Re: SSH via Expect disconnects

From: Robert Denton (robert_at_headsprout.com)
Date: 03/04/04 

Date: Thu, 4 Mar 2004 09:16:14 -0800

Well as it turn out, using autoexpect was the answer (please refer to thread
started on 2-26-04). I am not sure why
exactly still but here is the difference between the two scripts, as you can
see, mine is much simpler (but doesn't work). I have carved all the comments
out of the auto-script for the sake of the post:

MINE:

#! /usr/bin/expect -f

spawn /usr/bin/ssh -R 4321:localhost:22 host.domain.tld
expect -re "word:"
send "password\r"
expect eof

AUTOEXPECT:

#!/usr/bin/expect -f

set force_conservative 0 ;# set to 1 to force conservative mode even if
     ;# script wasn't run conservatively originally
if {$force_conservative} {
 set send_slow {1 .1}
 proc send {ignore arg} {
  sleep .1
  exp_send -s -- $arg
 }
}

set timeout -1
set send_slow {1 .1}
spawn ssh -R 4321:localhost:22 host.domain.tld
match_max 100000
expect -exact "user@host.domain.tld's password: "
sleep .1
send -s -- "password\r"
expect eof

Thanks the the help on this. r. 

-- 
-- 
"Mewtwo" <mewtwo@catlover.com> wrote in message
news:eb0be410.0403031806.3f238b05@posting.google.com...
> google1@headsprout.com (Robert Denton) wrote in message
news:<b3c8e994.0402271008.6f6e80c@posting.google.com>...
> > Hello again,
> >
> > I have received one suggestion that I explore the idea of using keys
> > instead of Expect to supply the password.  The idea of using Key pairs
> > was indea my first avenue of exploration into this problem and it
> > worked quite well for a while. I did the following on the device I
> > wanted to connect from:
> >
> > 1. ssh-keygen -t dsa
> > 2. scp ~/.ssh/id_dsa.pub host.domain.tld:.ssh/authorized_keys2
> > 3. ssh-agent sh -c 'ssh-add < /dev/null && bash'
> >
> > And this worked as expected until I rebooted the machine and
> > discovered that the passphrase for the Key needed to be entered again,
> > interactively. This will not work for me because once this device is
> > deployed, I will not have access to the command line at all, not via
> > SSH ror any other method. (Which is why I need _it_ to contact _me_ ;)
> >
> > Thus, I need Expect to do the job for me, and now the problem is as
> > described below.  The session is somehow disconnected once I issue:
> >
> > ssh -p 3214 localhost
> >
> > Once again, can anyone council me on what would cause this behavior? I
> > have poured through the manpage for Expect as well as SSH, and I have
> > done extensive googling on the problem with little luck.
> >
> > Robert.
> >
> > >
> > > I am using an expect script to initiate an SSH session to another host
> > > as such:
> > >
> > > #! /usr/bin/expect -f
> > >
> > > spawn /usr/bin/ssh -R 3214:localhost:22 host.domain.tld
> > > expect -re "word:"
> > > send "<password>\r"
> > > expect eof
> > >
> > > This works just fine, or seems to. Then, when on the other host, I
> > > issue the following command to pick-up that ssh session locally, I am
> > > prompted for the password, I enter it, and then the session
> > > disconnects, with the error: connection closed by 127.0.0.1.  Here is
> > > the command used:
> > >
> > > ssh -p 3214 localhost
> > >
> > > Here's the kicker: if I remove Expect from the equation, and just do
> > > it all manually, the disconnect doesn't occur.  Are there any Expect
> > > experts out there who can offer a suggestion?
> > >
> > > Thanks, Robert.
>
> You can create SSH keys without a passphrase so you will not be
> prompted for one. This is sometimes necessary for server keys.
>
> Also, regarding the original Expect problem: what operating system
> and version are you running Expect on? What version of Expect and Tcl?
>
> There have been problems on certain implementations of Unix
> (e.g. AIX 4.3.3, 5L) and certain versions of  Tcl (e.g. 8.3.2?).
> Those problems seem to have arisen from an assumption in Tcl and
> Expect that a read which returns 0 bytes indicates end of file.
> It appears that assumption is false for terminal devices on some
> Unix implementations. There are related posts in the archive for
> this newsgroup.

Relevant Pages

  • Re: Opening ports in my firewall
    ... >> only with DSA keys, and not allowing manual password logins. ... - copy the .ssh directory to the new machine, if you control it, or ... Walter Dnes; my email address is *ALMOST* like wzaltdnes@waltdnes.org ...
    (comp.os.linux.security)
  • RE: sshd / ssh setup
    ... USA server and his windows/xp notebook to use SSH. ... followed sshd instruction and built ... and require users to submit keys. ...
    (freebsd-questions)
  • Re: Firewall security: Re: Problems with simple Samba file share
    ... Man ssh ... ... Why is that, Peter? ... The firewall does help protect ... against someone stealing the keys and using them at another location. ...
    (comp.os.linux.misc)
  • [Full-Disclosure] SSH vs. TLS
    ... I'm having an interesting debate with a security architect about the ... This person is pushing for the use of TLS Telnet instead of SSH for the ... - There must be a secure means by which all server keys are distributed to ... appropriate ssh clients. ...
    (Full-Disclosure)
  • Re: Initiate SSH session from other side?
    ... so that I can use an SSH session from outside the network into the ... IP-address and port number? ...
    (comp.security.ssh)