Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Message-ID: <549AB966B45DD311A58A0000E86CEA8D1A7740B9@exchange_corp.btitele.com>
From: David Shapiro <david DOT shapiro AT btitele DOT com>
To: "'Ville Herva'" <vherva AT niksula DOT hut DOT fi>, cygwin AT cygwin DOT com
Subject: RE: Expect and ssh
Date: Wed, 3 Jul 2002 08:22:38 -0400 
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"

I agree that public key authentication is best. Here is even another way
(gotta love unix type things --- million ways to do the same thing!): perl
and its expect module works fine:

#!/usr/local/bin/perl -w

use strict;
use Expect;

# Optional debugging, explained later.
#$Expect::Debug=1;
#$Expect::Exp_Internal=1;
#$Expect::Log_Stdout=0; # On by default.

# Could put a loop here with different host names so you can ssh to multiple
servers...
my $hostname = "put_server_name_here";
my $user = "put_user_name_here";

my $ssh = Expect->spawn("ssh -l $user $hostname")) or
return "Couldn't spawn ssh connection, ".$ssh->exp_error()."\n";

unless ($ssh->expect(30,-re,'#')) {
	return "Never got the prompt on $hostname during login,
".$ssh->exp_error()."\n";
}
$ssh->clear_accum();

my $cmd = "/usr/bin/ls";
print $ssh "$cmd\r";

# Now we look for a prompt, having (we hope) successfully logged in.
unless ($ssh->expect(30,-re,'#')) {
	return "Never got ssh prompt after sending command $cmd
".$ssh->exp_error()."\n";
}
my $read = $ssh->exp_before();
my @read = split (/\cM/,$read);
@read now has all the ls stuff.
.
.
.
# do another command --- weee!



-----Original Message-----
From: Ville Herva [mailto:vherva AT niksula DOT hut DOT fi]
Sent: Wednesday, July 03, 2002 4:11 AM
To: cygwin AT cygwin DOT com
Subject: Re: Expect and ssh


On Tue, Jul 02, 2002 at 06:26:54PM -0400, you [Arthur Taylor] wrote:
> Someone had a similar issue to this in May...  But I didn't see any
> follow up...
> Arthur
> 
> Sample expect script:
> 
> ---------------------
> 
> #! /usr/bin/expect -f
> 
> spawn /usr/bin/ssh <name>@<host>
> expect "password:"
> send "<password>\r"
> expect ">"
> send "ls -l\r"
> expect ">"
> send "exit\r"
> exit

First: Any particular reason you are not using public key authentication?
You just need to 

  ssh-keygen -t dsa
  (store the keys somewhere safe)
  append the pub key to remotehost:~user/.ssh/authorized_keys2

then just

  ssh -i <path to priv key> <name>@<host> "ls -l"

You can use empty passphrases for the keys - that's not less safe than your
expect case - but it's always better to have a passphrase. Also, you can
limit the command allowed for that particular key from the remote end by
specifying the command in remotehost:~user/.ssh/authorized_keys2 after the
key. Then anyone who gets access to that particular private key can only
execute "ls -l" or so.

As for your problem: I imagine your script does not work, because ssh
(I'm looking at openssh-3.4) checks in function readpass.c:read_passphrase()
whether stdin is a TTY (in your case it's not) and then tries to to use
ssh_askpass, /dev/tty etc. Have a look at the code yourself. 

lftp had the same problem in its ssh-code, I'm not sure how they solved it.


-- v --

v AT iki DOT fi

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/