complete the log in.
This would give me automated log-in, without storing my password in cleartext.

Here is what I have so far (note: expect -d for debugging output) for testing logging in to localhost with a test user/pass:
Code:
#!/usr/bin/expect -d

set prompt "$ "  ;# our shell or whatever prompt we have
  set command "gpg --decrypt --quiet --batch /home/mike/bla.pgp"

  spawn bash          ;# spawn the bash

  expect "$prompt"    ;# wait for prompt

  send  "$command\r" ;# send command
  expect "$command\r" ;# discard command echo

  expect -re "(.*)\r" ;# match and save the result
        set password "$command"

spawn ssh test@127.0.0.1
        sleep 1
        expect "password: "
        sleep 1
        send "$password\n"
       
interact
And here is the results of the script:
Quote:
mike@mike-ubu-test:~$ ./test.sh
expect version 5.44.1.15
argv[0] = /usr/bin/expect argv[1] = -d argv[2] = ./test.sh
set argc 0
set argv0 "./test.sh"
set argv ""
executing commands from command file ./test.sh
spawn bash
parent: waiting for sync byte
parent: telling child to go ahead
parent: now unsynchronized from child
spawn: returns {9932}

expect: does "" (spawn_id exp6) match glob pattern "$ "? no
mike@mike-ubu-test:~$
expect: does "\u001b]0;mike@mike-ubu-test: ~\u0007mike@mike-ubu-test:~$ " (spawn_id exp6) match glob pattern "$ "? yes
expect: set expect_out(0,string) "$ "
expect: set expect_out(spawn_id) "exp6"
expect: set expect_out(buffer) "\u001b]0;mike@mike-ubu-test: ~\u0007mike@mike-ubu-test:~$ "
send: sending "gpg --decrypt --quiet --batch /home/mike/bla.pgp\r" to { exp6 }

expect: does "" (spawn_id exp6) match glob pattern "gpg --decrypt --quiet --batch /home/mike/bla.pgp\r"? no
gpg --decrypt --quiet --batch /home/mike/bla.pgp

expect: does "gpg --decrypt --quiet --batch /home/mike/bla.pgp\r\n" (spawn_id exp6) match glob pattern "gpg --decrypt --quiet --batch /home/mike/bla.pgp\r"? yes
expect: set expect_out(0,string) "gpg --decrypt --quiet --batch /home/mike/bla.pgp\r"
expect: set expect_out(spawn_id) "exp6"
expect: set expect_out(buffer) "gpg --decrypt --quiet --batch /home/mike/bla.pgp\r"
'. Activating booster.rn for '(.*)

expect: does "\n" (spawn_id exp6) match regular expression "(.*)\r"? Gate "*\r"? gate=no
test
mike@mike-ubu-test:~$
expect: does "\ntest\r\n\u001b]0;mike@mike-ubu-test: ~\u0007mike@mike-ubu-test:~$ " (spawn_id exp6) match regular expression "(.*)\r"? Gate "*\r"? gate=yes re=yes
expect: set expect_out(0,string) "\ntest\r"
expect: set expect_out(1,string) "\ntest"
expect: set expect_out(spawn_id) "exp6"
expect: set expect_out(buffer) "\ntest\r"
spawn ssh test@127.0.0.1
parent: waiting for sync byte
parent: telling child to go ahead
parent: now unsynchronized from child
spawn: returns {9953}

expect: does "" (spawn_id exp7) match glob pattern "password: "? no
test@127.0.0.1's password:
expect: does "test@127.0.0.1's password: " (spawn_id exp7) match glob pattern "password: "? yes
expect: set expect_out(0,string) "password: "
expect: set expect_out(spawn_id) "exp7"
expect: set expect_out(buffer) "test@127.0.0.1's password: "
send: sending "gpg --decrypt --quiet --batch /home/mike/bla.pgp\n" to { exp7 }
tty_raw_noecho: was raw = 0 echo = 1
spawn id exp7 sent <\r\n>

spawn id exp7 sent <Permission denied, please try again.\r\r\ntest@127.0.0.1's password: >
Permission denied, please try again.
test@127.0.0.1's password: spawn id exp0 sent <\r>
spawn id exp7 sent <\r\nPermission denied, please try again.\r\r\ntest@127.0.0.1's password: >

Permission denied, please try again.
test@127.0.0.1's password: spawn id exp0 sent <\r>
spawn id exp7 sent <\r\nPermission denied (publickey,password).\r\r\n>

Permission denied (publickey,password).
interact: received eof from spawn_id exp7
tty_set: raw = 0, echo = 1
tty_set: raw = 5, echo = 0
Expect is sending output to the prompt, just not the contents of the decrypted file (bla.pgp).

diosim 11-27-2017 02:49 AM
Same issue
 
Hello,

I'm getting the same issue, is someone managed to find a solution?

Thanks.

AwesomeMachine 11-27-2017 05:55 PM
If you want the output of a command, use ticks `command`

Code:
expect -c
spawn sudo command
expect `gpg_command`:\ {send \"$PASS\r\"; interact}
That might not be perfect, but it's close.

diosim 11-28-2017 02:19 AM
Thanks, how did you declare variable $PASS?

diosim 11-30-2017 01:59 PM
Could you explain how you have declare $PASS?
Thanks.


All times are GMT -5. The time now is 07:15 PM.