Solved

TTY ECHO issue with EXPECT script

Posted on 2004-03-24
15
1,774 Views
Last Modified: 2013-12-27
The following script works, BUT it echos the Passphrase and Password when it does the send.  The "stty -echo" works for hiding it while I input it... I but I don't want it to show when it is sent either.

--------- BEGIN SCRIPT -------
     #!/opt/sfw/bin/expect

     set prompt "(>|%|#|\\\$) $"

     stty -echo

     send_user "\nPassPhrase: "
     expect_user -re "(.*)\n"
     set passphrase $expect_out(1,string)

     send_user "\nPassword: "
     expect_user -re "(.*)\n"
     set password $expect_out(1,string)

     spawn ssh SOMEHOST
     expect passphrase
     send $passphrase\r
     expect "password:"
     send $password\r
     expect -re $prompt

     send "uname -a\r"

     expect eof
--------- END SCRIPT -------
0
Comment
Question by:stewbeast
  • 5
  • 4
  • 3
  • +2
15 Comments
 
LVL 48

Expert Comment

by:Tintin
ID: 10672427
I assume the above script is just an example as it makes no sense to make it an expect script.
0
 
LVL 1

Author Comment

by:stewbeast
ID: 10676876
Correct, the ultimate goal will be to just use my public key for the ssh auth ( which I already do ).. but this script will be altered slightly to actually do something more like "sudo vxdisk list".  And I wish to be able to pass my password in once and have it applied for sudo commands.  And since making test scripts that actually use sudo would be a bad itea for lotsa of reasons... I decided that the same issues could be resolved using a test script.  Bottom line here is I need to be able to protect passwords from prying eyes while I run administrative scripts.

If someone here wants to go the extra mile and help me with syntax for expect script that can loop through a simple file that lists hostnames to run this simple uname command or someting more elaborate.. and redirect/append the uname output to a local file ( i don't want out from al the other expect prompts and such ), I would might award a few hundred more points.  Since you would be saving me a day or 2 of playing around all by myself on this task.
0
 
LVL 48

Expert Comment

by:Tintin
ID: 10682217
To turn echoing off, you need to use the system command, eg:

system stty -echo
0
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
LVL 51

Expert Comment

by:ahoffmann
ID: 10696651
why not using ssh-agent?
0
 
LVL 1

Author Comment

by:stewbeast
ID: 10696925
ahoffman,

ssh=agent works fine. public key with not passphrase works fine... that is not the point.  I stated above... this is a dumb example script... the passphrase will never be used in the actual production script, but the password will because rather than a "uname" command that I used just for sake of doing SOMETHING I will actually be using sudo commands ( for which I WILL have to manually enter or pass a password to ).  There are over 1200 ( yes, 1thousand 2 hundred ) hosts that I need to perform tasks on, and running scripts that I must sudo gets rediculous at that point.  

There is no way I am gonna run test scripts ( which log everything I do in sudolog ) on hosts while I work through the clear echo issue.. hence the dumb test script that does work for the sake of work so I can test with it.

tintin,
I have not tried the "system stty -echo" ... as you can see from the above example , I have tried "stty -echo".  I will give it a stab on Monday your way.  As an interesting note.  I have seen the script run properly only once... I ran the script, it prompted me for password ( hidden as it should be ) then ran the ssh command and kept the passwords hiddden... WOW i thought, this is great... so I recalled the command from history and immediately ran it again... it kep password hidden when I typed them in as before, but them when running ssh command PLOP, there it was again... passed it in AND displayed it. *sigh*
Third and fourth ( for sanity) where the same bad result.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 10699456
if you use a ssh key and ssh-agent, you just start ssh-agent once and give the passphrase there
then simple do
  ssh root@1of1200 your-command
0
 
LVL 1

Author Comment

by:stewbeast
ID: 10700158
ahoffman, it is not about using ssh, I know how to do that... I already use the agent for my passphrase and keys, I purposely removed my key from authorized_keys2 on a dev box so that I could test expect with hiding info that I prompted for and then use "send" to send that info to "expect" pattern matches and still keep it hidden.  I appreciate your responses... but I need to focus on the expect aspect of it all.
0
 
LVL 48

Expert Comment

by:Tintin
ID: 10700267
Have you tried the

system stty -echo

yet?
0
 
LVL 1

Author Comment

by:stewbeast
ID: 10700863
I have not tried it yet, I will try in the morning. Thanks
0
 
LVL 1

Author Comment

by:stewbeast
ID: 10704287
OK, I just tried "system stty -echo" at beginning and "system stty echo" at end.  There are no syntax errors or anything with preceeding the stty command with "system" but the result is that same.  It still echos my password to the scren when it answers the expected prompt.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 10704402
move the   stty -echo   command right after your   spawn ssh   command
If this does not help, try also
   stty -echo < [exec tty]
0
 
LVL 48

Expert Comment

by:Tintin
ID: 10709377
Hmm.

It's a bit of a strange one.

If you look at http://rootprompt.org/article.php3?article=5760  you'll see the expect script there is asking for the password in pretty much the same way you originally tried.
0
 
LVL 5

Expert Comment

by:Droby10
ID: 10724049
expect has no control over whether the password is printed to tty or not in this case, it's being sent to stdin for the application not the device.  what you are seeing is more dependent on the echoing nature of the application (err state of the application) being run.  something tells me your send password is out of sync with the ssh process password prompt.  you might try a shortened version (just the login process, hardcoded values) just to verify, throw in a few sleeps and send_users to observe/debug when events occur.

--------- BEGIN SCRIPT -------
     #!/opt/sfw/bin/expect
     set prompt "(>|%|#|\\\$) $"

     set passphrase "SOMEPASSPHRASE"
     set password "SOMEPASSWORD"

     spawn ssh SOMEHOST
     expect "passphrase"
     send_user "I got passphrased\n"
     sleep 2
     send "$passphrase\r"

     expect "password:"
     send_user "I got passworded\n"
     sleep 2
     send "$password\r"
     interact
     expect eof
--------- END SCRIPT -------

you might also try moving interact just below the expect "password:" line, and manually entering the password - if it echos back then you can at least see where it's attempting to enter this.
0
 
LVL 5

Accepted Solution

by:
Netminder earned 0 total points
ID: 11338627
PAQed - no points refunded (of 500)

Netminder
EE Admin
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

A metadevice consists of one or more devices (slices). It can be expanded by adding slices. Then, it can be grown to fill a larger space while the file system is in use. However, not all UNIX file systems (UFS) can be expanded this way. The conca…
Using libpcap/Jpcap to capture and send packets on Solaris version (10/11) Library used: 1.      Libpcap (http://www.tcpdump.org) Version 1.2 2.      Jpcap(http://netresearch.ics.uci.edu/kfujii/Jpcap/doc/index.html) Version 0.6 Prerequisite: 1.      GCC …
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question