Quick easy and dangerous - automated logins via Tcl / Expect
Archive - Originally posted on "The Horse's Mouth" - 2009-10-24 09:12:04 - Graham EllisLet me start with a security warning. Passwords and firewalls are there to make it difficult for unauthorized users to get through / at systems, and if you write a script which automates passwords and multi-hop telnet and ssh logins to make it quick and easy for you to get over all the hurdles you are also making it easy for everyone else who has access to a copy of your script. In other words, use what I am about to show you with great care and keep the script if you embed passwords and save names in it with extreme care!
OK. Now let me spill the beans. If you want to automate a login process so that you get straight in to a remote system though what might be a difficult series of steps, you can do so using expect. Once logged in, you can use the interact command within expect to connect your keyboard and screen to the remote process and talk to it directly.
Let's make the connection:
spawn ssh -l accountname www.melkshamchamber.org.uk
expect_after {
default {
puts "Failed to connect"
exit 1
}
}
expect "sword:" {send "abc123_not_really\r"}
expect "$ " {send \r}
expect "\n"
puts "connected ...."And then you can simply:
interactInteract has a series of options / matching capabilities just like the expect command itself, though, and you can apply filters on what you type. There's an example here - automating ssh and with filters and further examples here (telnet) and here (telnet, filtering, logging, etc)
But let me finish as I started. A script that makes it trivially easy for YOU to log in also makes it trivially easy for anyone who has stolen your script to log in!