Develop Reference

Setting variables in expect script has no effect

I'm trying to write a script to get a password from my Mac keychain and use it to add a password protected key to the keychain (using ssh-add). It's meant to be part of a collection of scripts that get sourced by zsh. Currently my scripts looks like this
cat <<EOF | expect -d
set password [exec /usr/bin/security find-generic-password -s SSH -w]
puts "$password"
spawn -noecho /usr/bin/ssh-add $::env(HOME)/.ssh/id_ecdsa
expect -timeout 3 "Enter passphrase for"
send "$password\r"
interact
EOF
The puts "$password" is purely there for debug purposes. And I get the following results
$ source .zshrc.d/090_ssh_keys
Password:
Enter passphrase for /Users/james.dominy/.ssh/id_ecdsa:
$ ssh-add -l
The agent has no identities.
As you can see, the password variable isn't being set; I've tried changing the variable name, and as a debugging effort, I've tried setting it to a number (set password 1) and to a string literal (set password "a") but those don't work either. However, if I cut and paste this into an interactive expect session, everything works as expected
expect1.1> set password [exec /usr/bin/security find-generic-password -s SSH -w]
**********
expect1.2> puts $password
**********
expect1.3> spawn -noecho /usr/bin/ssh-add $::env(HOME)/.ssh/id_ecdsa
89080
expect1.4> expect -timeout 3 "Enter passphrase for"
Enter passphrase for /Users/sirlark/.ssh/id_ecdsa: expect1.5> send "$password\r"
expect1.6> interact
Identity added: /Users/sirlark/.ssh/id_ecdsa (sirlark main ssh key)
expect1.7> %
Password obscured obviously, but this works. Why?

Bash Script - SSH Connection

I am having difficulty passing a password through a bash script for an ssh connection. I have everything working, but it still prompts me for the password instead of pulling the stored password. Please take a look at the portion of the script below, and let me know if there is something obvious I'm doing wrong:
#! /bin/bash
echo "Please enter a username:"
read user
echo "please enter a password:"
read password
echo please enter an IP address:"
read ip
ssh "$user"#"$ip"
expect "password:"
send "<password>\r"
interact
I have tried different variations of the "send" line. For instance, I've tried "password\r" and password\r. I've also tried modifying the "expect" line to mirror the exact text returned by the attempted SSH connection.
Thanks for any help that can be provided.

SSH contains code to prevent password theft by redirecting standard I/O.
The correct solution is to generate a private/public key pair with ssh-keygen. Install the public key on the remote side. ssh-copy-id will help.
Then you can use the SSH agent to load the private key into memory and SSH won't ask for a password or key phrase.
Related:
https://askubuntu.com/questions/46930/how-can-i-set-up-password-less-ssh-login

How to stop authentication of host message from coming up.

I am writing a script to log into multiple Cisco routers. I am running into and issue. This message pops up every time. "The authenticity of host 'x.x.x.x (x.x.x.x)' cant be established RSA key fingerprint is X. Are you sure you want to continue connecting (yes/no)?
From everything I have read about this says this is normal for the first time sshing into it, but it should store the RSA key and no longer display this message. Is there anyway to stop this message from popping up?
Here is my code so far.
#!/usr/bin/expect -f
spawn ssh -l user x.x.x.x
sleep 3
expect "*word"
send "mypassword"
send \r

Add the following to your ssh options:
-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no

Alternatively, to avoid host key verification and not use known_hosts file for a particular remote machine, you can also add the following to /etc/ssh/ssh_config:
Host remote_machine_ip
StrictHostKeyChecking no
UserKnownHostsFile=/dev/null
/etc/ssh/ssh_config - Golbal configuration
$HOME/.ssh/config - User-specific configuration

You can expect that prompt to occur, and actually answer it:
spawn ssh -l user x.x.x.x
expect {
"connecting (yes/no)" {send "yes\r"; exp_continue}
"password:" {send "mypassword\r"}
}
exp_continue basically acts as a loop so that you can keep waiting for the password prompt.
If the "connecting" prompt does not occur, no problem: expect will see the password prompt and carry on.

Pass parameters from a script that are passed by keyboard

I need to write a shell script that help me to automatically connect to vpn after executing this script
A vpnc program require following inputs
root#xmpp3:/home/test/Desktop/ScriptTovpnc# vpnc
Enter IPSec gateway address:
Enter IPSec ID for :
Enter IPSec secret for #:
Enter username for :
Enter password for #:
vpnc: unknown host `'
I am unable to write script,how i will pass all these parameters in that script.

anishsane's comment is right. Use a config file!
But just in case here is expect script that automates the entering of your data:
#!/usr/bin/expect
spawn vpnc
expect "Enter IPSec gateway address;"
send "yourdata\r";
expect "Enter IPSec ID for"
send "yourdata\r";
expect "Enter IPSec secret for"
send "yourdata\r";
expect "Enter username for"
send "yourdata\r";
expect "Enter password for"
send "yourdata\r";
And you can make it smaller if you pass most of your data as command line arguments as suggested by Jonathan:
#!/usr/bin/expect
spawn vpnc --gateway yourgateway --id yourid --username yourusername
expect "Enter IPSec secret for"
send "yourdata\r";
expect "Enter password for"
send "yourdata\r";
But as already mentioned, it is not the way to go. Use a config file instead.

Way to automatically enter in shell password?

So I have a script that ssh into another computer. Since I use it often, I was wondering if I could have the script automatically enter in the password prompted by ssh, or in any other way bypass copy-pasting the password every single time I run the script?

Better setup up ssh keys with empty passphrase than putting your password in a script.
https://wiki.archlinux.org/index.php/SSH_Keys

It may be better to have a passphrase-less private key on the client side, paired with a public key in the server-side authorized_keys file with a specific command that gets run.
For example, having the following in .ssh/authorized_keys2 for the given user on the remote host:
command="date" ssh-rsa AAAAB3NzaC1yc2EAAAABIw[...]Q== Comment for passphraseless key
Will only ever run date when you connect using that key:
[localhost] % ssh -i /path/to/id user#remotehost
Sun 20 Nov 2011 20:29:59 EST
Connection to remotehost closed.