1

I need to script SCP and I need to be able to do this by passing in the password in plain text. I am absolutely aware of the horrible design pattern that I am asking for. I cannot use certificates for this application. My challenge is that the box that I am working on cannot and willnot have expect or perl's Net::SFTP module. I have an HP-UX box with ksh and a basic perl install.

Using SSH keys is out because of a workplace requirement. I don't make the policy, but I do have to abide by it.

wmarbut
  • 301
  • 2
  • 4
  • 12
  • 3
    I'm not sure what are your requirements but you can do it by using some `socat` dark magic like so: `(sleep 3; echo PASS; sleep 5; echo "uname -a") | socat - EXEC:'ssh -l user hostname',pty,setsid,ctty`. In the name of all that is holy, please don't use this for a production environment :) – fim Mar 02 '12 at 17:34
  • That's a good idea, and it works, although I'm going to take a wild guess that if he can't have expect, he also can't have socat. – DictatorBob Mar 02 '12 at 17:45
  • fim, that is some pretty slick magic... but Some Guy is right, I have no socat. – wmarbut Mar 03 '12 at 17:10

2 Answers2

2

By certificates, do you mean ssh keys? Because you can always generate an ssh key with a blank passphrase and use that to log in without being prompted.

DictatorBob
  • 1,644
  • 11
  • 15
  • Yes, by certificates I mean SSH keys. This is by far what I would prefer to do, but I cannot. – wmarbut Mar 02 '12 at 17:09
  • Do you mind if I ask why you can't use keys? – DictatorBob Mar 02 '12 at 17:28
  • workplace policy... – wmarbut Mar 02 '12 at 17:32
  • 3
    Well, we've all worked at places with weird (or silly) policies, so I can kind of understand that, however... this might be one of those cases where it makes sense to question the policy. I'm guessing this is some kind of short-sighted security policy, which is going to have the end effect of making you come up with an even less secure solution just to satisfy the policy. – DictatorBob Mar 02 '12 at 17:35
  • We use HP-UX and, for user accounts, cannot use ssh-keys, the box is configured that way. The reasoning is that keys can be passed around .. (as if passwords couldn't) and would thus allow "anonymous" access. I disagree, but as the OP, I have to abide. Some 'security auditor' is being blamed (more likely misquoted) – lexu May 20 '14 at 04:50
2

To answer your question - you can't do this without external help from expect or similar to provide the password.

What is the objection to using SSH keys? If it's just a case of not wanting to use SSH keys without a pass phrase then you can always set up ssh-agent to hold the keys for you.

user9517
  • 115,471
  • 20
  • 215
  • 297