Solved

using expect with scp

Posted on 2000-03-07
9
1,164 Views
Last Modified: 2013-12-26
I am wanting to use expect to automate the copying of files from one system to another with scp, the secure copy command.  Below is the syntax of my scp command:

% scp username@host_a:filename filename

This then gives me the following prompt:

username@host_a's password:

I want to use expect to automate the entering of the password, but I can't figure out how to do this.  I'm aware of some security flaws with this approach and am taking some measures to reduce the risks.  Below is the expect script I have written so far:

#!/usr/bin/expect -f

set timeout 3600
spawn /usr/local/SSH/bin/scp user@server1:setEnv.sh /tmp/setEnv.sh

expect
{
  -re "*password*"
}
send "password\r"

My understanding of expect is quite rudimentary, but I am hoping to be able to work this out.  A correction to this script, or a very similar script which leads me to the solution would be great.
0
Comment
Question by:ragnar
9 Comments
 
LVL 20

Expert Comment

by:tfewster
ID: 2593452
You don't say what the problem is, and I don't understand what you are trying to do with the
> expect
> {
>   -re "*password*"
> }

construction: For this purpose, you should be able to get away with:

#!/usr/bin/expect --
# What does "-f" do?

set timeout 3600
spawn /usr/local/SSH/bin/scp user@server1:setEnv.sh /tmp/setEnv.sh

expect "password:"
send "my_password\r"

( This is cribbed from the O'Reilly book
http://www.oreilly.com/catalog/expect/chapter/ch03.html )

For debugging expect scripts, it may be easier to run the expect interpreter and feed it the commands one by one.

If scp encrypts the password before sending it and the file as it's being received, IMO the main security risk is if other people have permission to read or execute your script.


Hope this helps,
Tim
0
 
LVL 3

Expert Comment

by:monas
ID: 2600303
why do you need expect for this? scp uses ssh for transport. And ssh could be set up to allow you without password from another mashine, given:
1) you permited that by creating .shosts in you  remote home;
2) remote mashine has your client mashine's public_key;
3) administrator of remote did not block this possibility.

ssh's documentation on subject:-----------
          First, if the machine the user logs in from is listed in
          /etc/hosts.equiv or /etc/shosts.equiv on the remote machine,
          and the user names are the same on both sides, the user is
          immediately permitted to log in.  Second, if .rhosts or
          .shosts exists in the user's home directory on the remote
          machine and contains a line containing the name of the
          client machine and the name of the user on that machine, the
          user is permitted to log in.  This form of authentication
          alone is normally not allowed by the server because it is
          not secure.

          The second (and primary) authentication method is the rhosts
          or hosts.equiv method combined with RSA-based host
          authentication.  It means that if the login would be
          permitted by .rhosts, .shosts, /etc/hosts.equiv, or
          /etc/shosts.equiv, and additionally it can verify the
          client's host key (see $HOME/.ssh/known_hosts and
          /etc/ssh_known_hosts in the FILES section), only then login
          is permitted.  This authentication method closes security
          holes due to IP spoofing, DNS spoofing and routing spoofing.
          [Note to the administrator:  /etc/hosts.equiv, .rhosts, and
          the rlogin/rsh protocol in general, are inherently insecure          and should be disabled if security is desired.]
--------

Good Look!
0
 
LVL 40

Expert Comment

by:jlevie
ID: 2610444
If you'll post an acopy of exactly what's on the screen when you do an interactive scp copy (names/passwd changed...), I'm fairly sure I could write an expect script that would get the job done. As a reference look at question http://www.experts-exchange.com/jsp/qShow.jsp?ta=unix&qid=10307277 
0
 
LVL 3

Accepted Solution

by:
jyu_88 earned 150 total points
ID: 2618448
ssh-keygen to generate a pair of keys for youself.

apppend your ~/.ssh/identity.pub to server1 at /home/user1/.ssh/authorized_keys.

to save the hassle of dealing interaction, use a null passphrase for your private key during key generation.

If you need passphrase, then you need to use ssh-agent to answer the question about passphrase.

with all this setup, you should be able to do
scp this.file user1@server:/tmp/that.file

with no question asked.
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 3

Expert Comment

by:jyu_88
ID: 2618450
ah, my description is for ssh1. If you are useing ssh2, the setup is slightly different. Let me know you are using ssh2 so that we can do it 100% SSH way.
0
 
LVL 5

Expert Comment

by:Nisus091197
ID: 4534361
Hi,

I am using ssh2 and require solution.  I have just bought this answer and unfortunately I do not think this will work.

Please advise.

Thanks, M.
0
 
LVL 3

Expert Comment

by:jyu_88
ID: 4535139
what exactly made you think it will not work?


ssh2 from Fsecure or ssh2 as in openssh?
the public key format is different; and authorization and authentication file are different. openssh's support for ssh2 works similar to ssh1, with ~/.ssh/authorized_keys2 instead of ~/.ssh/authorized_keys as in ssh1.
Fsecure's ssh2 use ~/.ssh2 and 'identification'
0
 
LVL 5

Expert Comment

by:Nisus091197
ID: 4540802
Thanks for the prompt reply.  I'll try it in the morning.
0
 
LVL 5

Expert Comment

by:Nisus091197
ID: 4553606
Hi all,

Thanks to jyu_88 for the guidance.

The version of secure shell I have downloaded uses two files called 'authorization' and 'identification'.

I have developed a solution.

A good resource to help me was a mirror of the ssh.org's FAQs:

http://www.tigerlair.com/ssh/faq/ssh-faq-4.html

Regards, M.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Running shell command from Access 3 69
Pressing cancel button with C# UI Automation 3 52
maxBlock challenge 30 112
has22 challenge 11 80
Introduction: The undo support, implementing a stack. Continuing from the eigth article about sudoku.   We need a mechanism to keep track of the digits entered so as to implement an undo mechanism.  This should be a ‘Last In First Out’ collec…
If you use Adobe Reader X it is possible you can't open OLE PDF documents in the standard. The reason is the 'save box mode' in adobe reader X. Many people think the protected Mode of adobe reader x is only to stop the write access. But this fe…
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
This video will show you how to get GIT to work in Eclipse.   It will walk you through how to install the EGit plugin in eclipse and how to checkout an existing repository.

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now