0

I'm trying to automate my ancible deployment just trying to learn more about it, I'm trying to automagically insert the password for the machine when copying the ssh key however It still prompts me for the password everytime and I'm not sure why, maybe its sending the keys before the prompt I'm not sure..

#!/bin/bash
apt-get update --force-yes
apt-get install software-properties-common -y --force-yes
apt-add-repository ppa:ansible/ansible -y --force-yes
apt-get update -y --force-yes
apt-get install ansible -y --force-yes
ssh-keygen -t rsa -N "" -f ~/.ssh/id_rsa 
ssh-copy-id root@0.0.0.0
send("mypass{enter}")
Grant Zukel
  • 1,153
  • 2
  • 24
  • 48

2 Answers2

3

You can either use expect, or if you know python, you can use the simple module Pexpect:

#!/usr/bin/expect

set timeout 20

set ip [lindex $argv 0]

set user [lindex $argv 1]

set password [lindex $argv 2]

spawn ssh "$user\@$ip"

expect "Password:"

send "$password\r";

interact

But your best option is to configure your server to allow ssh with key authentication.

oz123
  • 27,559
  • 27
  • 125
  • 187
1

You want to avoid putting your password in any type of script if you can help it -- and you can. ssh, rsync, etc.. are all capabale of remote operation by public-key/private-key authentication. Use it. Unless you have some need for rsa encryption, use dsa.

How? You are on the right track. Let's say you are on localhost and want to update/manage remotehost. What do the ansible docs say?

When speaking with remote machines, Ansible by default assumes you are using SSH keys.

How to setup SSH keys?

Simple. You need to generate your public/private keypair on localhost and you will then transfer the public-key to remotehost and append it to the ~/.ssh/authorized_keys file. Generating the keypair is a single command (default length is fine):

ssh-keygen -t dsa

Which by default will create the following on localhost in ~/.ssh/:

-rw------- 1 youruser yourgroup 668 Jun 13  2008 id_dsa
-rw-r--r-- 1 youruser yourgroup 603 Jun 13  2008 id_dsa.pub

Note: the permissions must be 0600 on your private-key id_dsa.

Transfering public-key to remotehost

rsync -uav ~/.ssh/id_dsa.pub remotehost:~/.ssh/id_dsa-localhost.pub

Note: just by convention, it is a good idea to give the public-key a unique name on remotehost to avoid inadvertently overwriting a public-key from another host. (i.e. - transfer id_dsa.pub as id_dsa-localhost.pub) Now all you need to do is append the public-key to the authorized_keys file:

ssh remotehost "cat ~/.ssh/id_dsa-localhost.pub >> ~/.ssh/authorized_keys"

Now login from localhost to remotehost securely using your private-key:

ssh remotehost

That's all there is to it.

I need to transfer files as root, now what

Beyond all the normal cautionary tails about not doing it, etc..., you have 2 options: either create another public/private keypair for root; or, if you are the only admin/user and this is your box, then simply su to root and copy your /home/you/.ssh/id_dsa and /home/you/.ssh/id_dsa.pub to /root/.ssh on localhost.

Then on remotehost (again, your box), copy /home/you/.ssh/id_dsa-localhost.pub to /root/.ssh/id_dsa-localhost.pub and then append /root/.ssh/id_dsa-localhost.pub to /root/.ssh/authorized_keys (you must check/update the owner:group of all files copied to root:root and insure the permissions are correct.)

Note: while the sshd default allows root login, some distributions don't. You must insure that PermitRootLogin is not set to No in /etc/ssh/sshd_config.

That should be it. If there are any issues, attempt ssh login with ssh -vv and you will get all the information needed to diagnose the issue.

David C. Rankin
  • 81,885
  • 6
  • 58
  • 85