Spawning a Secure Xterm

Hello all,

I'm trying to teach myself Tcl and am focusing primary on creating an
application in ExpecTk. What I'm trying to do is spawn an Xterm and
pass it a series of commands while still maintaining some security.
Here is what I've come up with thus far:

1) spawn xterm -e "expect -f $ssh_file" &
The $ssh_file is Expect code as such:

spawn ssh -o StrictHostKeyChecking=no $s
expect \"*ssword:\"
send \"$p\\r\"
expect \"\\$ \"
interact"

This method works fine, but leaves me with a file containing the
password in clear text, and that is what I'm trying to avoid. I set
the file to have a random name via [expr rand()], set permissions to
0400, and after the xterm spawn, I wait .1 seconds (sleep .1) and
delete it. However, there is still a text file out there, that
survives for .1 seconds and I imagine that'd be easy to take advantage
of by a race condition.

2) exec xterm -e "expect (expect commands above)

I found that by running an exec, I could pass the Expect commands
without having to use a file. However, in a 'ps' listing, everything
shows... including the password.

I tried to compile/obfuscate the $ssh_file code via freewrap and shc,
but it looks like one is geared towards pure Tcl and doesn't handle
Expect commands, and the other is for shell scripts. Running the
Expect within a #!/bin/sh via an exec command didn't work either, would
not execute the compiled code.

Now I'm starting to hope there may be an easier way to do this. My
goal is to spawn an Xterm, automatically SSH out to another system, and
pass the password. The environment that I'm working in does not allow
for Authenticated Keys... so this is pretty much the only way I can do
it. I just want to ensure that it is as secure as possible.

Any help would be appreciated, I'll be glad to post/send the actual
code if it helps. I do have it working, in a fashion, by using method
1, but am hoping there is a more secure way to run it. Also hoping
that it is proper etiquette to post Expect stuff in this Tcl group, if
not, please let me know.

Best Regards,
Tom

.

Relevant Pages

  • Re: Tcl C extn - Scoping in extended cmds - how to?
    ... no tcl command (C function registered as tcl ... create a new scope, so that it may access all local variables inside ... There are "raw" or low level tcl commands representing the WIN32 API ...
    (comp.lang.tcl)
  • Re: looking for tcl based Cisco like command line interface
    ... TinyTcl and Jim would be fine to save resources, but first is missing some newer tcl sub-/commands and later has no exec-command at all. ... Only want to install one single tcl/etcl/tclkit interpreter and a single tcl script. ... Funny, the cli can be run from any computer remote,using snmp get/get-next/set for communication to the network device, therefore got a remote console program too. ... extreme environments) based on ARM or Coldfire processor using Debian Linux/ucLinux should be extended with a CLI that is similar in behaviour, handling and naming conventions to the well known cisco command line interface (several user-visible application-specific commands, along with a help, different management operation levels like "enable", "config", line driven only, tab expansion, no special graphics or ascii terminal commands) ...
    (comp.lang.tcl)
  • Re: Language Specification - Where is it?
    ... >> the Endekalogue, the semantics aren't described ... > commands have semantics. ... The first is the semantic of the Tcl syntax and the behaviour and order ... all the rest of the language can be in theory implemented using this ...
    (comp.lang.tcl)
  • Re: Constants for catch return values?
    ... > proc like [tokenize]. ... As an aside, in TCL 8.5, I figure you could do the inverse conversion ... 101 commands that each deal with one aspect of it (except where those ... of pattern matching) Two examples of my own; I had a script that had ...
    (comp.lang.tcl)
  • Re: looking for tcl based Cisco like command line interface
    ... commands, along with a help, different management operation levels like ... As tcl is very powerful a smaller tcl to achieve faster startup may be ... cli commands to snmp get/get-next/set. ... is based on tcl it would even be possible to extend the rights of this ...
    (comp.lang.tcl)