41

How can I use expect to send a password to an ssh connection.

say the password was p@ssword and the ssh command was ssh me@127.0.0.1

What would I do with expect to a make it input the password when it says

me@127.0.0.1's password:
?

The proper action of using an SSH key pair isn't an option because I would have to use ssh (scp) to put the key on the server, which would ask for a password.

Malfist
  • 31,179
  • 61
  • 182
  • 269
  • 1
    Putting the key on the server would only have to be done once, then it would never prompt for a password again. See my answer for a link to a howto. – rmeador Jan 19 '09 at 21:18
  • I know, but everything is being done on as a service on a windows machine. Which means I have no way of adding the ssh key unless it is done manually before had, which isn't an option. – Malfist Jan 19 '09 at 21:21
  • 1
    @malfist - why is that not an option? Generally installation & configuration of any solution is assumed, so why not make that a constraint of installation/configuration? Unless what you're doing is not above board, you should consider doing it the right way instead of designing a hack-around. – Jason Coco Jan 19 '09 at 21:23
  • Because the server that the service will be connecting to will not be static. As in, for every use of the service, the server has to be specified, most of the time it will change requiring manual action which defeats the purpose. – Malfist Jan 19 '09 at 21:26
  • 1
    Then create your own controlling tty and exec ssh from there... it still sounds really fishy to me, tho. I can't think of one, non-illicit use case for this kind of "automation". – Jason Coco Jan 19 '09 at 21:36
  • It's called backing up a server remotely. And how am I suppose to create my own controlling tty? – Malfist Jan 19 '09 at 21:39
  • So you can't find one legitimate reason for automating an ssh login to a server? – Malfist Jan 19 '09 at 21:43
  • I didn't say that, I said I can't think of one use case for your kind of automation. There are plenty of legitimate cases, but most allow you to do configuration. As for creating a controlling tty, ask in a separate question, too much to answer in comments :) – Jason Coco Jan 19 '09 at 21:54
  • And, were I backing up servers remotely using automation and ssh, I would certainly use the public key authentication suggested as answers to this question. – Jason Coco Jan 19 '09 at 21:56
  • 2
    A legitimate reason for doing this would be if you are scripting ssh access to *network devices* which do not support certificate based login - e.g. Cisco switches. – dunxd Aug 10 '11 at 13:51
  • 3
    There are other use cases. Mine is a test environment. The certificates change every time the code is reinstalled. It is a part of the test procedure. And the test must be automatic... :) – bcelary Oct 25 '11 at 08:18
  • Automating SSH connections using password authentication is a bad idea. Use public key authentication and everything becomes much easier. – dolmen Dec 05 '13 at 17:22

6 Answers6

79

I always used the "proper" solution, but I used expect in other situations.

Here I found following suggestion:

#!/usr/local/bin/expect
spawn  sftp  -b cmdFile user@yourserver.com
expect "password:"
send "shhh!\n";
interact
max
  • 29,122
  • 12
  • 52
  • 79
  • 47
    Thank you! Thank you for answering the question instead of telling me how I should do it. – Malfist Jan 19 '09 at 21:38
  • 2
    @Malfist: I hate to say it, but I'm in the "explain alternate options" mindset rather than just strictly answering the question. I feel you get a better range of options that way. – Powerlord Jan 21 '10 at 18:32
  • 2
    @R. Bemrose Enjoy trying to change the maze instead of helping navigate it. – Kristopher Ives Sep 16 '10 at 21:49
  • 'expect is not installed by default. Download the program and install it on the unix machine'(source http://linux-bsd-central.com/index.php/content/view/26/ ). Available for download at http://www.nist.gov/el/msid/expect.cfm – Daniel Dropik May 30 '14 at 18:31
4

Would it not be easier to use public key authentication and use a key with no passphrase?

As the user on the source machine do this to make an RSA key

ssh-keygen -t rsa

Now copy ~/.ssh/id_rsa.pub to the target machine and append it to the authorized_keys file of the target user

Paul Dixon
  • 295,876
  • 54
  • 310
  • 348
4

Your quickest way forward (unless you want to become a Tcl expert, which would be... unusual... in 2009) is probably to use autoexpect. Here's the man page:

http://expect.nist.gov/example/autoexpect.man.html

In short, fire up autoexpect, run your ssh session, finish up what you need to do, stop autoexpecting and then beat your keyboard over the resulting mess until it works :) I'm assuming you don't need anything more than a quick hack to get your keys sorted out and then, well it sounds like you know the score already with that.

And there's this question which already contains an example close to what you seek.

Community
  • 1
  • 1
Martin Carpenter
  • 5,893
  • 1
  • 28
  • 32
0

Key solution will not work... because the keys have to be readable only by the person running ssh. On xp you cannot create key structure with the correct permissions. So ssh will not read them. This may have changed, but last i checked it still not not work.

Mikey B
  • 1
  • 1
    Welcome to Stack Overflow. This comment is not appropriate as an answer. Once you gain more reputation, you will be add comments to questions and answers. – bobs Jan 29 '13 at 17:41
  • @mikey-b On an NTFS filesystem you can use file permissions to protect the file against unauthorized eyes. – dolmen Dec 05 '13 at 17:25
0

Cygwin has autoexpect just not in the bin package. run setup.exe and search for expect and check the source checkbox. you will see the resulting tree in /usr/src and in there there is a expect/expect/examples directory. in there lives a copy of the autoexpect script.

Andro Selva
  • 53,910
  • 52
  • 193
  • 240
DJJ
  • 11
-2

I'm pretty sure it is not possible to do what you're trying to do. Most *nix applications that prompt for a password read from the TTY directly, not stdin, so you can't pipe the password in. You can, as others have mentioned, configure SSH to not prompt for a password, as explained here.

After I was downvoted for no apparent reason, I went and did a little more research on the expect command and discovered that it has a send_tty command that sends to /dev/tty instead of stdin, which might actually do what you want... I was previously unaware of this feature. I still recommend putting the key on the server, however.

rmeador
  • 25,504
  • 18
  • 62
  • 103