Speed of expect script

Question

I have the following expect script to automatize the SSH key generation on Ubuntu. The script runs as expected, and generates the key-pairs, but it takes 50-60 sec to finish.It is much more what I would expect on an empty box.

#!/usr/bin/expect --
eval spawn /usr/bin/ssh-keygen -t rsa

expect -re {Enter file in which to save the key (/root/.ssh/id_rsa): }
send -- "\r"

expect -re {Overwrite (y/n)? }
send -- "y\r"

expect -re {Enter passphrase (empty for no passphrase): }
send -- "\r"

expect -re {Enter same passphrase again:" }
send -- "\r"

puts "\nEnded expect script."

Any hints or tips what to change?

Edit: Based on the answer of Niall Byrne, I landed at the following expect script, which is quick and handles first time key generation, as well as key regeneration (overwrite).

#!/usr/bin/expect -f
set timeout -1
spawn /usr/bin/ssh-keygen -t rsa
expect {
  "Enter file in which to save the key" {send -- "\r" ; exp_continue}
  "Overwrite" {send -- "y\r" ; exp_continue}
  "Enter passphrase (empty for no passphrase):" {send -- "\r" ; exp_continue}
  "Enter same passphrase again:" { send -- "\r" ; exp_continue}
  eof
}

Have you benchmarked how long it takes to generate the key without the script? I would verify the key generation time before blaming the script. SSH keys take some time to generate. — mattc, Nov 02 '12 at 17:13

Niall Byrne · Accepted Answer · 2012-11-02T22:26:28.223

I think the main source of your delay is that you are not matching your prompts exactly correct with Expect.

expect -re {Overwrite (y/n)? }
send -- "y\r"

You specify regular expression syntax here (-re) many of the characters in your expect patterns are reserved regular expression characters ie. ? ( ) .

The real effect of this line is that it will look for a regular expression matching this line for 10 seconds, then give up and proceed to send the y. You are basically just creating a 10 second delay before sending the 'y'. Other lines in your code have similar characteristics.

Consider revising this line to:

expect {Overwrite (y/n)?}

or

expect -re {Overwrite.*}

(This is in addition to concerns regarding entropy, but this expect problem is responsible for the bulk of the delay you're seeing.)

Thanks, it does the trick, the script is running now in 5-6 sec, which is OK. Nevertheless, the "Overwrite" statement is still missed, the keys are not regenerated. — Doka, Nov 03 '12 at 08:43

score 2 · Answer 2 · answered Nov 02 '12 at 17:13

2

You are likely dealing with a lack of entropy. When generating keys, the key generator draws upon the system entropy/random number pool (commonly, /dev/random). If the box has little to no load, the random number pool will block until enough environmentally random information can be collected (timings of network traffic, disk, keyboards, mice, and other I/O devices).

answered Nov 02 '12 at 17:13

Yann Ramin

32,895
3
59
82

+1 agreed, this is one of the main reasons scripting key generation isn't a good idea. the more entropy involved the better. – mattc Nov 02 '12 at 17:14
@Yann Ramin: when I run `ssh-keygen -t rsa` interactively, it takes 5-6 sec – Doka Nov 02 '12 at 17:22

Speed of expect script

2 Answers2