How can I use expect to send a password to an ssh connection.
say the password was p@ssword and the ssh command was ssh [email protected]
What would I do with expect to a make it input the password when it says
[email protected]'s password:
?
The proper action of using an SSH key pair isn't an option because I would have to use ssh (scp) to put the key on the server, which would ask for a password.
Are you sure you can't use the "proper" solution and put a key on the remote machine?
Would it not be easier to use public key authentication and use a key with no passphrase?
As the user on the source machine do this to make an RSA key
ssh-keygen -t rsa
Now copy ~/.ssh/id_rsa.pub to the target machine and append it to the authorized_keys file of the target user
I'm pretty sure it is not possible to do what you're trying to do. Most *nix applications that prompt for a password read from the TTY directly, not stdin, so you can't pipe the password in. You can, as others have mentioned, configure SSH to not prompt for a password, as explained here.
After I was downvoted for no apparent reason, I went and did a little more research on the expect command and discovered that it has a send_tty command that sends to /dev/tty instead of stdin, which might actually do what you want... I was previously unaware of this feature. I still recommend putting the key on the server, however.
Your quickest way forward (unless you want to become a Tcl expert, which would be... unusual... in 2009) is probably to use autoexpect. Here's the man page:
http://expect.nist.gov/example/autoexpect.man.html
In short, fire up autoexpect, run your ssh session, finish up what you need to do, stop autoexpecting and then beat your keyboard over the resulting mess until it works :) I'm assuming you don't need anything more than a quick hack to get your keys sorted out and then, well it sounds like you know the score already with that.
And there's this question which already contains an example close to what you seek.
I always used the "proper" solution, but I used expect in other situations.
Here I found following suggestion:
#!/usr/local/bin/expect
spawn sftp -b cmdFile [email protected]
expect "password:"
send "shhh!\n";
interact
If you can use the *nix or Windows version of puTTY - the pscp and psftp commands have a -pw option that allow you to pass the password via command option.
In debian this is: apt-get install putty-tools, RHEL - yum install putty.
http://the.earth.li/~sgtatham/putty/0.60/htmldoc/Chapter5.html#pscp-usage
-pw password
Set remote password to password. CAUTION: this will likely make the password visible to other users of the local machine (via commands such as "w").
In response to rmeador (sorry but I don't the requisite number of points to comment), do not tell people to use send_tty. Plain old "send" and "expect" will work fine. The spawn command establishes the connections so that if the spawned process writes to /dev/tty, expect will see it. Same thing with reading and send.
send_tty is for an entirely different purpose. send_tty sends the output of the Expect script itself to /dev/tty; which is totally unnecessary for the original person's problem.
Thank you! I was looking for a response for this as well. There are PLENTY of valid reasons for doing this. In my case I have been given a one-off task to pull data from firewalled boxes which are NOT ALLOWED to have ssh keys for root login per policy. but the script i need to run must be run as root. If I have to manually run these for the 300 or so boxes behind the firewall, I'd be here for days.