I need to automate an openvpn connection to a server that requires me to enter a password.
I can do this with expect but I don't want to keep the password in plain text in the script.
I found encpass to help encrypt the password which I just need to source and get it to get the encrypted version of the password.
The problem comes when I try to pass the unencrypted password to expect. From what I understand, expect and bash are 2 different environments and bash cannot run expect. What I have so far is the following:
#!/usr/bin/env bash
source encpass.sh
password=$(get_secret)
{
/usr/bin/expect <<EOF
spawn openvpn /home/pi/client.ovpn
expect "Enter Private Key Password:"
send $password
interact
EOF
}
The end result is I run this and it starts the VPN and the script enters the password in the prompt.
If there is a simpler way of doing it, please let me know.
I have tried to automate it with just openvpn and a --auth-user-pass switch pointing to a file with the password in it but I couldn't get that working either.
Two ideas spring to mind:
if you want to embed expect code into a shell script, use the environment
to pass values, and use a quoted heredoc to avoid quoting hell (don't forget
to "hit enter" for the send command)
#!/usr/bin/env bash
source encpass.sh
password=$(get_secret)
export password
/usr/bin/expect <<'EOF'
spawn openvpn /home/pi/client.ovpn
expect "Enter Private Key Password:"
send "$env(password)\r"
interact
EOF
do it all in expect
#!/usr/bin/env expect
set password [exec bash -c {source encpass.sh && get_secret}]
spawn openvpn /home/pi/client.ovpn
expect "Enter Private Key Password:"
send "$password\r"
interact
Related
I'm trying to make a script connecting via an SSH connection to a server and executing some commands. The first part works:
#!/usr/bin/expect -f
spawn ssh address
expect "password:"
send "password\r"
interact
but after that I want to execute some more commands, e.g cd to directory, launch some more scripts etc. Is there any way to implement these things ?
try following:
#!/usr/bin/expect
set login "any_user"
set addr "some_address"
set pw "any_pwd"
spawn ssh -t $login#$addr
expect "$login#$addr\'s password:"
send "$pw\r"
expect "~" ; # put here string from your server prompt
send "mkdir some_dir\r"
interact
This is one of the command, you could try other commands like cd, any other scripts too in it and let us know if any queries.
I want to created .sh file
// Tried to connect to ftp server
ftp name_of_server
//input user name
username
//input password
password
link given below
https://github.com/prokid221/shell-programing.git
Instead of login, it again asked to enter username and password
can any one help with this problem?
If you only need file transfers, you could use curl.
download a file:
curl -O -u user:password ftp://example.com/some-file
upload a file:
curl -T some-file -u user:password ftp://example.com
Note: This method may result in your credentials being saved in your command history.
The best solution is to look at your ftp command manual. It probably provides command line flags or can use environment variables to allow you to specify username and password.
If there is no such thing, an alternate way is to feed ftp standard input. I guess this is what you try to do, but instead here is what your script does:
Run ftp and wait for the command to return. That's where ftp asks about username.
Once ftp returned, run a command named after the username. There is probably no command of that name so it will complain about it.
Then, run a command named after the password. It will fail too, but depending on the special characters in the password, it could become a disaster :-)
So, to really feed stdin, you can use printf(1):
printf "username\npassword\n" | ftp name_of_website
Edit: Another way I forgot is to put those informations in the URL: ftp://username:password#name_of_website.
Try :
#!/bin/sh
HOST='your.ftp.server.net'
USER='yourid'
PASSWD='yourpw'
FILE='file.txt'
ftp -n $HOST <<END_SCRIPT
quote USER $USER
quote PASS $PASSWD
#put $FILE
#quit
END_SCRIPT
exit 0
If you want to provide hostname from outside the script as commandline, then you can use,
HOST = $1 ,
So if you scriptname is serverftp.sh, you would provide hostname as;
serverftp.sh <ftp_server_name>
how about use expect in shell script?
#!/bin/sh
SERVER="example.com"
ID="toor"
PASSWD="secret"
expect <<EOF
spawn ftp $SERVER
expect ": "
send "$ID\r"
expect "Password:"
send "$PASSWD\r"
expect "ftp>"
send "ls\r
expect "ftp>"
send "quit\r
interact
EOF
I am having difficulty passing a password through a bash script for an ssh connection. I have everything working, but it still prompts me for the password instead of pulling the stored password. Please take a look at the portion of the script below, and let me know if there is something obvious I'm doing wrong:
#! /bin/bash
echo "Please enter a username:"
read user
echo "please enter a password:"
read password
echo please enter an IP address:"
read ip
ssh "$user"#"$ip"
expect "password:"
send "<password>\r"
interact
I have tried different variations of the "send" line. For instance, I've tried "password\r" and password\r. I've also tried modifying the "expect" line to mirror the exact text returned by the attempted SSH connection.
Thanks for any help that can be provided.
SSH contains code to prevent password theft by redirecting standard I/O.
The correct solution is to generate a private/public key pair with ssh-keygen. Install the public key on the remote side. ssh-copy-id will help.
Then you can use the SSH agent to load the private key into memory and SSH won't ask for a password or key phrase.
Related:
https://askubuntu.com/questions/46930/how-can-i-set-up-password-less-ssh-login
I am trying to access remote ssh server from a unix client machine. For this i have used expect script which is calling a bash script to fetch some lines from server log file.
