LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 11-01-2011, 07:42 PM   #1
mike909
LQ Newbie
 
Registered: Nov 2011
Posts: 1

Rep: Reputation: Disabled
expect script using gpg decrypted file as variable


I'm trying to automate a login to a device (which does not accept key authentication), using expect, but keeping it secure by encrypting my password with the seahorse (or gpg) agent.
"gpg --decrypt --quiet --batch my_file" sends the decyrpted file's contents, in this case my password, to stdout. So I need to have an expect script that basically does the following:
1. expects to see: Password
2. uses the output of "gpg --decrypt" as a variable
3. sends that variable and hits enter, to complete the log in.
This would give me automated log-in, without storing my password in cleartext.

Here is what I have so far (note: expect -d for debugging output) for testing logging in to localhost with a test user/pass:
Code:
#!/usr/bin/expect -d

set prompt "$ "   ;# our shell or whatever prompt we have
   set command "gpg --decrypt --quiet --batch /home/mike/bla.pgp"

   spawn bash          ;# spawn the bash

   expect "$prompt"    ;# wait for prompt

   send   "$command\r" ;# send command
   expect "$command\r" ;# discard command echo

   expect -re "(.*)\r" ;# match and save the result
        set password "$command"

spawn ssh test@127.0.0.1
        sleep 1
        expect "password: "
        sleep 1 
        send "$password\n"
         
interact
And here is the results of the script:
Quote:
mike@mike-ubu-test:~$ ./test.sh
expect version 5.44.1.15
argv[0] = /usr/bin/expect argv[1] = -d argv[2] = ./test.sh
set argc 0
set argv0 "./test.sh"
set argv ""
executing commands from command file ./test.sh
spawn bash
parent: waiting for sync byte
parent: telling child to go ahead
parent: now unsynchronized from child
spawn: returns {9932}

expect: does "" (spawn_id exp6) match glob pattern "$ "? no
mike@mike-ubu-test:~$
expect: does "\u001b]0;mike@mike-ubu-test: ~\u0007mike@mike-ubu-test:~$ " (spawn_id exp6) match glob pattern "$ "? yes
expect: set expect_out(0,string) "$ "
expect: set expect_out(spawn_id) "exp6"
expect: set expect_out(buffer) "\u001b]0;mike@mike-ubu-test: ~\u0007mike@mike-ubu-test:~$ "
send: sending "gpg --decrypt --quiet --batch /home/mike/bla.pgp\r" to { exp6 }

expect: does "" (spawn_id exp6) match glob pattern "gpg --decrypt --quiet --batch /home/mike/bla.pgp\r"? no
gpg --decrypt --quiet --batch /home/mike/bla.pgp

expect: does "gpg --decrypt --quiet --batch /home/mike/bla.pgp\r\n" (spawn_id exp6) match glob pattern "gpg --decrypt --quiet --batch /home/mike/bla.pgp\r"? yes
expect: set expect_out(0,string) "gpg --decrypt --quiet --batch /home/mike/bla.pgp\r"
expect: set expect_out(spawn_id) "exp6"
expect: set expect_out(buffer) "gpg --decrypt --quiet --batch /home/mike/bla.pgp\r"
'. Activating booster.rn for '(.*)

expect: does "\n" (spawn_id exp6) match regular expression "(.*)\r"? Gate "*\r"? gate=no
test
mike@mike-ubu-test:~$
expect: does "\ntest\r\n\u001b]0;mike@mike-ubu-test: ~\u0007mike@mike-ubu-test:~$ " (spawn_id exp6) match regular expression "(.*)\r"? Gate "*\r"? gate=yes re=yes
expect: set expect_out(0,string) "\ntest\r"
expect: set expect_out(1,string) "\ntest"
expect: set expect_out(spawn_id) "exp6"
expect: set expect_out(buffer) "\ntest\r"
spawn ssh test@127.0.0.1
parent: waiting for sync byte
parent: telling child to go ahead
parent: now unsynchronized from child
spawn: returns {9953}

expect: does "" (spawn_id exp7) match glob pattern "password: "? no
test@127.0.0.1's password:
expect: does "test@127.0.0.1's password: " (spawn_id exp7) match glob pattern "password: "? yes
expect: set expect_out(0,string) "password: "
expect: set expect_out(spawn_id) "exp7"
expect: set expect_out(buffer) "test@127.0.0.1's password: "
send: sending "gpg --decrypt --quiet --batch /home/mike/bla.pgp\n" to { exp7 }
tty_raw_noecho: was raw = 0 echo = 1
spawn id exp7 sent <\r\n>

spawn id exp7 sent <Permission denied, please try again.\r\r\ntest@127.0.0.1's password: >
Permission denied, please try again.
test@127.0.0.1's password: spawn id exp0 sent <\r>
spawn id exp7 sent <\r\nPermission denied, please try again.\r\r\ntest@127.0.0.1's password: >

Permission denied, please try again.
test@127.0.0.1's password: spawn id exp0 sent <\r>
spawn id exp7 sent <\r\nPermission denied (publickey,password).\r\r\n>

Permission denied (publickey,password).
interact: received eof from spawn_id exp7
tty_set: raw = 0, echo = 1
tty_set: raw = 5, echo = 0
Expect is sending output to the prompt, just not the contents of the decrypted file (bla.pgp).
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Expect script: how do i send function key F12 in an expect script alix123 Programming 4 09-01-2013 10:06 PM
[SOLVED] /usr/bin/expect : Script to check server load using both expect and bash Soji Antony Programming 1 07-28-2010 12:27 AM
Expect script fails to show file exist failure edomingox Programming 3 03-29-2009 08:11 PM
Expect script - No output to file pandersson61 Programming 4 05-23-2007 06:18 AM
GnuPG - best permissions & security of decrypted file - help please emuub Linux - Security 1 10-14-2005 06:28 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 03:36 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration