Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: how do I handle ssh response with expect
Top Forums Shell Programming and Scripting how do I handle ssh response with expect Post 302221525 by buffoonix on Monday 4th of August 2008 04:12:17 PM
Old 08-04-2008
Hi,

I haven't read your Expect script because it's been far too long since I last wrote anything in Tcl.
Anyway, I think there is no real need for any sophisticated Expect prompting logic here
since the warning you encounter from your SSH client about an unknown host identity
can be easily circumvented.
If your SSH client connects to a remote SSH server whose host identity it cannot verify,
either because it is the first connect to this host, or maybe the remote host's SSH server was started with different host keys meanwhile (maybe its admin updated SSH and neglected restoring its host key) it will warn you as long as StrictHostKeyChecking isn't set to "no" (per default it is set to "ask", see man ssh_config).
If it is the first connect and you have verified that the presented fingerprint of the remote host key is correct (or you trust it anyway) you simply need to confirm this warning with yes.
Your SSH client will then create a file $HOME/.ssh/known_hosts (if it hasn't existed yet)
and append the public host key offered from the remote SSH server to it.
From then on it will never again ask you as long as the host key on the remote server or the entry in your local known_hosts file for that host will not change.
In that respect it even wouldn't help if you provided an extra yes response in your Expect prompt logic.
However, there are even other ways how you can connect if you don't care for strict host key checking at all (which maybe isn't advisable in a potentially hostile environment)
You could run the SSH command with the following options:
Code:
$ ssh -q -o BatchMode=yes -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -l remote_login remote_host "command opts args..."

This will (even if the host key changed, or there is a real man-in-the-middle attack!) don't care about the validity of the host key's fingerprint and automatically "add" any offered host key to the bit bucket /dev/null.
The quiet option -q will suppress any warning text of this action,
and BatchMode will not prompt for any passwords or passphrases.
So you should run this command with distributed RSA keys which have either no passphrase attached to them, or have started an ssh-agent a priori which had added the necessary RSA key for this connection.
Please, consult man ssh and man ssh_config for details.
 

9 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

expect and ssh

hello I installed expect on my solaris box. now I want to execute this command on several servers as root (all of them have the same root password): for i in 1 2 3; do ssh root@"srv"$i" ls /; done; I want of course to skip these 2 steps: The authenticity of host 'srv3 (172.21.26.25)'... (4 Replies)
Discussion started by: melanie_pfefer
4 Replies

2. UNIX and Linux Applications

waiting for ssh response for seconds

Hi All, I have to make an alert that'll wait for ssh response from the server for certain seconds, if no response is there in between it'll raise an alarm. Havn't found any option for this yet, pls. help if anyone knows abt this. Any suggestion is welcome. :) Best Regards, VG (3 Replies)
Discussion started by: vguleria
3 Replies

3. Shell Programming and Scripting

Capture RSA fingerprint from ssh response

Hi. I'm trying to automate access to an Amazon Web Services machine instance. What this means is that my script is trying to use ssh to connect to a new server every time. I know the RSA fingerprint of my new server through an out-of-band channel. I would like to capture the RSA fingerprint... (0 Replies)
Discussion started by: chorlton
0 Replies

4. Shell Programming and Scripting

could not send commands SSH session with Net::SSH::Expect

I am using Net::SSH::Expect to connect to the device(iLO) with SSH. After the $ssh->login() I'm able to view the prompt, but not able to send any coommands. With the putty I can connect to the device and execute the commands without any issues. Here is the sample script my $ssh =... (0 Replies)
Discussion started by: hansini
0 Replies

5. Shell Programming and Scripting

help to handle the expect script issue

Hi experts I know the expect script can match the terminal output to run the the following cmd I write a script with expect named "test", I want to run ten "test" with background running, for ((i=1;i<=10;i++) do ./test -n $i done I find all the output of test will print on one... (0 Replies)
Discussion started by: yanglei_fage
0 Replies