Below is my code:
#!/usr/local/bin/expect -f
set pass "password"
set prompt "(%|$|#)"
spawn ssh deployed#172.16.166.111
expect "password:"
send "$pass\r"
expect -re $prompt
send -- "./access_srvr_log.sh\r"
send -- "exit\r"
code for access_srvr_log.sh file:
#!/usr/local/bin/expect
dir="/home/deployer/Desktop/McKinsey-McKinsey-AdminPanel/log"
tail -n 100 $dir/development.log
echo "hello"
echo >> log.txt
i get this error :
./access_srvr_log.sh
-bash: ./access_srvr_log.sh: No such file or directory
Please help. I have tried lot many changes on the above code and finally reached here.
Thanks.
Friends don't let friends use SSH passwords. It's much less secure.
Use ssh-copy-id to copy your public key to the remote server. (It puts the client ~/.ssh/id_rsa.pub into the server .ssh/authorized_keys) Now you can run "ssh deployer#172.16.144.111 ./access_srvr_log.sh", and it won't prompt for a password. That means you no longer need expect and all the odd problems that come with it.
In fact, it's highly recommended that you disable SSH passwords all together.
To make your script even simpler (maintenance-wise) do this:
1) run ssh-keygen -f ~/.ssh/scriptkey on your client (don't enter a password).
2) Put the public part of your key (~/.ssh/scriptkey.pub on the client) into .ssh/authorized_keys on the server. But this time, put command="/home/deployer/access_srvr_log.sh" just before your new key. This tells the server to run that command for that key.
3) Now your script doesn't even need to specify the command, just the private key. (i.e. scp -i ~/.ssh/scriptkey deployer#172.16.144.111 will run the script). This allows the server to change (i.e. move the script, change the script name) without changing the client. It also means someone stealing your (non-password-protected) key can't log in to the server, but only run your log script.
And there are no guessable passwords laying around in scripts. (You are checking your scripts into version control, right?)
You can simplify it down too
#!/bin/bash
{
/usr/bin/expect <<- EOF
spawn ssh deployer#172.16.144.111 "tail -n 100 /home/deployer/Desktop/McKinsey-McKinsey-AdminPanel/log/development.log"
expect "password:"
send "deployer\r"
expect eof
EOF
} |grep -v "deployer#172.16.144.111's password:">> log.txt
I realize this question has been asked a few times but I could not find a relevant answer anywhere in my searching.
I am working in a development environment where security is not an issue and anyone could just guess the password if the thought for a few seconds.
What I am trying to do is simple. I have created an alias function in my local .bashrc file and I would like this function to automatically log into a machine with a default password.
My current implementation looks something like this:
function s () {
ssh root#192.168.1.$1
}
When I run it I get something like this:
~]s 122
ssh root#192.168.1.122
root#192.168.1.122's password:
Using Bash, and not using RSA keys I would like to get this to use the default password 'password'.
I've tried the following where IP and User have already been set.
Do=$(expect -c "
spawn ssh $User#${IP[0]}.${IP[1]}.${IP[2]}.${IP[3]}
expect \"yes/no\"
send \"yes\r\"
expect \"assword\" send \"password\"")
echo $Do
$Do
It gives the follwing error:
Connecting and logging into server using expect
usage: send [args] string
while executing
"send"
invoked from within
"expect "assword" send "password""
Administrator#192.168.1.176's password:
bash: spawn: command not found...
Using the following command I am able to connect a machine. If I remove the interact it just runs the uptime command and closes the connection. With the interact command I am unable to see what I am typing or actually interact with the machine. Any ideas?
Do=$(expect -c "spawn ssh $User#${IP[0]}.${IP[1]}.${IP[2]}.${IP[3]}; set timeout 4; expect \"assword\"; send \"password\n\"; expect \"test\"; send \"uptime\n\"; interact;");echo $Do;
You can do this with the expect tool: http://expect.sourceforge.net/
It's widely available, so depending on your system, the equivalent of sudo apt-get install expect or yum install expect will install it.
Here's an example of an expect script with ssh. This logs you in and gives you control of the interactive prompt:
#!/usr/bin/expect
set login "root"
set addr "127.0.0.1"
set pw "password"
spawn ssh $login#$addr
expect "$login#$addr\'s password:"
send "$pw\r"
expect "#"
send "cd /developer\r"
interact
Here's an example of how to use expect as part of a bash script. This logs in with ssh, cd to /var, runs a script, then exits the ssh session.
#!/bin/bash
...
login_via_ssh_and_do_stuff() {
# build the expect script in bash
expect_sh=$(expect -c "
spawn ssh root#127.0.0.1
expect \"password:\"
send \"password\r\"
expect \"#\"
send \"cd /var\r\"
expect \"#\"
send \"chmod +x my_script.sh\r\"
expect \"#\"
send \"./my_script.sh\r\"
expect \"#\"
send \"exit\r\"
")
# run the expect script
echo "$expect_sh"
}
You can leave these snippets in a script on your local system, and then just alias to the scripts.
Also: I know you said security isn't an issue, but I'd like to just note, again, that the "proper" way to ssh without using a password is to use a ssh key-pair =)
Use sshpass which is available in package repositories on major Linux-es.
For example, when password is in password.txt file:
sshpass -fpassword.txt ssh username#hostname
sshpass runs ssh in a dedicated tty, fooling it into thinking it is
getting the password from an interactive user.