[svlug] Problems with expect and ssh and a mini rant about ssh
Richard Sharpe
rsharpe at richardsharpe.com
Wed Mar 22 20:16:40 PST 2006
Hi,
So, today I was wanting to run a bunch of tests against a box to try to
narrow down what was causing what looked like a memory leak, and I wanted
to write a small shell script that ran the tests in a loop, and then used
ssh to get into the box and check memory.
Of course, ssh does not allow the password to be entered on the command
line, so I created a small expect script that was something like:
#!/usr/bin/expect -f
exec spawn ssh admin at some-host $argv
match_max 100000
# Look for passwod prompt
expect "assword:"
# Send password aka $password
send -- "$password\r"
which worked fine from the command line. Every time I used it, it worked.
However, when I added the expect script to my shell script, it looked like
ssh was now looking for input from the terminal and the expect script no
longer worked.
Has anyone seen this behavior before?
I figured I would ask before I go hacking ssh to add what looks very easy
and what would be enormously useful for anyone doing testing. Why wrap ssh
in expect scripts and tear your hair out when the password could be passed
in on the command line.
I know that the OpenSSH people are ultra paranoid about leaving passwords
in memory (since they overwrite it with NULLs after using it), but to
refuse to allow us users to make that choice for ourselves seems like
enormous arrogance to me. Now, lots of expect scripts keep the password
around in memory and lots of people waste their time writing expect
scripts to do what could have been done with 10-12 lines of C code (about
two-three lines in the routine that deals with passwords and 9-10 in the
argument parsing code).
Regards
-------
Richard Sharpe, rsharpe[at]richardsharpe.com, rsharpe[at]samba.org,
sharpe[at]ethereal.com, http://www.richardsharpe.com
More information about the svlug
mailing list