At work the process of opening an ssh session on a production server requires jumping through a couple of intermediate boxes where you have to authenticate each time which results in a lot of typing and remembering the names of the intermediate boxes that I don't really care about. This is all an inconvenience and because I'm lazy I'd rather not have to do it every time. So I started looking at ways to automate it and came across Expect.
Below is a snip of my Expect script that sends an ssh command and then responds accordingly. Normally ssh will just prompt for a password but if it's the first time I've connect to that server then I get the prompt "You haven't connected to this server before ... blah blah blah ... do you want to continue (yes/no) :" (or something like that). I sussed out how to expect one response or another, as demonstrated in the code below, but I can't figure out how I might remove the duplication where I have to handle the "password:" prompt.
I'm unsure if I've described the problem clearly or not, but any help or follow up questions are most welcome.
Expect that your looking for the exp_continue statement.
I've not tested, or even ran the above code, but you get the idea. Not sure about the security side of things either, expect that script may annoy some system admins. Better solution would be to go down the key pair route, but I'm guessing that not an option for you!
Do you know about the autoexpect command? Records an shell interaction and saves it as an expect script, which you can then modify.
The only thing I could think of that might get the security team's feathers ruffled would be storing ssh passwords in plain text files on my laptop. To avoid this I have put the credentials in the KeyChain (this is a Mac machine) and used the 'security' command in the Expect script to extract them. I was not aware of the autoexpect command and it sounds really useful, but unfortunately not available by default on a Mac system. HomeBrew has not been blessed by the corporate software approval gods so can't be used to install it either.
You've given me really useful info which is certainly worth a cow or two.
To be honest, I'm surprised that expect is installed on a production machine or a machine that can access the production environment. It could potentially be used as a hacking tool. Guess it depends on the industry and business domain.
Years back, I developed a simple script to allow users to change their passwords from within an application. As a developer I didn't like the idea of having to do it myself. I'll have to find those scripts and put them on git hub.