0

Im struggling with how to do things.

My goal is that when in on my jumphost type ssh router1, then it will ssh to the router, and at the same time run an expect script to fill in my password from a password file (which ofcource is readonly to me) preferably it should send it encrypter so that it cant be picked up by anyone.

I have managet to get an expect script to work, but i dont want to have a gazillion expect scripts in my folder (for the amount of routers we have).

Im thinking it could be done using alias commands? I already have alias commands setup so that if i type router1 it will automatically ssh to that particular router.

(i got a message that this was a duplicate, but i have been unsucessfull in finding the duplicate question, so I am gonna try to explain further: Lets say that we, in my company have 100 routers. for now i have made alias'es so when i type router1 in my prompt, it will do ssh router1. I want to try to extend that functionality and shave off a few precious ms of time, by filling in the password automatically.

So in other words im looking for a way to combine alias with an expect script (and possibly a bash script if needed) and i am shockingly bad at any scripting

Hope someone can help :)

Mikkel Gottlieb
  • 1

1 Answers1

-1

Expect and send will send in clear text - but your SSH connection will do the encryption.

But instead of writing a script (and storing your password in it!) why not try using your SSH config and private/public key based authentication.

First, generate your own private SSH key and the accompanying public stub. Simply run

ssh-keygen

And either provide a password (which can be different from the user account password and you'll have to provide every time you log in) or don't (no password on the key, so you never get prompted for one). Even if you assign a password to your key pair, a local keyring service may cache authentication and unlock it automatically for you, depends on what desktop environment you are using.

Then copy your ~/.ssh/id_rsa.pub file to remotehost:~/.ssh/authorized_keys

scp ~/.ssh/id_rsa.pub user@remotehost:~/
ssh user@remotehost
mkdir .ssh 
cat id_rsa.pub >> .ssh/authorized_keys
chmod 600 .ssh/authorized_keys

and log out. Then edit your own ~/.ssh/config and put an entry like

Host router
    Hostname 192.168.1.1
    User routerusername
    Port 22

The name given on the first Host line does not need to be a DNS name, it can be a nick name or whatever you like. The config file supports all of the command line options like X forwarding, etc. You can even point to different identity files for different hosts....

Now simply do

ssh router

And you will be logged in automatically.

ivanivan
  • 4,955
  • Yeah but the issue is that im not logging into unix systems per se. Its routers i login to, so i cannot scp any keys to it (would have been sweet though). Thanks for the tip on the encryption by the way – Mikkel Gottlieb Dec 08 '16 at 22:22
  • Sorry guys - I found this that works for me:

    http://stackoverflow.com/questions/26606513/expect-in-alias

    i put it in my .bashrc

    Sry for wasting you guys time, ty for the reply :)

     – Mikkel Gottlieb Dec 08 '16 at 22:54