stewbeast
asked on
TTY ECHO issue with EXPECT script
The following script works, BUT it echos the Passphrase and Password when it does the send. The "stty -echo" works for hiding it while I input it... I but I don't want it to show when it is sent either.
--------- BEGIN SCRIPT -------
#!/opt/sfw/bin/expect
set prompt "(>|%|#|\\\$) $"
stty -echo
send_user "\nPassPhrase: "
expect_user -re "(.*)\n"
set passphrase $expect_out(1,string)
send_user "\nPassword: "
expect_user -re "(.*)\n"
set password $expect_out(1,string)
spawn ssh SOMEHOST
expect passphrase
send $passphrase\r
expect "password:"
send $password\r
expect -re $prompt
send "uname -a\r"
expect eof
--------- END SCRIPT -------
--------- BEGIN SCRIPT -------
#!/opt/sfw/bin/expect
set prompt "(>|%|#|\\\$) $"
stty -echo
send_user "\nPassPhrase: "
expect_user -re "(.*)\n"
set passphrase $expect_out(1,string)
send_user "\nPassword: "
expect_user -re "(.*)\n"
set password $expect_out(1,string)
spawn ssh SOMEHOST
expect passphrase
send $passphrase\r
expect "password:"
send $password\r
expect -re $prompt
send "uname -a\r"
expect eof
--------- END SCRIPT -------
I assume the above script is just an example as it makes no sense to make it an expect script.
ASKER
Correct, the ultimate goal will be to just use my public key for the ssh auth ( which I already do ).. but this script will be altered slightly to actually do something more like "sudo vxdisk list". And I wish to be able to pass my password in once and have it applied for sudo commands. And since making test scripts that actually use sudo would be a bad itea for lotsa of reasons... I decided that the same issues could be resolved using a test script. Bottom line here is I need to be able to protect passwords from prying eyes while I run administrative scripts.
If someone here wants to go the extra mile and help me with syntax for expect script that can loop through a simple file that lists hostnames to run this simple uname command or someting more elaborate.. and redirect/append the uname output to a local file ( i don't want out from al the other expect prompts and such ), I would might award a few hundred more points. Since you would be saving me a day or 2 of playing around all by myself on this task.
If someone here wants to go the extra mile and help me with syntax for expect script that can loop through a simple file that lists hostnames to run this simple uname command or someting more elaborate.. and redirect/append the uname output to a local file ( i don't want out from al the other expect prompts and such ), I would might award a few hundred more points. Since you would be saving me a day or 2 of playing around all by myself on this task.
To turn echoing off, you need to use the system command, eg:
system stty -echo
system stty -echo
why not using ssh-agent?
ASKER
ahoffman,
ssh=agent works fine. public key with not passphrase works fine... that is not the point. I stated above... this is a dumb example script... the passphrase will never be used in the actual production script, but the password will because rather than a "uname" command that I used just for sake of doing SOMETHING I will actually be using sudo commands ( for which I WILL have to manually enter or pass a password to ). There are over 1200 ( yes, 1thousand 2 hundred ) hosts that I need to perform tasks on, and running scripts that I must sudo gets rediculous at that point.
There is no way I am gonna run test scripts ( which log everything I do in sudolog ) on hosts while I work through the clear echo issue.. hence the dumb test script that does work for the sake of work so I can test with it.
tintin,
I have not tried the "system stty -echo" ... as you can see from the above example , I have tried "stty -echo". I will give it a stab on Monday your way. As an interesting note. I have seen the script run properly only once... I ran the script, it prompted me for password ( hidden as it should be ) then ran the ssh command and kept the passwords hiddden... WOW i thought, this is great... so I recalled the command from history and immediately ran it again... it kep password hidden when I typed them in as before, but them when running ssh command PLOP, there it was again... passed it in AND displayed it. *sigh*
Third and fourth ( for sanity) where the same bad result.
ssh=agent works fine. public key with not passphrase works fine... that is not the point. I stated above... this is a dumb example script... the passphrase will never be used in the actual production script, but the password will because rather than a "uname" command that I used just for sake of doing SOMETHING I will actually be using sudo commands ( for which I WILL have to manually enter or pass a password to ). There are over 1200 ( yes, 1thousand 2 hundred ) hosts that I need to perform tasks on, and running scripts that I must sudo gets rediculous at that point.
