Implementation of SSH automatic login server with expect script under Linux

Source: Internet
Author: User
Tags chmod eval mkdir ssh rsync

Another small trick, using the expect scripting language to implement SSH automatic connection to the server, you can automatically enter the password. Because every time using SSH root@xx.xx.xx.xx connection server, you have to manually enter the password, there is no way to automatically enter the password it?

Search on the Internet, there is a way, there is a script language expect, its role is to interact with the program to "programmable" session, such as automatic input password, hit the "password" character will automatically enter the password.

The first thing to do is install the expect script, but bring it in the Macbook. For example, a CentOS machine can be installed using Yum install expect.

This simple little script Ali.exp as follows (note that the script file format is exp):


Spawn ssh root@112.xx.xx.47
Expect "Password:"

Send "a0000223456700\r"


This way, after you set the Ali.exp file as executable, you can./ali.exp run the script and automatically connect to the server.

Spawn is followed by the shell command to execute, expect is to capture the characters to wait for input, send is automatically entered the content, note to "\ r" to indicate a newline to confirm the input.

So, this scripting language can be used in a lot of places, under Linux, often need to type the script of content, you can consider using expect to implement automated interactive scripts to replace human repetitive activities.

Supplemental method shell script SSH automatic login

To run a command on a:

# ssh-keygen-t RSA (three consecutive returns, that is, the public and private keys are generated locally, no password is set)

# SSH root@ "mkdir. SSH" (create. SSH directory on 1.10, you need to enter a password)

# SCP ~/.ssh/ root@ (need to enter password)

The Order on B:

# Touch/root/.ssh/authorized_keys (If this file is already present, skip this one)

# cat/root/.ssh/ >>/root/.ssh/authorized_keys (append content to

In Authorized_keys)

Back to a machine:

# SSH root@ (no password required, login successful)

Do rsync sync on the B machine without having to enter a password or use a password file.

Rsync-avzu--progress--delete root@ ( client execution)

Add two: Automatically login Linux server with SSH public key

The first step: generate an SSH public key pair
Today's Linux servers are installed with OpenSSH software by default.
The generated public key key pair is generated on the Management Server:
[Root@server ~]# ssh-keygen-b 1024-t RSA
Generating public/private RSA key pair. #提示正在生成rsa密钥对
Enter file in which to save the key (/HOME/USRNAME/.SSH/ID_DSA): #询问公钥和私钥存放的位置, enter with the default location
Enter passphrase (empty for no passphrase): #询问输入私钥密语, enter the password
Enter same passphrase again: #再次提示输入密语确认
Your identification has been saved IN/HOME/USRNAME/.SSH/ID_DSA. #提示公钥和私钥已经存放在 the/root/.ssh/directory
Your public key has been saved in/home/usrname/.ssh/
The key fingerprint is:
x6:68:xx:93:98:8x:87:95:7x:2x:4x:x9:81:xx:56:94 Root@server #提示key的指纹

-B 1024 uses a 1024-byte public/private key pair, a maximum of 4096 bytes, generally 1024 or 2048 is enough to meet security needs, too long encryption and decryption need to increase the time.
-t RSA uses the RSA encryption method public/private key pair, in addition to RSA and the DSA Way, the RSA method shortest cannot be less than 768 byte length.
If you need to use more other parameters please refer to man Ssh-keygen.
In the process of generating a key pair, you are asked: Enter the password passphrase (empty for no passphrase), the password (passphrase) is you use a phrase or a sentence as a password input, Then by the system internal encryption or hashing algorithm to generate a virtual password, the next step of authentication. The advantage is that it enhances security and is not easily cracked. Read a lot of articles, inside all put this phrase empty, that is, the representative does not use the password. Here I strongly urge you to enter the password phrase. Some people will say that after the use of password, login and enter the password to use this is no more convenient than using user name and password login, I said please do not worry, then read my article.
Note: If you generate a key pair without setting a passphrase, if your private key is lost, your problem may be worse than losing your username password.
Step Two: Copy your public key to the managed server
On your Management Server, copy your public key to the user directory on the managed server to be automatically logged in.
[Root@server ~]# SCP. Ssh/ remote_usrname@ #比如你想使用用户peter登陆, then remote_usrname please use Peter instead

