SSH access method: public-key + password together....

MCD555 · 05-26-2009, 04:38 AM

Hi all,

I have to access to a SSH server where is request (together) a key authentication and a password authentication.
This is not a particular problem but I would like to schedule a scp to that server with a simple script but and don't know how or if it is possible to pass the password.....
I tried something like:

Code:

echo Password | scp -v  [local_file] user@sshsrv:[dest_file]

but, obviously, it doesn't works!
Any ideas?

Thank you all for your help!

theYinYeti · 05-26-2009, 06:01 AM

I did not try, but “expect” should be the tool you need. For example, here is the code of the “autopasswd” tool provided with expect (at least in Mandriva):

Code:

#!/bin/sh
# \
exec expect -f "$0" ${1+"$@"}
# wrapper to make passwd(1) be non-interactive
# username is passed as 1st arg, passwd as 2nd

set password [lindex $argv 1]
spawn passwd [lindex $argv 0]
expect "assword:"
send -- "$password\r"
expect "assword:"
send -- "$password\r"
expect eof

Yves.

MCD555 · 05-26-2009, 08:49 AM

Thank you very much Yves,

but may I couldn't be able to install expect.....or better, I'd like to know if this issue could be solved with a simple script (but implicity the response to this question is "NO") .....

Anyway, I'm trying to install expect on my AIX-like system.

Thanks again,
Mauro

Quote:

Originally Posted by theYinYeti

I did not try, but “expect” should be the tool you need. For example, here is the code of the “autopasswd” tool provided with expect (at least in Mandriva):

Code:

#!/bin/sh
# \
exec expect -f "$0" ${1+"$@"}
# wrapper to make passwd(1) be non-interactive
# username is passed as 1st arg, passwd as 2nd

set password [lindex $argv 1]
spawn passwd [lindex $argv 0]
expect "assword:"
send -- "$password\r"
expect "assword:"
send -- "$password\r"
expect eof

Yves.

jschiwal · 05-26-2009, 09:57 AM

Is the password you are talking about possibly the passphrase for unlocking your private key? It seems odd that both pubkey authentication & login authentication would be used. Could be a misconfiguration of sshd_config, or PAM (if pam is used).

If it is the passphrase (on the client), then you can use ssh-agent & ssh-add to enter it when you start a session. The pass phrase protects the client's private key and isn't being prompted for by the server.

example:
eval $(ssh-agent)
ssh-add

Look for your .xsession file. You may be able to use ssh-agent when you log into X using your display manager by uncommenting the line
"# usessh yes" or changing "no" to "yes" if that is the case.

Then you can log into any server that has a copy of your public key without being prompted for a passphrase.

MCD555 · 05-27-2009, 02:46 AM

Thanks jschiwal,

but the password is not the one protecting my private key....
The server explicity request the use of a public key authentication and a user password to access (I know this could have no sense but that is!?!? ).

Thanks again!

Quote:

Originally Posted by jschiwal

Is the password you are talking about possibly the passphrase for unlocking your private key? It seems odd that both pubkey authentication & login authentication would be used. Could be a misconfiguration of sshd_config, or PAM (if pam is used).

If it is the passphrase (on the client), then you can use ssh-agent & ssh-add to enter it when you start a session. The pass phrase protects the client's private key and isn't being prompted for by the server.

example:
eval $(ssh-agent)
ssh-add

Look for your .xsession file. You may be able to use ssh-agent when you log into X using your display manager by uncommenting the line
"# usessh yes" or changing "no" to "yes" if that is the case.

Then you can log into any server that has a copy of your public key without being prompted for a passphrase.