[svlug] Problems with expect and ssh and a mini rant about ssh

Richard Sharpe rsharpe at richardsharpe.com
Wed Mar 22 20:16:40 PST 2006


So, today I was wanting to run a bunch of tests against a box to try to 
narrow down what was causing what looked like a memory leak, and I wanted 
to write a small shell script that ran the tests in a loop, and then used 
ssh to get into the box and check memory.

Of course, ssh does not allow the password to be entered on the command 
line, so I created a small expect script that was something like:

 	#!/usr/bin/expect -f
 	exec spawn ssh admin at some-host $argv
 	match_max 100000
 	# Look for passwod prompt
 	expect "assword:"
 	# Send password aka $password
 	send -- "$password\r"

which worked fine from the command line. Every time I used it, it worked.

However, when I added the expect script to my shell script, it looked like 
ssh was now looking for input from the terminal and the expect script no 
longer worked.

Has anyone seen this behavior before?

I figured I would ask before I go hacking ssh to add what looks very easy 
and what would be enormously useful for anyone doing testing. Why wrap ssh 
in expect scripts and tear your hair out when the password could be passed 
in on the command line.

I know that the OpenSSH people are ultra paranoid about leaving passwords 
in memory (since they overwrite it with NULLs after using it), but to 
refuse to allow us users to make that choice for ourselves seems like 
enormous arrogance to me. Now, lots of expect scripts keep the password 
around in memory and lots of people waste their time writing expect 
scripts to do what could have been done with 10-12 lines of C code (about 
two-three lines in the routine that deals with passwords and 9-10 in the 
argument parsing code).

Richard Sharpe, rsharpe[at]richardsharpe.com, rsharpe[at]samba.org,
sharpe[at]ethereal.com, http://www.richardsharpe.com

More information about the svlug mailing list