{"id":1140,"date":"2011-08-02T01:35:17","date_gmt":"2011-08-01T23:35:17","guid":{"rendered":"http:\/\/raftaman.net\/?p=1140"},"modified":"2021-05-15T11:46:39","modified_gmt":"2021-05-15T09:46:39","slug":"non-interactive-ssh-with-expect","status":"publish","type":"post","link":"https:\/\/possiblelossofprecision.net\/?p=1140","title":{"rendered":"Non-interactive ssh with expect"},"content":{"rendered":"

If you need a programmatic ssh<\/a> login, i.e. in a shell script, the best way to make ssh non-interactive usually is a public-key authentication<\/a>. This requires the public key to be stored on the host machine, which (admitted, in very rare cases) can be hard or impossible. One of those rare cases might be a chrooted environment on a webserver without write access to the ssh config file or the per-user ssh directory.<\/p>\n

Unfortunately, most ssh clients don’t allow piping a clear text password from a file or varibale. One solution is to use the SSH_ASKPASS<\/code> environment variable and a wrapper script<\/a> but most recommendations suggest the use of expect<\/a>.<\/p>\n

Expect is basically a scripting language to make interactive applications non-interactive. It is often used to automate reactions to certain outputs from programs like ftp, ssh, scp and others.<\/p>\n

A simple expect script to rsync a backup from one host to another could look like this<\/p>\n

\r\n#!\/usr\/bin\/expect\r\nset timeout 600\r\nspawn rsync -avhS user@host:\/backups\/ \/backups\/\r\nexpect {\r\n   \"password\" {send \"secret\\n\";}\r\n}\r\nexpect {\r\n   eof {exit 0;}\r\n}\r\n<\/pre>\n
Note that expect eof<\/code> is used here, because the alternative interact<\/code> command is not compatible with cron scripts<\/strong>.<\/p>\n
For a list of commands have a look at the expect man page<\/a> or expect’s sourceforge page<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"
If you need a programmatic ssh login, i.e. in a shell script, the best way to make ssh non-interactive usually is a public-key authentication. This requires the public key to be stored on the host machine, which (admitted, in very rare cases) can be hard or impossible. One of those rare cases might be a chrooted environment on a webserver… Read more »<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[15],"class_list":["post-1140","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-ssh"],"_links":{"self":[{"href":"https:\/\/possiblelossofprecision.net\/index.php?rest_route=\/wp\/v2\/posts\/1140","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/possiblelossofprecision.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/possiblelossofprecision.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/possiblelossofprecision.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/possiblelossofprecision.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1140"}],"version-history":[{"count":10,"href":"https:\/\/possiblelossofprecision.net\/index.php?rest_route=\/wp\/v2\/posts\/1140\/revisions"}],"predecessor-version":[{"id":1816,"href":"https:\/\/possiblelossofprecision.net\/index.php?rest_route=\/wp\/v2\/posts\/1140\/revisions\/1816"}],"wp:attachment":[{"href":"https:\/\/possiblelossofprecision.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1140"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/possiblelossofprecision.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1140"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/possiblelossofprecision.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1140"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}