But SSH prompts you for a password!

The next hurdle: making SSH not prompt me for a password. Nagios is fully automated, and there’s no way in hell it can type passwords for me. Plus, SSH is very finicky about how it gets its passwords: either you type them in, or you can’t use it. Piping the password does not work (because the input is reserved for the program that was invoked in the command line). Damn!

Not to worry, Expect to the rescue! Expect is a nifty program that automates tasks based on input and output. You should have installed Expect on your computer by now.

Using heavily Googled code, I concocted my own version of the sshexpect script:

#!/usr/bin/expect -f

Expect script to supply root/admin password for remote ssh server

and execute command.

This script needs three argument to(s) connect to remote server:

password = Password of remote UNIX server, for root user.

ipaddr = IP Addreess of remote UNIX server, no hostname

scriptname = Path to remote script which will execute on remote server

For example:

./sshlogin.exp password 192.168.1.11 who

------------------------------------------------------------------------

Copyright (c) 2004 nixCraft project <http://cyberciti.biz/fb/>

This script is licensed under GNU GPL version 2.0 or above

-------------------------------------------------------------------------

This script is part of nixCraft shell script collection (NSSC)

Visit http://bash.cyberciti.biz/ for more information.

----------------------------------------------------------------------

set Variables

set ipaddr [lrange $argv 0 0] set password [lrange $argv 1 1] set scriptname [lrange $argv 2 2] set arg1 [lrange $argv 3 3] set arg2 [lrange $argv 4 4] set arg3 [lrange $argv 5 5] set arg4 [lrange $argv 6 6] set arg5 [lrange $argv 7 7] set arg6 [lrange $argv 8 8] set arg7 [lrange $argv 9 9]

setting a timeout for the password prompt 5 seconds larger than the SSH ConnectionTimeout parameter

set timeout 35

now connect to remote UNIX box (ipaddr) with given script to execute

set pid [spawn -noecho ssh -o "ConnectTimeout 30" -o "CheckHostIP no" -o "StrictHostKeyChecking no" $ipaddr $scriptname $arg1 $arg2 $arg3 $arg4 $arg5 $arg6 $arg7] match_max 5000

Look for passwod prompt

log_user 0 expect { "denied" {puts "CRITICAL: wrong SSH password" ; exit 2} "Name or service not known" {puts "CRITICAL: cannot resolve SSH server name $ipaddr" ; exit 2} "Connection refused" {puts "CRITICAL: SSH connection to $ipaddr refused" ; exit 2} "Connection timed out" {puts "CRITICAL: SSH connection to $ipaddr timed out" ; exit 2} timeout {puts "CRITICAL: SSH server timed out while prompting for password" ; exit 2} "?assword:" }

Send password aka $password

send -- "$passwordr"

send blank line (r) to make sure we get back to gui

send -- "r" expect "r" log_user 1

Now we wait up to 30 seconds for output, no more

set timeout 30 expect { timeout {puts "CRITICAL: execution of $scriptname timed out after 30 seconds" ; exit 2} eof }

set waitret [wait] catch {close}

set state [lindex $waitret 2] exit [lindex $waitret 3] What this script does is fairly easy to understand (once it’s been explained to you!). It starts ssh with the passed arguments (a maximum of 8), against the server you specify and with a password you specify as well. It returns the status value of the remoted (remotely invoked) command.

The script suppresses any SSH output not related to the command, so beware: if the password is wrong, you will not be told. The script also make SSH not prompt for host authentication, so if you’re finicky about security, perhaps this is the wrong approach for you. But it works for me, so let’s go on. Again, keep reading.

Pages: 1 2 3 4 5 6 7

This entry was posted on Sunday, September 17th, 2006 at 1:58 and is filed under Free software, Server management, Software bacán, Tutorials. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.