Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am trying to write a script where I will be able to automaticaly access a Cisco 2950 switch and then later perform some functions. I have the switch setup manually using ssh with no problems.
The problem with the several attempts at this is I do not know how to enter the password in the script so it sees it after the switch prompts for it and enters it autmattically.
When I run the script this is what I want run in the background (I do not want to see any replies back on the terminal):
ssh -l rici cisco1 <command to login into switch>
rici@cisco1's password: <this is what comes back, and at this point I would manually enter the password. I would like to automate this step>.
I have looked all over the web for some guidance but do not understand most of what is being said. Just need a little help!
I'm not sure I understand the relation between the cisco switch and vi in your
scenario; the common solution to automatic logins (if the device doesn't allow
for passwordless logins via ssh-keys) is to use expect. You can use any editor
to write an expect script, including vi.
This is what is happening since my first post. I have been trying to install expect5.45 which is the latest version. When I cd to expect5.45 and try to run ./configure I get the following message at the end:
"checking for Tcl private include files... configure: error: Cannot find private header tclInt.h in /tmp/tcl8.5.5". I have no clue on what this means but I am sure this is stoping the creation of the Makefile that is required for the installation process.
Silly question, but why don't you just use the expect that
already comes with Slackware? Does the version you're trying
to build from source give you features the current one doesn't?
I finally after sometime got my script working using expect and yes Tinkster with the version that was installed already. Now my question concerning the script itself:
Is there a way to mask/hide the password that I have entered into the script after the "send" command?
Meaning, when I re-open the script I do not want to see the password that is required to access the Cisco switch.
Is there a way to mask/hide the password that I have entered into the script after the "send" command?
Meaning, when I re-open the script I do not want to see the password that is required to access the Cisco switch.
I don't believe it's possible. Anything you code in your script to extract and decode some encrypted password stored somewhere, can be replicated by anybody who views your script. It would be no more secure than just writing the password in plain text. The easiest way would be to just restrict the permissions on your script so that only you can read it. Remove the read permission for all other users.
Another option is to store the password in plain text in a separate file and pull it into your script, then use something like gpg to encrypt that file. Whenever you need to run your script, decrypt the password file, run the script, then re-encrypt the password file when you're done.
I finally after sometime got my script working using expect and yes Tinkster with the version that was installed already. Now my question concerning the script itself:
Is there a way to mask/hide the password that I have entered into the script after the "send" command?
Meaning, when I re-open the script I do not want to see the password that is required to access the Cisco switch.
Thanks.
Regards,
Jeff
As suicidal said - that (hiding) is not possible.
I still don't see why you won't simply use password-less ssh connections; which
version of IOS is your switch running?
Password-less login uses SSH keys without a passphrase, so when you ssh or scp to the remote machine, the remote machine compares your machine's key against its own list in its authorized_keys file, if it matches, it lets you in without prompting for a password or passphrase.
Not clear on what password-less is. The only way I know how to access the switch is setting up keys and creating a password.
Cisco 2950
Version 12.1(22)EA9
Thanks.
Regards,
Jeff
keys is the key, indeed. You'd set-up a passphrase. And once you have
ssh-agent going for your user-account, and have added yourself to it (ssh-add)
using the passphrase it will let you connect to the switch w/o having to enter
a password.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.