[SGVLUG] expect is very neat
Sean O'Donnell
sean at seanodonnell.com
Mon Sep 11 23:15:23 PDT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Robert Leyva wrote:
> I wanted to create a script that would do a cvs update without me having
> to input the password.
>
If you're connecting to your CVS Server via SSH (e.g. :ext:), you can
simply use ssh-keygen to generate your public key(s), and then copy to
the ~/,ssh directory on your CVS/SSH server, which should allow you to
log-in remotely w/ no password prompt.
If that's not the case (e.g. :pserver:), then *nevermind*. =p
Expect is a lot of fun, especially for automating procedures such as
'useradd', 'passwd', 'smbpasswd', 'htpasswd' etc.
I made this one to be called when my system boots-up, so that I don't
have to (physically) be there to enter the ssl keyphrase when apache
starts...
#!/usr/bin/expect
################################################
# file: apachessl.sh
# desc: Automated Apache/SSL Startup Script
################################################
#
# usage example:
#
# ./apachessl.sh [passphrase]
#
################################################
#
# Theoretically, this script is a security risk,
# and by best practices-sake, should not be used.
#
# However, if you insist on convenience over
# security, you should make this file permissions:
#
# rwx------
#
################################################
#
# path to the apachectl executable
#
set apachectl "/usr/local/apache/bin/apachectl"
#
# ssl pass phrase
#
set passphrase [lindex $argv 0]
#
# spawn the htpasswd command process
#
spawn $apachectl startssl
expect "Enter pass phrase:"
send "$passphrase\n"
expect eof
################################################
I think (almost positive) there is an easier way achieve that affect,
but I just wanted to see if it would work w/ expect, which it did fine. =)
The only thing I don't like about the script above, and why I noted it
as a security-risk... is because it spits the password to STDOUT in
plain-view, where as entering it manually/physically does not. =/
- --
Sean O'Donnell
South Pasadena, CA
sean at seanodonnell.com
http://seanodonnell.com
PGP Public Key ID: 0xAC769035
PGP Public Key Server: http://pgp.mit.edu
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFFBlB7CUrh+ax2kDURAgTWAKCJbd3E/OFGPTM2DzEd0eyFEmU2fgCgr+hr
PN1J3m8bbWA8QLPHfWs7mE4=
=AmFp
-----END PGP SIGNATURE-----
More information about the SGVLUG
mailing list