Login or Register to Ask a Question and Join Our Community


Shell Programming and Scripting

Automate OTPW login to ssh via bash script

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums Shell Programming and Scripting Automate OTPW login to ssh via bash script
# 1  
Old 06-12-2015
Automate OTPW login to ssh via bash script
Hello everyone.

I'm a Linux novice trying out a lot of bash scripting lately, as it is so very addictive.

Lately I have been setting up one of my boxes remotely and have been hardening it as much as possible. Please allow me to explain the scenario, as it does tend to become a little complicated (at least for me). Smilie

The target box is a debian system. I have implemented the following:
  1. - portknocking (to open up ssh port)
  2. - I use keys to connect instead of password
  3. - I also use OTPW (one time passwords) in addition (its a 2 factor authentication).

So it must satisfy both requirements in order to allow me to login. Up to this point it all works great as expected. At some point when I need to scp some files or I need to login multiple times a day, it gets a bit annoying with the OTPW, so I created a small shell script where I would enter the challenge number and it will grep my pass file and provide me with the one-time-pass to use for this login. So i can just copy/paste it. This part also works fine so far.

Now, I want to create a shell script... that will do the initial ssh connection and wait for the response at the login which looks like this:

Code:
Authenticated with partial success.
Password 067:

So it asks me for my one time password for number 067

I want the script to automatically read the 067 and place it in a variable, so that I can use that variable to calculate my pass needed (i have the part already working where i can enter the number and get a pass from it), and after this process is done to send the password for 067 to the server to complete the login process.

The script that I have made where I can enter manually the number 067 and it greps and cuts the results to my liking (which works) is:

Code:
### Please set the location folder of your otpw keys
#
loc="/home/user1/"
#
### Please set the filname of your otpw keys.
#
file=".secretkeys"
#
### Do NOT edit anything below this line, unless you know what you are doing! ###
#
function NOR () {
        clear
        echo ""
        echo ""
        echo -n "Please enter your challenge password :"
        read def
        clear
        echo ""
        echo ""
        echo -n "Please enter your requested challenge number: "
        read nnum
        echo ""
        echo ""
        echo -n "Your requested login credentials are: "; grep -E -o ".{0}$nnum.{0,10}" $loc$file | cut -c 5- | tr -d ' ' > temp-key-file-otpw
        tput setaf 1; echo -n "$def" && cat temp-key-file-otpw ; tput sgr0
        echo ""
        echo ""
        echo "Have a nice day `whoami`"
        echo ""
        rm temp-key-file-otp*
        exit 0
}
#
function SEC () {
#removed for forum post as this step is not required at the moment)
#
}
#
clear
echo -n "Do you require a normal login credential or a security login credential? ( n/s or 'c' for cancel ): "
read type 
while :
        do
        case $type in
                n)
                        NOR
                        exit 1
                ;;
                s)      SEC
                        exit 1
                ;;
                c)
                        clear
                        echo ""
                        echo "Operation canceled. Have a nice day :-)"
                        echo ""
                        echo ""
                        exit 0
                ;;
                *)
                        clear
                        echo ""
                        echo "Invalid selection."
                        echo "Please run this script again if you wish to try again."
                        echo ""
                        read -p "Press 'ENTER' to continue."
                        echo ""
                        echo ""
                        exit 0
                ;;
        esac

So in this script, I enter the number given to me by the challenge from the SSH login, and it returns for me the one-time-pass.

I now need a script that will by itself read the challenge, and automatically do similar/same steps as above and complete the login automatically.

What I have so far is:

Code:
#!/bin/bash
#
# Test for otpw auto login
#
# v0.1-Alpha
##
function b0x () {
clear
echo ""
echo -n "Please enter your static password for the challenge key: "
read STATIC
clear
echo ""
echo "Connecting now to srv1 ..."
echo ""
#local CMD
CMD=`knock -v xxx.xxx.xxx.xxx **** **** **** ; ssh -p 8588 bla@xxx.xxx.xxx.xxx`
echo "$CMD"
#challenge=$($CMD)
#echo $challenge
exit 0
}
#
clear
echo ""
echo "Welcome `whoami`"
echo ""
echo "Please choose the server you wish to login to"
echo ""
echo ""
echo "1) xxx.xxx.xxx.xxx"
echo "2) xxx.xxx.xxx.xxx.xxx"
echo "3) xxx.xxx.xxx.xxx"
echo ""
echo -n "Please choose 1/2/3 or 'c' to cancel (1/2/3/c) : "
read SERVER
while :
        do
                case $SERVER in
                        1)
                                b0x
                                exit 1
                        ;;
                        2)      
                                slack
                                exit 1
                        ;;
                        3)      
                                debian
                                exit 1
                        ;;
                        c)      
                                clear
                                echo ""
                                echo "Operation cancelled. Have a nice day `whoami` :-)"
                                echo ""
                                echo ""
                                exit 0
                        ;;
                        *)
                                clear
                                echo ""
                                echo "Invalid selection."
                                echo "Please run this script again if you wish to retry."
                                echo ""
                                read -p "Press 'ENTER' to continue"
                                echo ""
                                echo ""
                                exit 0
                        ;;
                esac
        done    
#
### EOF ###

There is alot of stuff commented out or missing in this script, but please ignore those, as it is nowhere near complete.