Renaming and making permission settings
Log on to the managed server, enter the user directory that needs to be logged in remotely, and place the public key in the user directory. SSH directory (if directory does not exist, need to create ~/.ssh directory, and set directory permissions to 700), rename the public key to Authorized_keys2, and set its user permissions to 600.
[Peter@client ~]$ ls
[Peter@client ~]$ mkdir ~/.ssh #如果当前用户目录下没有. SSH directory, please create the directory first
[Peter@client ~]$ chmod ~/.ssh
[Peter@client ~]$ MV ~/.ssh
[Peter@client ~]$ CD ~/.ssh
[Peter@client ~]$ cat >> authorized_keys2
[Peter@client ~]$ rm-f
[Peter@client ~]$ chmod authorized_keys2
[Peter@client ~]$ Ls-l
Total 4
-RW-------1 Peter the Oct 11:28 authorized_keys2

Test uses key pair for remote login
[Root@server ~]# ssh peter@
Enter passphrase for key '/root/.ssh/id_rsa ': #提示输入密码短语, enter the passphrase you just set
Last Login:sun Oct 11:32:14 from
[Peter@client ~]$

If you are not able to log in correctly, you should check your AUTHORIZED_KEYS2 permissions again. You may also want to check the permissions for the. SSH directory.
Use Ssh-agent (SSH proxy) to automatically enter a passphrase
Remember your "password phrase", now you can use your key instead of the password to log on to your server, but this still does not save anything, you still want to enter the key "passphrase." Is there a simpler way to do it? The answer is to use an SSH proxy (ssh-agent), a program that helps you remember the phrase "passphrase." Ssh-agent is the SSH agent that is included by default in OpenSSH.
Log on to the admin server
[Root@server ~]# Ssh-agent
ssh_auth_sock=/tmp/ssh-vegjcm2147/agent.2147; Export Ssh_auth_sock;
ssh_agent_pid=2148; Export ssh_agent_pid;
echo Agent pid 2148;

When you run ssh-agent, it will print out the SSH environment and variables it uses. There are two ways to use these variables, one is to declare the environment variables manually, and the other is to run the eval command to declare the environment variables automatically.
Method One: Manually declaring environment variables
[Root@server ~]# ssh_auth_sock=/tmp/ssh-vegjcm2147/agent.2147; Export Ssh_auth_sock;
[Root@server ~]# ssh_agent_pid=2148; Export ssh_agent_pid;
[Root@server ~]# printenv | grep ssh #检查 SSH environment variable has joined the current session's environment variable

Method Two: Run the eval command to automatically declare environment variables
[Root@server ~]# eval ' ssh-agent '
Agent PID 2157
[Root@server ~]# printenv | grep ssh #检查 SSH environment variable has joined the current session's environment variable

Now the ssh-agent is already running, but the ssh-agent inside is blank and there is no private key to decrypt. We're going to tell it where we have the private key and where the private key is. This requires the use of the Ssh-add command to add our private key to the ssh-agent cache.
[Root@server ~]# Ssh-add ~/.SSH/ID_DSA
Enter Passphrase FOR/HOME/USER/.SSH/ID_DSA: #输入你的密码短语
Identity added:/home/user/.ssh/id_dsa (/HOME/USER/.SSH/ID_DSA)
[Root@server ~]# ssh-add-l #查看 The cached content of the SSH agent
1024 72:78:5e:6b:16:fd:f2:8c:81:b1:18:e6:9f:77:6e:be/root/.ssh/id_rsa (RSA)

Enter the password phrase, now, you can log on to your remote server without typing your passphrase, and your private key is password protected. Try it!
[Root@server ~]# ssh peter@
Last Login:sun Oct 11:32:45 from
[Peter@client ~]$

Log on to the server after the operation, remember to turn off the ssh-agent, or other people can be remote after landing.
[Root@server ~]# Ssh-agent-k
Unset Ssh_auth_sock;
Unset ssh_agent_pid;
Echo Agent pid 2148 killed;
[Root@server ~]# ssh-add-l #查看一下, there is no key in the cache.
The agent has no identities.

Enter the next time you log in
Enter a password hint
#ssh-y Username@ip

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.