tags:

views:

6993

answers:

8

How can I use expect to send a password to an ssh connection.

say the password was p@ssword and the ssh command was ssh [email protected]

What would I do with expect to a make it input the password when it says

[email protected]'s password:
?

The proper action of using an SSH key pair isn't an option because I would have to use ssh (scp) to put the key on the server, which would ask for a password.

+1  A: 

Are you sure you can't use the "proper" solution and put a key on the remote machine?

Nikron
yes, everything needs to be automated and putting the key on the machine would require a password too.
Malfist
+5  A: 

Would it not be easier to use public key authentication and use a key with no passphrase?

As the user on the source machine do this to make an RSA key

ssh-keygen -t rsa

Now copy ~/.ssh/id_rsa.pub to the target machine and append it to the authorized_keys file of the target user

Paul Dixon
No, I updated the question
Malfist
A: 

I'm pretty sure it is not possible to do what you're trying to do. Most *nix applications that prompt for a password read from the TTY directly, not stdin, so you can't pipe the password in. You can, as others have mentioned, configure SSH to not prompt for a password, as explained here.

After I was downvoted for no apparent reason, I went and did a little more research on the expect command and discovered that it has a send_tty command that sends to /dev/tty instead of stdin, which might actually do what you want... I was previously unaware of this feature. I still recommend putting the key on the server, however.

rmeador
I am aware of that, which is why I'm using Expect, because it can communicate like that.
Malfist
+4  A: 

Your quickest way forward (unless you want to become a Tcl expert, which would be... unusual... in 2009) is probably to use autoexpect. Here's the man page:

http://expect.nist.gov/example/autoexpect.man.html

In short, fire up autoexpect, run your ssh session, finish up what you need to do, stop autoexpecting and then beat your keyboard over the resulting mess until it works :) I'm assuming you don't need anything more than a quick hack to get your keys sorted out and then, well it sounds like you know the score already with that.

And there's this question which already contains an example close to what you seek.

Martin Carpenter
Hey, don't go around bad mouthing tcl just because you haven't got the GUTS to learn it! ;)
roe
cygwin doesn't offer autoexpect. I wish it did.
Malfist
+13  A: 

I always used the "proper" solution, but I used expect in other situations.

Here I found following suggestion:

#!/usr/local/bin/expect
spawn  sftp  -b cmdFile [email protected]
expect "password:"
send "shhh!\n";
interact
mdorseif
Thank you! Thank you for answering the question instead of telling me how I should do it.
Malfist
@Malfist: I hate to say it, but I'm in the "explain alternate options" mindset rather than just strictly answering the question. I feel you get a better range of options that way.
R. Bemrose
@R. Bemrose Enjoy trying to change the maze instead of helping navigate it.
Kristopher Ives
A: 

If you can use the *nix or Windows version of puTTY - the pscp and psftp commands have a -pw option that allow you to pass the password via command option.

In debian this is: apt-get install putty-tools, RHEL - yum install putty.

http://the.earth.li/~sgtatham/putty/0.60/htmldoc/Chapter5.html#pscp-usage

-pw password

Set remote password to password. CAUTION: this will likely make the password visible to other users of the local machine (via commands such as "w").

It will. NEVER put a password on the commandline.
Don Werve
+1  A: 

In response to rmeador (sorry but I don't the requisite number of points to comment), do not tell people to use send_tty. Plain old "send" and "expect" will work fine. The spawn command establishes the connections so that if the spawned process writes to /dev/tty, expect will see it. Same thing with reading and send.

send_tty is for an entirely different purpose. send_tty sends the output of the Expect script itself to /dev/tty; which is totally unnecessary for the original person's problem.

donlibes
A: 

Thank you! I was looking for a response for this as well. There are PLENTY of valid reasons for doing this. In my case I have been given a one-off task to pull data from firewalled boxes which are NOT ALLOWED to have ssh keys for root login per policy. but the script i need to run must be run as root. If I have to manually run these for the 300 or so boxes behind the firewall, I'd be here for days.

Jim