Expect & sshpass package for Solaris 10 x86

It's not an option to do keys-exchange for scp/ssh in our environment & it
has to be password-authenticated.

For Linux, there's sshpass.

Q1:
For Solaris, I have to use expect script or is there another solution to pass
password to scp?  I refer to:
http://stackoverflow.com/questions/50096/how-to-pass-password-to-scp

Q2:
Where can I download the full expect pkg for Solaris 10 x86  (32 bit) with
all its pre-requisites?  So far, I only manage to find for Sparc:
http://unix.ittoolbox.com/groups/technical-functional/solaris-l/expect-package-on-sun-solaris-10-4246947
https://www.opencsw.org/package/expect/

Q3:
Can Perl script do such password passing to scp?  If so, appreciate if
anyone provide such a script, then don't even need to consider expect
or TCL as I will need approval to install these freeware


If I need Oracle subscription to login to the official site to download any of
the packages, let me know the actual URL to get expect & its pre-requisite
packages.  I have an account
sunhuxAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

sunhuxAuthor Commented:
After checking in Oracle's community responses, the Solaris "scp --password" option does not
appear to help relay the password to scp.  But can anyone tell me how to insert this password
in ssh_config :

 
1.
i kept my pass on first line of file pass_file
[lily]DMSPIMG
/opt/oracle/work/dilip> scp t.sh xpu791@yara:/oracle/data_01 --password=file:pass_file
error: could not connect to `--password=file'
 
2.
 
[lily]DMSPIMG
/opt/oracle/work/dilip> scp t.sh xpu791@yara:/oracle/data_01 --password=abcd1234
error: destination (/opt/oracle/work/dilip/--password=abcd1234) is not a directory.

Did I miss something?

===================================================================================

After reviewing the man page for scp and ssh on AIX I would say you have gotten no answer to item 1 because scp does not support a command line password option.  However by using the batch, -B, option scp will suppress prompting for a password and expects the password to be present in the user ssh config file.  Exactly how you enter said password I am not sure though I did see one parameter that ended with the password while reviewing the ssh_config entry.
0
sunhuxAuthor Commented:
I don't have access to a Solaris server for the next few days so need someone to test it
out on a Solaris 10 x86 if the following works:

yes ssh_password | scp user@server:/path/file  my_local_dir/
0
sunhuxAuthor Commented:
The following is to pass password to sudo but I recall I ever tried it for scp & it doesn't work:
Yes, use the -S switch which reads the password from STDIN:

$echo <password> | sudo -S <command>
So for your case it would look like this:

$./configure && make && echo <password> | sudo -S make install && halt
0
Hey MSSPs! What's your total cost of ownership?

WEBINAR: Managed security service providers often deploy & manage products from a variety of solution vendors. But is this really the best approach when it comes to saving time AND money? Join us on Aug. 15th to learn how you can improve your total cost of ownership today!

gheistCommented:
You can use SSH public keys (man ssh-keygen ; man authorized-keys) to log in without being asked for password.
0
btanExec ConsultantCommented:
Key based auth is still recommended but since you have mentioned not viable in your context, at least not "passwordless" (https://blogs.oracle.com/jkini/entry/how_to_scp_scp_and) that we should avoid compared to a eventual brute forced password auth, then min still have  a trusted host auth. For password auth and trusted host auth, pse see article which can be handy for troubleshooting.
http://docstore.mik.ua/orelly/networking_2ndEd/ssh/ch12_02.htm

maybe good to share the error encounter in specific after reviewing the above aid to solve the common issues shared in it.
0
sunhuxAuthor Commented:
The 2 links btan gave do not appear to mention anything
about passing a password to scp, or do they?

I'm attempting to implement the following but if I can't
get an Expect/Tcl package for Solaris x86, would it work
if I set the password to null as that's a readonly account?
(haven't got a chance to go back to office to try setting
 this readonly account's password to null)

http://stackoverflow.com/questions/50096/how-to-pass-password-to-scp
0
gheistCommented:
SSH does key exchange before passwords, so you are completely out of luck....
0
sunhuxAuthor Commented:
So does this mean even if I set the password to null, it will still prompt for
password & I'll still need to hit the <ENTER> key (to send a null password)
before the scp could go through?
0
btanExec ConsultantCommented:
By default all systems user can login via SSH using their password or public key. Passwordless means you are using the key auth (either with the default pub/prv key or generated pairs). Then can run ssh, scp and rsync on src_host connecting to dest_host and it won’t ask for the password. Note that the connection server holds the pub and you hold the prv key, so if ssh the other way round from server to your own client machine you also need the key pair e.g. pub at client and prv at server for mutual auth otherwise default password prompt comes up...
http://www.linuxpathfinder.com/how-to-configure-ssh-and-scp-without-prompting-password/

You can also configure Linux PAM allows or deny login via the sshd server. You can allow list of group name to access or deny access to the ssh. You can disallow remote login from accounts with empty passwords e.g. update sshd_config with PermitEmptyPasswords no

Regardless, it is preferably to use public/private key pair with password protection for the private key. Do avoid ever use passphrase free key (passphrase key less) login.
0
gheistCommented:
Option to set password in command line was removed from OpenSSH like in year 2000 or so. I think it still lives in putty plink.exe
0
btanExec ConsultantCommented:
Need to also make sure configuration file
- "PasswordAuthentication yes" for SSH1 and OpenSSH
- "AllowedAuthentications password" for SSH2)
- Not set to "PermitEmptyPasswords yes".
Also should be able to change the passphrase for a key without regenerating the key
e.g. For ssh-keygen in SSH1 and OpenSSH, use the -N option,
e.g. For ssh-keygen2, use the -p option.
0
sunhuxAuthor Commented:
With that number of servers (500+) & we only have till this Monday,
we can't gen the keys in time.

Last question which I still missing the point:
Does this mean even if I set the password to null at the ssh server, the scp
command will still prompt for password & I'll still need to hit the <ENTER>
key (to send a null password) before the scp could go through?
0
btanExec ConsultantCommented:
in fact, they shd already have default key and one quick way is to remove the default key and reset service, the key pair will be regenerated auto - from what I understand in the past. We can stick with the default pair but also it may not be necessary the same for all the servers throughout. Regardless, it is more secure to have unique binding for the various server though operationalizing it can take time and syncing up with client with the necessary pub keys to connect to those servers.

No prompt - assume the key pair is setup and used, that is the host auth and with config uncommented the  "PasswordAuthentication no". It means no pass auth used. Otherwise you still be prompted unless some script stating the password inclusive is forwarded to server..

To clarify PermitEmptyPasswords=no simply do only one thing. If password authentication is used, and the user enters a null password (just <return>), then the server will tell the client that authentication failed, even if such a password would have otherwise succeeded. Otherwise, setting it to "yes" you can then have a null password. You still be prompted.
0
Duncan RoeSoftware DeveloperCommented:
For expect to work, you must have Tcl/Tk first. Do you have a C compiler? If so, build and install Tcl/Tk then same for expect
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Unix OS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.