NOTE: Just to be clear, i only need help with the part of getting the 067 response put in to a variable, from there I should be able to tackle the rest on my own.

Any help would be appreciated Smilie

Cheers,
instro
Last edited by rbatte1; 06-12-2015 at 08:07 AM.. Reason: Fixed typos. RBATTE1 converted text to numbered list
# 2  
Old 06-12-2015
The problem is you want to borrow the tty to get data, but then continue to use it interactively. You'll need a middle-man.

expect is a tcl program that can script interactive programs, and I assume give control back to the terminal once the login is done. I am sorry I can't further assist with it's language though.
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

How to do user-preset login to Bash shell then automate path modification?

How do a user login with full user-environment preset to Bash shell then automatically do path modification with few script codes, either on command-line or put it in a script file. what i tried: bash --login -c PATH="/ANewPath:${PATH}" bash --login -c 'PATH="/ANewPath:${PATH}"; export PATH'... (2 Replies)
Discussion started by: abdulbadii
2 Replies

2. Shell Programming and Scripting

SFTP script to automate login in to remote server

Greetings, guys. I'm not much of a programmer forgive me for being a noob, because of someone leaving, I was put in an IT spot where I have to figure out a few things. Being new to Linux and programming has been a challenge. My boss has asked me to create an automated script to connect to a 3rd... (7 Replies)
Discussion started by: giovannym
7 Replies

3. Shell Programming and Scripting

Unable to automate SSH in Script

Hi I have a script at Server B. I want to run it from server A via another script. I tried the following command. ssh mss@247.123.456.123 "sh pm10.sh" It's getting login automatically, but while running the script through error like "reppar: command not found" where reppar is an application... (4 Replies)
Discussion started by: rajeshmepco
4 Replies

4. Shell Programming and Scripting

How to automate pbrun login through script?

Hi All, I need information regarding how to automate the pbrun process in script in Linux. Example sample script below, #!bin/sh /usr/xyz/pbrun testusr -password testpwd testusr is username for pbrun and testpwd is password for pbrun. Im not sure if it is correct way to invoke pbrun in... (2 Replies)
Discussion started by: Pravs4info
2 Replies

5. Shell Programming and Scripting

How to automate SSH remote connection with a shell script

Hi Guys! I am trying to write a shell script for automated ssh. vairable user and passwd have initialized correctly, but when I use the following it still prompting me for the password. #!/usr/bin/bash user='root@10.14.76.225' passwd='admin' ssh $user $passwd uptime exit I... (3 Replies)
Discussion started by: pinpe
3 Replies

6. Shell Programming and Scripting

Automate CVS login using shell script

Hi, Can anyone pls help me to automate login to cvs. I basically want to login to cvs and update a file. the script always gets to the login and returns the prompt for a password. Is there any way to send the password in the script itself. Here is the script: #!/bin/ksh... (0 Replies)
Discussion started by: raghu_shekar
0 Replies

7. Shell Programming and Scripting

Expect Script to Automate SSH

How would I write an expect script to automate ssh and what file extention do expect files use? (11 Replies)
Discussion started by: Prodiga1
11 Replies

8. Shell Programming and Scripting

BASH ssh login

Ok, there's been a good number of posts about this, but here goes. I want a script to log in to a system via ssh without using keys. This will be used to log in to Cisco IOS devices. I have tried the following, but could not get it to work: SSH login expect shell script to supply username and... (1 Reply)
Discussion started by: mike909
1 Replies

9. Shell Programming and Scripting

bash ssh login script

hello anyone have done ssh login script without "expect" (automatic login from host A / user b to Host B / user b without enter any passwords)? cheers (2 Replies)
Discussion started by: modcan
2 Replies

10. Shell Programming and Scripting

bash script for ssh login-

hi. I need a bash script which can login to an other mashin via SSH and then run some commands and then return the result to my mashine. I dont know where to begin, I think first I will need a ssh connection, dont know how to make it, then , do I need a ftp connection between the 2 mashins to... (5 Replies)
Discussion started by: big_pil
5 Replies
Login or Register to Ask a Question