SSH session via KSH in coprocess

[C4N4rD]

Hi,

I want to connect via SSH to a router via a KSH script, I also use |& to put my SSH session in coprocess and still comunicate with her with print -p.

If I use Telnet it works:

Code:

#!/bin/ksh                                                                                                                                                                                             

telnet 192.168.1.20 |&
sleep 1

print -p "login"
print -p "password"

But when I want to use SSH, my script seem to doesn't send the password: "Permission denied, please try again.":

Code:

#!/bin/ksh

ssh -T -l login 192.168.1.20 |&
sleep 1

print -p "password"

Finnaly it's seem to be not possible to communicate with SSH when it is as a coprocess... Nobody has find a solution.

Thanks

[tetsujin]

Hi,

I want to connect via SSH to a router via a KSH script, I also use |& to put my SSH session in coprocess and still comunicate with her with print -p.

But when I want to use SSH, my script seem to doesn't send the password: "Permission denied, please try again.":

Finnaly it's seem to be not possible to communicate with SSH when it is as a coprocess... Nobody has find a solution.

Thanks

It appears as though ssh, for security reasons, will only issue password prompts and read password text from /dev/tty - thus bypassing the coprocess mechanism for redirecting ssh's stdin/stdout. This is probably some help in preventing

Probably the best way around this would be to generate an SSH key pair which will allow you to login to the remote host without entering a password. Security-wise this is better than storing the password as plaintext in an executable script anyway... To make things nice and easy I even went and tested this for you - it works. Was able to "ssh remotehost |&" and "echo ls >&p" and then read back filenames from the remote site with "cat <&p".


If you don't mind me asking: I am mostly a Bash user myself but interested in learning about other shells and shell features. I have taken some time to learn about ksh and coprocesses, of course, but I don't have an intuitive feel of what can be accomplished with them. I am curious about how you are using them. If you can share that with me, I'd appreciate it.

(EDIT): Oh yeah - also one other way you could do it, I guess:
/dev/tty isn't necessarily the program's stdin, as I said: it's the process's "controlling terminal". I wouldn't really recommend this route, but it is possible, when you launch a process, to set its controlling terminal. The "screen" program does this, for instance - as does any xterm, etc. So if you created a pseudo-tty and ran the ssh process with that pseudo-tty as its controlling terminal, you could feed the password in that way...

[C4N4rD]

It appears as though ssh, for security reasons, will only issue password prompts and read password text from /dev/tty - thus bypassing the coprocess mechanism for redirecting ssh's stdin/stdout. This is probably some help in preventing

Yeap, after ask on several forum, and many search I have understood that it's not possible. Can you have a look on this interesting article*(see below): this guy try to manage SSH by coprocess in C++ but doesn't succeed and try to explain why.

Probably the best way around this would be to generate an SSH key pair which will allow you to login to the remote host without entering a password.

I have thought about this, but the problem is that I want to communicate with network device like cisco router and it's not everytime possible to use SSH key pair (with Tacacs + for cisco router but anyway the router haven't got..)

I am curious about how you are using them. If you can share that with me, I'd appreciate it.

For sure, I have done a podcast*(see below) about this(with a very french accent in order that my french friends understand me ). I use coprocess to deploy configuration on network device, very usefull when you have about several hundred of device.

After this problem I have understood that SSH is very hard to use in this kind of script without SSH key pair. The solution is to use expect. I haven't find better way, if someone have I will be glad about this



I'm not allow to post URL on the forum, so just add www before address:

*article: girtby.net/archives/2006/12/18/the-other-kind-of-reentrant/
*podcast: sylvainkalache.com/deploiement-automatise-de-configuration-sur-materiel-reseau-via-ksh/

[pmr]

No problem (as said testujin) to use ssh in a coprocess with ksh local and remote.
Test this, assuming you have a key in authorized_keys

#!/bin/ksh

ssh remote.com "ksh -i 2>&1" |&

while read C?"Command: "
do
print -p $C
read -p
print I see: $REPLY
done