3

I am trying to implement "shell script calling expect script" so that it does not prompt the user for entering ssh password every time. I started with Using a variable's value as password for scp, ssh etc. instead of prompting for user input every time and understood that I should have a .sh file and a .exp file. I have expect installed in my system (running expect -v shows expect version 5.43.0).

In my upload-to-server.sh file I have 

cd $SOURCE_PATH/shell
./password.exp $DESTINATION_PATH $SSH_CREDENTIALS $PROJECT_INSTALLATION_PATH $PASSWORD

And in my password.exp file I have 

#!/usr/bin/expect -f

set DESTINATION_PATH [lindex $argv 0];
set SSH_CREDENTIALS [lindex $argv 1];
set PROJECT_INSTALLATION_PATH [lindex $argv 2];
set PASSWORD [lindex $argv 3];

spawn scp $DESTINATION_PATH/exam.tar $SSH_CREDENTIALS':/'$PROJECT_INSTALLATION_PATH
expect "password:"
send $PASSWORD"\n";
interact

On running the upload-to-server.sh file I get the following error - 

./password.exp: line 9: spawn: command not found
couldn't read file "password:": no such file or directory
./password.exp: line 11: send: command not found
./password.exp: line 12: interact: command not found

I arrived at the above code (in the exp file) from multiple sources (without understanding much basics). In one source the code is like this 

#!/usr/local/bin/expect
spawn  sftp  -b cmdFile user@yourserver.com
expect "password:"
send "shhh!\n";
interact

Whereas in another source like this 

#!/usr/local/bin/expect -f
set TESTCASE_HOME [lindex $argv 0];
set TESTCASE_LIST [lindex $argv 1];
set PASSWORD [lindex $argv 3];

set timeout 200
spawn $TESTCASE_HOME/dobrt -p $TESTCASE_HOME/$TESTCASE_LIST
expect "*?assword:*" {send -- "$PASSWORD\r";}
expect eof

There are some differences there -

  • there is an extra -f in the #!/usr/local/bin/expect line

  • expect "?assword:" {send -- "$PASSWORD\r";} is different from expect "password:" send "shhh!\n";

  • interact replaced with expect eof.

This is my first expect script so don't have much idea what to code. Any pointers?

Thanks,
Sandeepan

Community
  • 1
  • 1
Sandeepan Nath
  • 9,966
  • 17
  • 86
  • 144
  • 1
    Would public key authentication be an option? If it is, it would be the better (and easier) way. – miku Jan 06 '11 at 08:10
  • Note that passing passwords as arguments is insecure. For some reason, your expect script is being interpreted as a shell script. It's not apparent from what you've posted why this is. – Dennis Williamson Jan 06 '11 at 08:13
  • @Dennis - does this store the passwords in some logs and can be viewed by anyone using `ps aux` or something like that? – Sandeepan Nath Jan 06 '11 at 09:50
  • @The MYYN - I don't think public key authentication can be an exact solution here. Please check my previous question for explanation – Sandeepan Nath Jan 06 '11 at 10:52
  • previous question http://stackoverflow.com/questions/4594698/using-a-variables-value-as-password-for-scp-ssh-etc-instead-of-prompting-for-u – Sandeepan Nath Jan 06 '11 at 11:00
  • They can be viewed using `ps`, but they wouldn't normally be stored in any logs. – Dennis Williamson Jan 06 '11 at 15:41
  • Try looking at this post: [http://stackoverflow.com/questions/21151042/spawn-command-not-found][1] [1]: http://stackoverflow.com/questions/21151042/spawn-command-not-found – Phi Aug 11 '14 at 18:51

2 Answers2

1

Don't do any of this! You should use public key authentication as the comment above suggests. The way you're going leaves passwords in the clear and is fragile.

Public key authentication is way easier to setup, for example: setup instructions

sjr
  • 9,769
  • 1
  • 25
  • 36
0

Are you sure you're doing 

./script.exp

And not

. ./script.exp

?? The latter would have the shell trying to interpret the expect program.

Fully agree that ssh keys are the correct solution though.

glenn jackman
  • 238,783
  • 38
  • 220
  • 352
  • Yes, this is that part `./password.exp $DESTINATION_PATH $SSH_CREDENTIALS $PROJECT_INSTALLATION_PATH $PASSWORD` . But using ssh keys how do I restrict access using SSH password only then? Anyone can run the script if the system has the correct keys (as needed by public key authentication - did not go in depth yet). Please check my question http://stackoverflow.com/questions/4594698/using-a-variables-value-as-password-for-scp-ssh-etc-instead-of-prompting-for-u How do people do this? Am I missing something? – Sandeepan Nath Jan 06 '11 at 11:40