Find the answer to your Linux question:
Results 1 to 4 of 4
Hi, I want to connect via SSH to a router via a KSH script, I also use |& to put my SSH session in coprocess and still comunicate with her ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    May 2009
    Posts
    9

    Lightbulb SSH session via KSH in coprocess


    Hi,

    I want to connect via SSH to a router via a KSH script, I also use |& to put my SSH session in coprocess and still comunicate with her with print -p.

    If I use Telnet it works:

    Code:
    #!/bin/ksh                                                                                                                                                                                             
    
    telnet 192.168.1.20 |&
    sleep 1
    
    print -p "login"
    print -p "password"

    But when I want to use SSH, my script seem to doesn't send the password: "Permission denied, please try again.":

    Code:
    #!/bin/ksh
    
    ssh -T -l login 192.168.1.20 |&
    sleep 1
    
    print -p "password"

    Finnaly it's seem to be not possible to communicate with SSH when it is as a coprocess... Nobody has find a solution.

    Thanks

  2. #2
    Linux Newbie tetsujin's Avatar
    Join Date
    Oct 2008
    Posts
    117
    Quote Originally Posted by C4N4rD View Post
    Hi,

    I want to connect via SSH to a router via a KSH script, I also use |& to put my SSH session in coprocess and still comunicate with her with print -p.

    But when I want to use SSH, my script seem to doesn't send the password: "Permission denied, please try again.":

    Finnaly it's seem to be not possible to communicate with SSH when it is as a coprocess... Nobody has find a solution.

    Thanks
    It appears as though ssh, for security reasons, will only issue password prompts and read password text from /dev/tty - thus bypassing the coprocess mechanism for redirecting ssh's stdin/stdout. This is probably some help in preventing

    Probably the best way around this would be to generate an SSH key pair which will allow you to login to the remote host without entering a password. Security-wise this is better than storing the password as plaintext in an executable script anyway... To make things nice and easy I even went and tested this for you - it works. Was able to "ssh remotehost |&" and "echo ls >&p" and then read back filenames from the remote site with "cat <&p".


    If you don't mind me asking: I am mostly a Bash user myself but interested in learning about other shells and shell features. I have taken some time to learn about ksh and coprocesses, of course, but I don't have an intuitive feel of what can be accomplished with them. I am curious about how you are using them. If you can share that with me, I'd appreciate it.

    (EDIT): Oh yeah - also one other way you could do it, I guess:
    /dev/tty isn't necessarily the program's stdin, as I said: it's the process's "controlling terminal". I wouldn't really recommend this route, but it is possible, when you launch a process, to set its controlling terminal. The "screen" program does this, for instance - as does any xterm, etc. So if you created a pseudo-tty and ran the ssh process with that pseudo-tty as its controlling terminal, you could feed the password in that way...

  3. #3
    Just Joined!
    Join Date
    May 2009
    Posts
    9
    Quote Originally Posted by tetsujin View Post
    It appears as though ssh, for security reasons, will only issue password prompts and read password text from /dev/tty - thus bypassing the coprocess mechanism for redirecting ssh's stdin/stdout. This is probably some help in preventing
    Yeap, after ask on several forum, and many search I have understood that it's not possible. Can you have a look on this interesting article*(see below): this guy try to manage SSH by coprocess in C++ but doesn't succeed and try to explain why.


    Quote Originally Posted by tetsujin View Post
    Probably the best way around this would be to generate an SSH key pair which will allow you to login to the remote host without entering a password.
    I have thought about this, but the problem is that I want to communicate with network device like cisco router and it's not everytime possible to use SSH key pair (with Tacacs + for cisco router but anyway the router haven't got..)


    Quote Originally Posted by tetsujin View Post
    I am curious about how you are using them. If you can share that with me, I'd appreciate it.
    For sure, I have done a podcast*(see below) about this(with a very french accent in order that my french friends understand me ). I use coprocess to deploy configuration on network device, very usefull when you have about several hundred of device.

    After this problem I have understood that SSH is very hard to use in this kind of script without SSH key pair. The solution is to use expect. I haven't find better way, if someone have I will be glad about this



    I'm not allow to post URL on the forum, so just add www before address:

    *article: girtby.net/archives/2006/12/18/the-other-kind-of-reentrant/
    *podcast: sylvainkalache.com/deploiement-automatise-de-configuration-sur-materiel-reseau-via-ksh/

  4. $spacer_open
    $spacer_close
  5. #4
    pmr
    pmr is offline
    Just Joined!
    Join Date
    Feb 2011
    Posts
    1

    KSH and SSH

    No problem (as said testujin) to use ssh in a coprocess with ksh local and remote.
    Test this, assuming you have a key in authorized_keys

    #!/bin/ksh

    ssh remote.com "ksh -i 2>&1" |&

    while read C?"Command: "
    do
    print -p $C
    read -p
    print I see: $REPLY
    done

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •