I need to write a shell script that help me to automatically connect to vpn after executing this script
A vpnc program require following inputs
root#xmpp3:/home/test/Desktop/ScriptTovpnc# vpnc
Enter IPSec gateway address:
Enter IPSec ID for :
Enter IPSec secret for #:
Enter username for :
Enter password for #:
vpnc: unknown host `'
I am unable to write script,how i will pass all these parameters in that script.
anishsane's comment is right. Use a config file!
But just in case here is expect script that automates the entering of your data:
#!/usr/bin/expect
spawn vpnc
expect "Enter IPSec gateway address;"
send "yourdata\r";
expect "Enter IPSec ID for"
send "yourdata\r";
expect "Enter IPSec secret for"
send "yourdata\r";
expect "Enter username for"
send "yourdata\r";
expect "Enter password for"
send "yourdata\r";
And you can make it smaller if you pass most of your data as command line arguments as suggested by Jonathan:
#!/usr/bin/expect
spawn vpnc --gateway yourgateway --id yourid --username yourusername
expect "Enter IPSec secret for"
send "yourdata\r";
expect "Enter password for"
send "yourdata\r";
But as already mentioned, it is not the way to go. Use a config file instead.
Related
I need to automate an openvpn connection to a server that requires me to enter a password.
I can do this with expect but I don't want to keep the password in plain text in the script.
I found encpass to help encrypt the password which I just need to source and get it to get the encrypted version of the password.
The problem comes when I try to pass the unencrypted password to expect. From what I understand, expect and bash are 2 different environments and bash cannot run expect. What I have so far is the following:
#!/usr/bin/env bash
source encpass.sh
password=$(get_secret)
{
/usr/bin/expect <<EOF
spawn openvpn /home/pi/client.ovpn
expect "Enter Private Key Password:"
send $password
interact
EOF
}
The end result is I run this and it starts the VPN and the script enters the password in the prompt.
If there is a simpler way of doing it, please let me know.
I have tried to automate it with just openvpn and a --auth-user-pass switch pointing to a file with the password in it but I couldn't get that working either.
Two ideas spring to mind:
if you want to embed expect code into a shell script, use the environment
to pass values, and use a quoted heredoc to avoid quoting hell (don't forget
to "hit enter" for the send command)
#!/usr/bin/env bash
source encpass.sh
password=$(get_secret)
export password
/usr/bin/expect <<'EOF'
spawn openvpn /home/pi/client.ovpn
expect "Enter Private Key Password:"
send "$env(password)\r"
interact
EOF
do it all in expect
#!/usr/bin/env expect
set password [exec bash -c {source encpass.sh && get_secret}]
spawn openvpn /home/pi/client.ovpn
expect "Enter Private Key Password:"
send "$password\r"
interact
I'm new to expect and I want to use expect to log in to a VPN. I have picked up pieces of code from the forums but I still can't get it to work. It fails to send my root password. Is the syntax-correct. Below is an example of the commands I'm running manually to login to the
VPN. Thank you in advance.
sudo openvpn 'US California.ovpn'
sudo] password for tony:password
Enter Auth Username: user
Enter Auth Password: password
The expect script:
set vpnuser "user"
set vpnpassword "password"
set rootpassword "password9010"
spawn sudo openvpn 'US California.ovpn'
expect "*ssword: "
send "$rootpassword\r" #mysetver password to login as root
expect "Enter Auth Username:\r:"
send "$vpnuser"
expect "Enter Auth Password:\r"
send "$vpnpassword"
If this is the prompt you are getting:
sudo openvpn 'US California.ovpn'
sudo] password for tony:password
Enter Auth Username: user
Enter Auth Password: password
Then you are expecting wrong after spawn since above also says for tony
You need to write expect "*password*:"
Similarly you should write other expect like this:
expect "Enter Auth Username: " no need to put \r:
Also
expect "Enter Auth Password: "
So code becomes:
set vpnuser "user"
set vpnpassword "password"
set rootpassword "password9010"
spawn sudo openvpn 'US California.ovpn'
expect "*password*:"
send "$rootpassword\r" #mysetver password to login as root
expect "Enter Auth Username: "
send "$vpnuser\r"
expect "Enter Auth Password: "
send "$vpnpassword\r"
Hope this helps
I'm trying to write a script to get a password from my Mac keychain and use it to add a password protected key to the keychain (using ssh-add). It's meant to be part of a collection of scripts that get sourced by zsh. Currently my scripts looks like this
cat <<EOF | expect -d
set password [exec /usr/bin/security find-generic-password -s SSH -w]
puts "$password"
spawn -noecho /usr/bin/ssh-add $::env(HOME)/.ssh/id_ecdsa
expect -timeout 3 "Enter passphrase for"
send "$password\r"
interact
EOF
The puts "$password" is purely there for debug purposes. And I get the following results
$ source .zshrc.d/090_ssh_keys
Password:
Enter passphrase for /Users/james.dominy/.ssh/id_ecdsa:
$ ssh-add -l
The agent has no identities.
As you can see, the password variable isn't being set; I've tried changing the variable name, and as a debugging effort, I've tried setting it to a number (set password 1) and to a string literal (set password "a") but those don't work either. However, if I cut and paste this into an interactive expect session, everything works as expected
expect1.1> set password [exec /usr/bin/security find-generic-password -s SSH -w]
**********
expect1.2> puts $password
**********
expect1.3> spawn -noecho /usr/bin/ssh-add $::env(HOME)/.ssh/id_ecdsa
89080
expect1.4> expect -timeout 3 "Enter passphrase for"
Enter passphrase for /Users/sirlark/.ssh/id_ecdsa: expect1.5> send "$password\r"
expect1.6> interact
Identity added: /Users/sirlark/.ssh/id_ecdsa (sirlark main ssh key)
expect1.7> %
Password obscured obviously, but this works. Why?
I am having difficulty passing a password through a bash script for an ssh connection. I have everything working, but it still prompts me for the password instead of pulling the stored password. Please take a look at the portion of the script below, and let me know if there is something obvious I'm doing wrong:
#! /bin/bash
echo "Please enter a username:"
read user
echo "please enter a password:"
read password
echo please enter an IP address:"
read ip
ssh "$user"#"$ip"
expect "password:"
send "<password>\r"
interact
I have tried different variations of the "send" line. For instance, I've tried "password\r" and password\r. I've also tried modifying the "expect" line to mirror the exact text returned by the attempted SSH connection.
Thanks for any help that can be provided.
SSH contains code to prevent password theft by redirecting standard I/O.
The correct solution is to generate a private/public key pair with ssh-keygen. Install the public key on the remote side. ssh-copy-id will help.
Then you can use the SSH agent to load the private key into memory and SSH won't ask for a password or key phrase.
Related:
https://askubuntu.com/questions/46930/how-can-i-set-up-password-less-ssh-login
I realize this question has been asked a few times but I could not find a relevant answer anywhere in my searching.
I am working in a development environment where security is not an issue and anyone could just guess the password if the thought for a few seconds.
What I am trying to do is simple. I have created an alias function in my local .bashrc file and I would like this function to automatically log into a machine with a default password.
My current implementation looks something like this:
function s () {
ssh root#192.168.1.$1
}
When I run it I get something like this:
~]s 122
ssh root#192.168.1.122
root#192.168.1.122's password:
Using Bash, and not using RSA keys I would like to get this to use the default password 'password'.
I've tried the following where IP and User have already been set.
Do=$(expect -c "
spawn ssh $User#${IP[0]}.${IP[1]}.${IP[2]}.${IP[3]}
expect \"yes/no\"
send \"yes\r\"
expect \"assword\" send \"password\"")
echo $Do
$Do
It gives the follwing error:
Connecting and logging into server using expect
usage: send [args] string
while executing
"send"
invoked from within
"expect "assword" send "password""
Administrator#192.168.1.176's password:
bash: spawn: command not found...
Using the following command I am able to connect a machine. If I remove the interact it just runs the uptime command and closes the connection. With the interact command I am unable to see what I am typing or actually interact with the machine. Any ideas?
Do=$(expect -c "spawn ssh $User#${IP[0]}.${IP[1]}.${IP[2]}.${IP[3]}; set timeout 4; expect \"assword\"; send \"password\n\"; expect \"test\"; send \"uptime\n\"; interact;");echo $Do;
You can do this with the expect tool: http://expect.sourceforge.net/
It's widely available, so depending on your system, the equivalent of sudo apt-get install expect or yum install expect will install it.
Here's an example of an expect script with ssh. This logs you in and gives you control of the interactive prompt:
#!/usr/bin/expect
set login "root"
set addr "127.0.0.1"
set pw "password"
spawn ssh $login#$addr
expect "$login#$addr\'s password:"
send "$pw\r"
expect "#"
send "cd /developer\r"
interact
Here's an example of how to use expect as part of a bash script. This logs in with ssh, cd to /var, runs a script, then exits the ssh session.
#!/bin/bash
...
login_via_ssh_and_do_stuff() {
# build the expect script in bash
expect_sh=$(expect -c "
spawn ssh root#127.0.0.1
expect \"password:\"
send \"password\r\"
expect \"#\"
send \"cd /var\r\"
expect \"#\"
send \"chmod +x my_script.sh\r\"
expect \"#\"
send \"./my_script.sh\r\"
expect \"#\"
send \"exit\r\"
")
# run the expect script
echo "$expect_sh"
}
You can leave these snippets in a script on your local system, and then just alias to the scripts.
Also: I know you said security isn't an issue, but I'd like to just note, again, that the "proper" way to ssh without using a password is to use a ssh key-pair =)
Use sshpass which is available in package repositories on major Linux-es.
For example, when password is in password.txt file:
sshpass -fpassword.txt ssh username#hostname
sshpass runs ssh in a dedicated tty, fooling it into thinking it is
getting the password from an interactive user.