6. Shell Programming and Scripting

How to handle scripts that expect an input

Hi I would like to know how to handle my script that expects an input when calling the script and the user doesn't enter anything, I need to re-direct to my helpfile. Bascically here is my script: #!/bin/bash csvdir="/var/local/dsx/csv/general" csvfile="$csvdir/$csvfile"... (3 Replies)
Discussion started by: ladyAnne
3 Replies

7. Shell Programming and Scripting

ssh via expect

(Crossposting note: I have already posted this article on comp.lang.tcl 6 days ago and on the tek-tips dot com forum 3 days ago. This is posted here again, because I didn't get any response on my original articles there). I use the following script on Solaris to log into a remote host: ... (3 Replies)
Discussion started by: rovf
3 Replies

8. Shell Programming and Scripting

Handle occasional condition in expect script

Hi, I am using Solaris OS, I want to handle an occasional expression in expect script while logging into a remote server with ssh. In normal scenario the expected expression is as below, spawn ssh $user@$ip expect "assword:" send "$password\r" but in a condition when the remote server... (2 Replies)
Discussion started by: varunksharma87
2 Replies

9. Shell Programming and Scripting

Ssh = ssh expect and keep everything not change include parameter postion

I have write a script which contains ssh -p 12345 dcplatform@10.125.42.50 ssh 127.0.0.1 -p 5555 "$CMD" ssh root@$GUEST_IP "$CMD" before I use public key, it works well, now I want to change to "expect", BUT I don't want to change above code and "parameter position" I can post a... (1 Reply)
Discussion started by: yanglei_fage
1 Replies

LEARN ABOUT DEBIAN

xrlogin

XRLOGIN(1)						      General Commands Manual							XRLOGIN(1)

NAME

       xrlogin - start an xterm that uses ssh (or optionally rlogin or telnet) to connect to a remote host

SYNOPSIS

       xrlogin [-l username] [-rlogin|-telnet] [xterm options] remote-host

DESCRIPTION

       Xrlogin opens an xterm window and runs ssh, rlogin or telnet to login to a remote host.

       Xrlogin	automatically  passes  the -name argument to xterm with a value of "xterm-hostname" where hostname is the name of the remote host.
       This allows the user to specify resources in their server's resource manager which are specific to xterms from a given host.  For  example,
       this  feature  can  be used to make all xterm windows to a given remote host be the same color or use a specific font or start up in a spe-
       cific place on the screen.  Xrsh(1) passes the same string so they are compatible in this regard.

       Xrlogin specifies that the default title for the new xterm will be "hostname" where hostname is the name of the remote host.  This and  the
       -name argument above can be overridden with xterm-options on the command line.

       One  could  also  use  xrlogin's sister command xrsh(1) to open a window to a remote host.  In the case of xrsh, the xterm would run on the
       remote host and use X as the connection protocol while xrlogin would run the xterm on the local host and use rlogin or telnet as  the  con-
       nection protocol.  See xrsh(1) for a discussion of the merits of each scheme.

OPTIONS

       -l username
	      When not using -telnet, use username as the id to login to the remote host.

       -rlogin
	      Use  the rlogin protocol to open the connection.	In general rlogin is preferred because it can be configured to not prompt the user
	      for a password.  Rlogin also automatically propagates window size change signals (SIGWINCH) to the remote host so that  applications
	      running there will learn of a new window size.

       -telnet
	      Use the -telnet protocol to open the connection. Use of telnet provided mostly for hosts that don't support rlogin.

COMMON PROBLEMS

       Make  sure  that  the  local  host  is  specified in the .rhosts file on the remote host or in the remote hosts /etc/hosts.equiv file.  See
       rlogin(1) for more information.

EXAMPLES

       xrlogin -bg red yoda
	      Start a local red xterm which connects to the remote host yoda using rlogin.

       xrlogin -telnet c70
	      Open a local xterm which connects to the remote host c70 using telnet.

SEE ALSO

       xrsh(1), rlogin(1), telnet(1)

AUTHOR

       James J. Dempsey <jjd@jjd.com> and Stephen Gildea <gildea@intouchsys.com>.

X Version 11							     Release 6								XRLOGIN(1)
All times are GMT -4. The time now is 12:04 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy