Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

TTY ECHO issue with EXPECT script

Posted on 2004-03-24
15
Medium Priority
?
2,067 Views
Last Modified: 2013-12-27
The following script works, BUT it echos the Passphrase and Password when it does the send.  The "stty -echo" works for hiding it while I input it... I but I don't want it to show when it is sent either.

--------- BEGIN SCRIPT -------
     #!/opt/sfw/bin/expect

     set prompt "(>|%|#|\\\$) $"

     stty -echo

     send_user "\nPassPhrase: "
     expect_user -re "(.*)\n"
     set passphrase $expect_out(1,string)

     send_user "\nPassword: "
     expect_user -re "(.*)\n"
     set password $expect_out(1,string)

     spawn ssh SOMEHOST
     expect passphrase
     send $passphrase\r
     expect "password:"
     send $password\r
     expect -re $prompt

     send "uname -a\r"

     expect eof
--------- END SCRIPT -------
0
Comment
Question by:stewbeast
  • 5
  • 4
  • 3
  • +2
14 Comments
 
LVL 48

Expert Comment

by:Tintin
ID: 10672427
I assume the above script is just an example as it makes no sense to make it an expect script.
0
 
LVL 1

Author Comment

by:stewbeast
ID: 10676876
Correct, the ultimate goal will be to just use my public key for the ssh auth ( which I already do ).. but this script will be altered slightly to actually do something more like "sudo vxdisk list".  And I wish to be able to pass my password in once and have it applied for sudo commands.  And since making test scripts that actually use sudo would be a bad itea for lotsa of reasons... I decided that the same issues could be resolved using a test script.  Bottom line here is I need to be able to protect passwords from prying eyes while I run administrative scripts.

If someone here wants to go the extra mile and help me with syntax for expect script that can loop through a simple file that lists hostnames to run this simple uname command or someting more elaborate.. and redirect/append the uname output to a local file ( i don't want out from al the other expect prompts and such ), I would might award a few hundred more points.  Since you would be saving me a day or 2 of playing around all by myself on this task.
0
 
LVL 48

Expert Comment

by:Tintin
ID: 10682217
To turn echoing off, you need to use the system command, eg:

system stty -echo
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 51

Expert Comment

by:ahoffmann
ID: 10696651
why not using ssh-agent?
0
 
LVL 1

Author Comment

by:stewbeast
ID: 10696925
ahoffman,

ssh=agent works fine. public key with not passphrase works fine... that is not the point.  I stated above... this is a dumb example script... the passphrase will never be used in the actual production script, but the password will because rather than a "uname" command that I used just for sake of doing SOMETHING I will actually be using sudo commands ( for which I WILL have to manually enter or pass a password to ).  There are over 1200 ( yes, 1thousand 2 hundred ) hosts that I need to perform tasks on, and running scripts that I must sudo gets rediculous at that point.  

There is no way I am gonna run test scripts ( which log everything I do in sudolog ) on hosts while I work through the clear echo issue.. hence the dumb test script that does work for the sake of work so I can test with it.

tintin,
I have not tried the "system stty -echo" ... as you can see from the above example , I have tried "stty -echo".  I will give it a stab on Monday your way.  As an interesting note.  I have seen the script run properly only once... I ran the script, it prompted me for password ( hidden as it should be ) then ran the ssh command and kept the passwords hiddden... WOW i thought, this is great... so I recalled the command from history and immediately ran it again... it kep password hidden when I typed them in as before, but them when running ssh command PLOP, there it was again... passed it in AND displayed it. *sigh*
Third and fourth ( for sanity) where the same bad result.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 10699456
if you use a ssh key and ssh-agent, you just start ssh-agent once and give the passphrase there
then simple do
  ssh root@1of1200 your-command
0
 
LVL 1

Author Comment

by:stewbeast
ID: 10700158
ahoffman, it is not about using ssh, I know how to do that... I already use the agent for my passphrase and keys, I purposely removed my key from authorized_keys2 on a dev box so that I could test expect with hiding info that I prompted for and then use "send" to send that info to "expect" pattern matches and still keep it hidden.  I appreciate your responses... but I need to focus on the expect aspect of it all.
0
 
LVL 48

Expert Comment

by:Tintin
ID: 10700267
Have you tried the

system stty -echo

yet?
0
 
LVL 1

Author Comment

by:stewbeast
ID: 10700863
I have not tried it yet, I will try in the morning. Thanks
0
 
LVL 1

Author Comment

by:stewbeast
ID: 10704287
OK, I just tried "system stty -echo" at beginning and "system stty echo" at end.  There are no syntax errors or anything with preceeding the stty command with "system" but the result is that same.  It still echos my password to the scren when it answers the expected prompt.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 10704402
move the   stty -echo   command right after your   spawn ssh   command
If this does not help, try also
   stty -echo < [exec tty]
0
 
LVL 48

Expert Comment

by:Tintin
ID: 10709377
Hmm.

It's a bit of a strange one.

If you look at http://rootprompt.org/article.php3?article=5760  you'll see the expect script there is asking for the password in pretty much the same way you originally tried.
0
 
LVL 5

Expert Comment

by:Droby10
ID: 10724049
expect has no control over whether the password is printed to tty or not in this case, it's being sent to stdin for the application not the device.  what you are seeing is more dependent on the echoing nature of the application (err state of the application) being run.  something tells me your send password is out of sync with the ssh process password prompt.  you might try a shortened version (just the login process, hardcoded values) just to verify, throw in a few sleeps and send_users to observe/debug when events occur.

--------- BEGIN SCRIPT -------
     #!/opt/sfw/bin/expect
     set prompt "(>|%|#|\\\$) $"

     set passphrase "SOMEPASSPHRASE"
     set password "SOMEPASSWORD"

     spawn ssh SOMEHOST
     expect "passphrase"
     send_user "I got passphrased\n"
     sleep 2
     send "$passphrase\r"

     expect "password:"
     send_user "I got passworded\n"
     sleep 2
     send "$password\r"
     interact
     expect eof
--------- END SCRIPT -------

you might also try moving interact just below the expect "password:" line, and manually entering the password - if it echos back then you can at least see where it's attempting to enter this.
0
 
LVL 5

Accepted Solution

by:
Netminder earned 0 total points
ID: 11338627
PAQed - no points refunded (of 500)

Netminder
EE Admin
0

Featured Post

Ask an Anonymous Question!

Don't feel intimidated by what you don't know. Ask your question anonymously. It's easy! Learn more and upgrade.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello fellow BSD lovers, I've created a patch process for patching openjdk6 for BSD (FreeBSD specifically), although I tried to keep all BSD versions in mind when creating my patch. Welcome to OpenJDK6 on BSD First let me start with a little …
Why Shell Scripting? Shell scripting is a powerful method of accessing UNIX systems and it is very flexible. Shell scripts are required when we want to execute a sequence of commands in Unix flavored operating systems. “Shell” is the command line i…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Suggested Courses
Course of the Month6 days, 18 hours left to enroll

782 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question