Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl-Sensitive Sunglasses
 
PerlMonks  

perl expect script ending prematurely before supplying the password

by madeinindia (Initiate)
on Sep 19, 2015 at 00:36 UTC ( [id://1142485]=perlquestion: print w/replies, xml ) Need Help??

madeinindia has asked for the wisdom of the Perl Monks concerning the following question:

Hi All

I am using perl expect module in our legacy application to scp some file to othe machine. The password for the client machine changes every 15 days, so we can't use ssh public keys.

For most of the machine the Expect script as expected, but for some the the prompt of the machine appears after the perl expect part code is excecuted.

Here is the code of the script.

$Expect::Exp_Internal = 1;
my $exp =  Expect->new();
#$exp->log_stdout(1);
 
$exp->spawn("scp test\.txt  foo\@bar:/tmp/test\.txt ") or warn("Unable
+ to spwan : $!");
$exp->expect(9,
             [ qr/Are you sure you want to continue connecting \(yes\/
+no\)\?/i,
                sub { my $self = shift;
                                 $self->send("yes\n");
                          exp_continue; }],
             [ qr/password:/i, sub { my $self = shift;
                          $self->send("$passwd\n");
                          exp_continue; }]) or warn("error : " .$exp->
+exp_error());

[download]

Here is the output of the script.

Spawned 'scp test.txt  foo@bar:/tmp/test.txt '
        spawn id(6)
        Pid: 17288
        Tty: /dev/pts/1
        Expect::spawn('Expect=GLOB(0x87a04a8)','scp test.txt  foo@bar:
+/tmp/test.txt   co...') called at ...
        main::foo_project('ARRAY(0x8166e00)') called at .....
Starting EXPECT pattern matching...
        Expect::expect('Expect=GLOB(0x87a04a8)',9,'ARRAY(0x89e0d04)','
+ARRAY(0x89e8748)') called at ...
        main::foo_project_project('ARRAY(0x8166e00)') called at ....
spawn id(6): list of patterns:
  #1: -re `(?i-xsm:Are you sure you want to continue connecting \(yes/
+no\)\?)'
  #2: -re `(?i-xsm:password:)'


spawn id(6): Does `'
match:
  pattern #1: -re `(?i-xsm:Are you sure you want to continue connectin
+g \(yes/no\)\?)'? No.
  pattern #2: -re `(?i-xsm:password:)'? No.

Waiting for new data (9 seconds)...
TIMEOUT
Returning from expect with TIMEOUT or EOF
error : 1:TIMEOUT at ....

foo@bar's password:

[download]

Any help in this regard will be appreciated or is there any other way to achieve the same?

stackoverflow link

Replies are listed 'Best First'.
Re: perl expect script ending prematurely before supplying the password
by salva (Canon) on Sep 19, 2015 at 06:51 UTC 
    use Net::OpenSSH;

my $ssh = Net::OpenSSH->new('bar', user => 'foo', password => $passwor
+d);
$ssh->scp_put('test.txt', '/tmp/test.txt');
$ssh->error and die "SCP transfer failed: " . $ssh->error;

    [download]
[reply]
[d/l]
Re: perl expect script ending prematurely before supplying the password
by hippo (Bishop) on Sep 19, 2015 at 08:38 UTC
    The password for the client machine changes every 15 days, so we can't use ssh public keys.

    The changing of the password should have no bearing at all on your ability to use keys for auth. Could you explain further?

[reply]
Re: perl expect script ending prematurely before supplying the password
by Anonymous Monk on Sep 20, 2015 at 06:47 UTC

    Since you want your script to blindly continue connecting to newly-known SSH hosts without verifying that the host key is intact (an analogy: getting a person's PGP key from a keyserver and not verifying any signatures on it as opposed to meeting privately to exchange keys), you might as well add -o "StrictHostKeyChecking no" to scp and get rid of the first question.

    As for the password, you can change your public SSH key once in 15 days as well. Just make sure to first upload the new one and then switch your client to use it, not otherwise.

[reply]
[d/l]
Re: perl expect script ending prematurely before supplying the password
by sundialsvc4 (Abbot) on Sep 19, 2015 at 13:13 UTC

    Yeah, and in this case I would suggest (to the client’s security team ...) that it would be far more secure to use an SSH certificate in this specific case, than to embed a password in a script ... even if the password is masked.   If the password does not have to be remembered, e.g. by peeking at the current copy of the script, then the security(?) of changing it frequently is (IMHO) more-than lost.

    It would be good to dedicate a login-id on the host system specifically for this script (and other purposes), so that the certificate could only be used to log in to that (highly limited) account.   The certificate could only be used there.   A certificate is more-protected than the source code of the things that use it.

      The password has been stored in DB in encrypted form and being extracted from db and decrypted ... I am unable to get, why TIMEOUT is appearing.
[reply]
A reply falls below the community's threshold of quality. You may see it by logging in.

Back to Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: perlquestion [id://1142485]
Approved by stevieb
Front-paged by stevieb
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others imbibing at the Monastery: (6)
As of 2024-04-23 15:42 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found