expect return failes

Ricio · 07-19-2008, 04:27 PM

Im running an expect code, trying to do auto ssh-keygen
Heres the script:

Code:

#!/usr/bin/expect -f

set timeout -1
exec ssh-keygen -b 2048 -t rsa
	expect "*?ter file in which to save the key (/root/.ssh/id_rsa): "
	send -- "\r"
	expect "*?ssphrase (empty for no passphrase): "
	send -- "\r"
	expect "*? same passphrase again: "
	send -- "\r"
	expect eof
exit

Problem is that script stops at "file in which to save the key (/root/.ssh/id_rsa): " so either send is not sending or is sending too fast, help me out with this one...

I forgot to mention that I use exec cuz when I use spawn I get an error saying that spawn command is not found!
Thank you

matthewg42 · 07-19-2008, 05:57 PM

Why bother using expect? You can easily do this in a non-interactive way with some extra options:

Code:

ssh-keygen -b 2048 -t rsa -f $HOME/.ssh/id_rsa -N ""

Ricio · 07-19-2008, 08:13 PM

I also will have to use scp to send the id_rsa.pub to a server with ssh! I suppose I do have to use expect for that right, since ssh does ask for password?

matthewg42 · 07-20-2008, 06:33 AM

If you have no ssh keys on the remote machine when you are doing this process, then I suppose you will need to authenticate by password at some point. Having said that, it's generally a really a bad idea to put passwords in cleartext in your expect script. Sometimes though, I accept there are few practical alternatives if you want to automate things. Be careful though! At the very least, make sure the script permissions are such that only root can read the script file.

You should know that scp might prompt you with all sorts of things, not just for the password. For example, the first time you connect you will be asked if you want to add the host fingerprint to your known hosts file.

This might cause expect to get stuck waiting for some output which will never come because scp/ssh is waiting for some response to a question. I am not 100% sure if scp does this sort of prompting. I know for sure ssh does it.

You need to find a list from somewhere which contains all the possible prompts, and then write an expect rule for each one, with an appropriate response. You should also set a timeout on your expect commands in case an unexpected prompt occurs.

Probably the only reliable list would be made by looking in the source for the same version of ssh which you use. You should also explicitly set the locale when calling the program to ensure you don't get translated strings should the environment change.

Lets say there were the following possible prompts (not these are NOT the correct strings/messages):

Host unknown with fingerprint ... add? (yes/no)
fingerprint incorrect - possible man-in-the-middle attack. continue (yes/no)
Password:

Then your script might look like this:

Code:

#!/bin/sh
# start expect from somewhere in the PATH \
exec expect "$0" "$@"

set host whatever
set user someusername
set pass somepassword

spawn "scp /root/.ssh/id_rsa.pub $user@$host /place/to/copy/to"

expect {
"Host unknown with fingerprint" {
  send "yes\n"
  send_user "INFO: added $host to known hosts\n"
  exp_continue
}
"fingerprint incorrect - possible man-in-the-middle attack" {
  send "no\n"
  send_user "ERROR: bad host fingerprint for $host\n"
  exp_continue
}
"Password:" {
  send "$pass\n"
}

...

I can never remember if the end of line character is supposed to be \n or \r. I think ssh likes \n and telnet likes \r, but I might have mis-remembered that, or it may be that there are more cases/conditions to consider.

matthewg42 · 07-20-2008, 07:18 AM

Oh by the way, if you want to copy the host keys to a remote system so you can use public key authentication, you can use ssh-copy-id instead of scp. this will put the public key into the authorized_keys file on the remote host, and set the proper permissions on the .ssh directory.
e.g.

Code:

ssh-copy-id -i $HOME/.ssh/id_rsa.pub someuser@somehost

Ricio · 07-20-2008, 10:16 AM

Thanks matthewg42, you have been an amazing aid, and ill get back posting my results, but the initial problem remains, spawn: command not found!

matthewg42 · 07-20-2008, 10:44 AM

What do you get from these commands:

Code:

ls -l /usr/bin/expect
which expect
expect -v

Ricio · 07-20-2008, 12:41 PM

Respectively, I get:

Code:

-rwxr-xr-x  1 root root 7844 Jul 12  2006 /usr/bin/expect

/usr/bin/expect

expect version 5.43.0

matthewg42 · 07-20-2008, 01:31 PM

You should use the "spawn" command, not exec.

Ricio · 07-20-2008, 03:19 PM

I have tried to run the spawn initializing the script as follows:

Code:

#!/bin/sh
# start expect fr

Still same problem, spawn: command not found.
I have to admit it is quite annoying to see that lots of people (i ve been googling around a lot) have got it working but me..

Ricio · 07-21-2008, 09:45 AM

Does the fact that im using rocks cluster 4.3 and that I installed expect from the rpm matter, in the fact that spawn does not work... I really would like to get some help here, cuz I really need expect in order to interact within cluster nodes, by sending the public key of the cluster nodes to the server... and then doing ssh without having to use the password... thank you...

matthewg42 · 07-21-2008, 10:15 AM

Sorry if I was not clear, I think you have misunderstood what I meant about using spawn and exec.

Using exec at the top of the script is an alternative to using the shebang line (#!/usr/bin/expect) to get the expect interpreter working and reading the rest of the file. Using exec has the advantage that you do not need to hard-code the full path to the expect interpreter in your script - it will be found in the PATH. This is often useful with expect because it is often installed in non-standard locations.

Once you are past the whole shebang/exec expect part, it is then expect syntax to use the spawn command to start a child process. In your original post, you used exec where I think you should have used spawn.

For example, this is how your script might start:

Code:

#!/bin/bash
# start expect from somewhere in the PATH \
exec expect "$0" "$@"

# Right, the rest of the script is being parsed by the expect interpreter.
# We want to start ssh and interact with it, so we have to spawn it:

spawn "ssh user@host"
expect "something" {
  ...

Ricio · 07-21-2008, 11:50 AM

mmm... ill be looking to it tonight... hopefully Ill get it fixed, thanks a lot matthewg42, but please could you explain what the exec expect "$0" "$@" means...

Thank you, youve been amazingly helpfull.

matthewg42 · 07-21-2008, 12:07 PM

Quote:

Originally Posted by Ricio

please could you explain what the exec expect "$0" "$@" means...

exec is a shell command which replaces the current shell process with some other specified program (in this case expect). The new program inherits the open file handles, so as long as the specified program is an interpreter of some kind (as expect is), the rest of the file can be a program which the interpreter will read and process.

The "$0" "$@" are a way to pass the file path and command line arguments to expect.

Quote:

Thank you, youve been amazingly helpfull.

You're welcome

Ricio · 07-22-2008, 09:45 AM

Great! got expect working, thanks to matthewg42, I finally understood what I was doing wrong, and the solution is really really dumb as I feel embarrased but I guess this things happen!

# expect <scriptname>

I tought it was installed as native interpreter so that I could run the scripts like always ./<scriptname> or sh <scriptname>
Thanks all for your help, and I still need help with a script but Ill make a new post.

Thank you matthewg42 what you said on your penultimate post was the fixing post -> and thank you all