There is no way I am gonna run test scripts ( which log everything I do in sudolog ) on hosts while I work through the clear echo issue.. hence the dumb test script that does work for the sake of work so I can test with it.
tintin,
I have not tried the "system stty -echo" ... as you can see from the above example , I have tried "stty -echo". I will give it a stab on Monday your way. As an interesting note. I have seen the script run properly only once... I ran the script, it prompted me for password ( hidden as it should be ) then ran the ssh command and kept the passwords hiddden... WOW i thought, this is great... so I recalled the command from history and immediately ran it again... it kep password hidden when I typed them in as before, but them when running ssh command PLOP, there it was again... passed it in AND displayed it. *sigh*
Third and fourth ( for sanity) where the same bad result.
if you use a ssh key and ssh-agent, you just start ssh-agent once and give the passphrase there
then simple do
ssh root@1of1200 your-command
then simple do
ssh root@1of1200 your-command
ASKER
ahoffman, it is not about using ssh, I know how to do that... I already use the agent for my passphrase and keys, I purposely removed my key from authorized_keys2 on a dev box so that I could test expect with hiding info that I prompted for and then use "send" to send that info to "expect" pattern matches and still keep it hidden. I appreciate your responses... but I need to focus on the expect aspect of it all.
Have you tried the
system stty -echo
yet?
system stty -echo
yet?
ASKER
I have not tried it yet, I will try in the morning. Thanks
ASKER
OK, I just tried "system stty -echo" at beginning and "system stty echo" at end. There are no syntax errors or anything with preceeding the stty command with "system" but the result is that same. It still echos my password to the scren when it answers the expected prompt.
move the stty -echo command right after your spawn ssh command
If this does not help, try also
stty -echo < [exec tty]
If this does not help, try also
stty -echo < [exec tty]
Hmm.
It's a bit of a strange one.
If you look at http://rootprompt.org/article.php3?article=5760 you'll see the expect script there is asking for the password in pretty much the same way you originally tried.
It's a bit of a strange one.
If you look at http://rootprompt.org/article.php3?article=5760 you'll see the expect script there is asking for the password in pretty much the same way you originally tried.
expect has no control over whether the password is printed to tty or not in this case, it's being sent to stdin for the application not the device. what you are seeing is more dependent on the echoing nature of the application (err state of the application) being run. something tells me your send password is out of sync with the ssh process password prompt. you might try a shortened version (just the login process, hardcoded values) just to verify, throw in a few sleeps and send_users to observe/debug when events occur.
--------- BEGIN SCRIPT -------
#!/opt/sfw/bin/expect
set prompt "(>|%|#|\\\$) $"
set passphrase "SOMEPASSPHRASE"
set password "SOMEPASSWORD"
spawn ssh SOMEHOST
expect "passphrase"
send_user "I got passphrased\n"
sleep 2
send "$passphrase\r"
expect "password:"
send_user "I got passworded\n"
sleep 2
send "$password\r"
interact
expect eof
--------- END SCRIPT -------
you might also try moving interact just below the expect "password:" line, and manually entering the password - if it echos back then you can at least see where it's attempting to enter this.
--------- BEGIN SCRIPT -------
#!/opt/sfw/bin/expect
set prompt "(>|%|#|\\\$) $"
set passphrase "SOMEPASSPHRASE"
set password "SOMEPASSWORD"
spawn ssh SOMEHOST
expect "passphrase"
send_user "I got passphrased\n"
sleep 2
send "$passphrase\r"
expect "password:"
send_user "I got passworded\n"
sleep 2
send "$password\r"
interact
expect eof
--------- END SCRIPT -------
you might also try moving interact just below the expect "password:" line, and manually entering the password - if it echos back then you can at least see where it's attempting to enter this.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.