topic Re: perl and ssh and no key authentification permited in Operating System - Linux

perl and ssh and no key authentification permited

Patrice Le Guyader — Fri, 03 Feb 2006 15:05:40 GMT

Hello,

I would like to know if it is possible to connect from one server to another in batch mode with perl and with password. My team leader for the moment doesn't want to use the public/private keys mecanism.We need to wait for the validation of security team and it's quite long,long,long ....

Best regards
Patrice

Re: perl and ssh and no key authentification permited

Doug O'Leary — Fri, 03 Feb 2006 17:38:57 GMT

Hey;

the perl expect module and gpg modules should help you out quite a bit if you can't use ssh/PKA. Use the GPG module to encrypt user IDs/password combinations and use the expect module to send them to the remote host as needed.

I have some scripts around somewhere that might help out a little if you can't figure it out. It'll take some time to dig them up though; I've been using ssh/PKA at my current client for more than a year...

HTH;

Doug

Re: perl and ssh and no key authentification permited

Patrice Le Guyader — Sat, 04 Feb 2006 13:43:04 GMT

Hello Doug,

Thanks for your help. If you've got an exemple it would be great. It should be a real saving of time for me.

Best Regards.
Patrice

Re: perl and ssh and no key authentification permited

Doug O'Leary — Sun, 05 Feb 2006 18:41:12 GMT

Hey;

Didn't take as long as I thought to find these things again...

Some background: This particular client had 360 hosts across a fairly wide number of domains. They had these hosts organized into zones depending on how close they were the Internet and how SOX compliant they had to be.

That added a skosh bit of complexity to the attached scripts that you, hopefully, won't have to deal with.

The hosts table (not included) is in the format of

${fqdn} ${zone} ${dmz} ${location} ${type:prod/dev/test} ${OS}

The encrypted password file was broken out as follows:

${zone} ${root_pwd} ${phrase}

The phrase being what the root password meant...

HTH; let me know if anything in there isn't clear. Please note that these scripts are now almost two years old so I may have to check out the code for a little bit to remember why I did something...

Apparently, I can only attach one file per response, so the expectlib will be in the next response...

Doug

Re: perl and ssh and no key authentification permited

Doug O'Leary — Sun, 05 Feb 2006 18:41:54 GMT

and here's the expectlib...

Doug

Re: perl and ssh and no key authentification permited

Doug O'Leary — Sun, 05 Feb 2006 20:32:20 GMT

Apparently, I didn't get teh original script up there. Sorry 'bout that...