[svlug] Problems with expect and ssh

Richard Sharpe rsharpe at richardsharpe.com
Thu Mar 23 09:57:10 PST 2006


Well,

I tried all sorts of things, including one suggestion about closing file 
descriptors on the shell, but to no avail, so I modified ssh.

Attached is a patch that took maybe 30 minutes to develop and test.

After modifying openssh, I got to thinking that it would be good if 
someone librified it so that openssh could be called from programs to do 
things. It would be great in testing ...

Then I found, with the help of a collegue, that a Java library exists:

 	http://www.jcraft.com/jsch/index.html

Better than nothing.

Regards
-------
Richard Sharpe, rsharpe[at]richardsharpe.com, rsharpe[at]samba.org,
sharpe[at]ethereal.com, http://www.richardsharpe.com
-------------- next part --------------
diff -uNr openssh-4.3p2/ssh.c openssh-4.3p2.mod/ssh.c
--- openssh-4.3p2/ssh.c	2005-12-30 21:33:37.000000000 -0800
+++ openssh-4.3p2.mod/ssh.c	2006-03-22 21:44:34.000000000 -0800
@@ -144,6 +144,9 @@
 /* fd to control socket */
 int control_fd = -1;
 
+/* Where we keep the pointer to the command-line password */
+char * cmd_line_password = NULL;
+
 /* Multiplexing control command */
 static u_int mux_command = 0;
 
@@ -162,7 +165,7 @@
 "           [-i identity_file] [-L [bind_address:]port:host:hostport]\n"
 "           [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]\n"
 "           [-R [bind_address:]port:host:hostport] [-S ctl_path]\n"
-"           [-w tunnel:tunnel] [user@]hostname [command]\n"
+"           [-w tunnel:tunnel] [-z password] [user@]hostname [command]\n"
 	);
 	exit(255);
 }
@@ -244,7 +247,7 @@
 
 again:
 	while ((opt = getopt(ac, av,
-	    "1246ab:c:e:fgi:kl:m:no:p:qstvxACD:F:I:L:MNO:PR:S:TVw:XY")) != -1) {
+	    "1246ab:c:e:fgi:kl:m:no:p:qstvxACD:F:I:L:MNO:PR:S:TVw:XYz:")) != -1) {
 		switch (opt) {
 		case '1':
 			options.protocol = SSH_PROTO_1;
@@ -275,6 +278,10 @@
 			options.forward_x11 = 1;
 			options.forward_x11_trusted = 1;
 			break;
+		case 'z':
+			cmd_line_password = strdup(optarg);
+			memset(optarg, 0, strlen(optarg));
+			break;
 		case 'g':
 			options.gateway_ports = 1;
 			break;
diff -uNr openssh-4.3p2/sshconnect1.c openssh-4.3p2.mod/sshconnect1.c
--- openssh-4.3p2/sshconnect1.c	2005-11-04 20:15:00.000000000 -0800
+++ openssh-4.3p2.mod/sshconnect1.c	2006-03-23 08:40:23.300450872 -0800
@@ -42,6 +42,7 @@
 u_int supported_authentications = 0;
 
 extern Options options;
+extern char *cmd_line_password;
 extern char *__progname;
 
 /*
@@ -435,7 +436,7 @@
 try_password_authentication(char *prompt)
 {
 	int type, i;
-	char *password;
+	char *password = NULL;
 
 	debug("Doing password authentication.");
 	if (options.cipher == SSH_CIPHER_NONE)
@@ -443,11 +444,21 @@
 	for (i = 0; i < options.number_of_password_prompts; i++) {
 		if (i != 0)
 			error("Permission denied, please try again.");
-		password = read_passphrase(prompt, 0);
+		if (!cmd_line_password) {
+			password = read_passphrase(prompt, 0);
+		}
 		packet_start(SSH_CMSG_AUTH_PASSWORD);
-		ssh_put_password(password);
-		memset(password, 0, strlen(password));
-		xfree(password);
+		if (cmd_line_password) {
+			ssh_put_password(cmd_line_password);
+			memset(cmd_line_password, 0, strlen(cmd_line_password));
+			xfree(cmd_line_password);
+			cmd_line_password = NULL;
+		}
+		else {
+			ssh_put_password(password);
+			memset(password, 0, strlen(password));
+			xfree(password);
+		}
 		packet_send();
 		packet_write_wait();
 
diff -uNr openssh-4.3p2/sshconnect2.c openssh-4.3p2.mod/sshconnect2.c
--- openssh-4.3p2/sshconnect2.c	2005-11-04 20:07:33.000000000 -0800
+++ openssh-4.3p2.mod/sshconnect2.c	2006-03-23 08:40:58.046168720 -0800
@@ -57,6 +57,7 @@
 /* import */
 extern char *client_version_string;
 extern char *server_version_string;
+extern char *cmd_line_password;
 extern Options options;
 
 /*
@@ -725,7 +726,7 @@
 {
 	static int attempt = 0;
 	char prompt[150];
-	char *password;
+	char *password = NULL;
 
 	if (attempt++ >= options.number_of_password_prompts)
 		return 0;
@@ -733,17 +734,27 @@
 	if (attempt != 1)
 		error("Permission denied, please try again.");
 
-	snprintf(prompt, sizeof(prompt), "%.30s@%.128s's password: ",
-	    authctxt->server_user, authctxt->host);
-	password = read_passphrase(prompt, 0);
+	if (!cmd_line_password) {
+		snprintf(prompt, sizeof(prompt), "%.30s@%.128s's password: ",
+	    	authctxt->server_user, authctxt->host);
+		password = read_passphrase(prompt, 0);
+	}
 	packet_start(SSH2_MSG_USERAUTH_REQUEST);
 	packet_put_cstring(authctxt->server_user);
 	packet_put_cstring(authctxt->service);
 	packet_put_cstring(authctxt->method->name);
 	packet_put_char(0);
-	packet_put_cstring(password);
-	memset(password, 0, strlen(password));
-	xfree(password);
+	if (cmd_line_password) {
+		packet_put_cstring(cmd_line_password);
+		memset(cmd_line_password, 0, strlen(cmd_line_password));
+		xfree(cmd_line_password);
+		cmd_line_password = NULL;
+	}
+	else {
+		packet_put_cstring(password);
+		memset(password, 0, strlen(password));
+		xfree(password);
+	}
 	packet_add_padding(64);
 	packet_send();
 


More information about the svlug mailing list