Thanks :)
Here is the official page: http://expect.nist.gov/
Here is the script I used, maybe it will be helpful. The first argument is
the target hosts list file.
#!/usr/local/bin/expect -f
# Andre - Coleta arquivos de cadastros em todas webs e copia para diretorio
de sincronizacao
proc scpcad {maquina} {
eval spawn /usr/bin/scp -c blowfish -pr $maquina:/var/www/*tgz /var/www/
set timeout 3
expect "yes/no" {send "yes\r"}
expect "*assword:"
set timeout -1
send the_password\r
expect eof
}
proc scplog {maquina data} {
eval exec mkdir -p /var/www/html/andlog/$maquina
eval spawn /usr/bin/scp -p andre@$maquina:/var/www/logs/$data*
/var/www/html/andlog/$maquina
set timeout 3
expect "yes/no" {send "yes\r"}
expect "*assword:"
set timeout 20
send my_password\r
expect eof
}
set data [exec date +%d.%m.%Y]
send_user $data
#exec /bin/rm -f /root/.ssh/known*
set Maqfile [open $argv r]
foreach maquina [split [read $Maqfile] "\n"] {
#scpcad $maquina
scplog $maquina $data
}
-----Mensagem original-----
De: Trevor Cushen [mailto:[EMAIL PROTECTED]]
Enviada em: quarta-feira, 9 de outubro de 2002 10:35
Para: Andre Guimaraes
Cc: [EMAIL PROTECTED]
Assunto: RE: Is SSH worth it??
This man is a god amoung men, I will test this and get back to you. SSH is
going in place if all this works out. I'm side tracked at the moment but
will get back to it next week.
Thanks again to all
Trevor Cushen
P.s
Can I ask you for a url to more info on this expect language and it usage.
Again many thanks
-----Original Message-----
From: Andre Guimaraes [mailto:[EMAIL PROTECTED]]
Sent: 08 October 2002 19:26
To: Trevor Cushen; [EMAIL PROTECTED]
Subject: RES: Is SSH worth it??
I dont like RSA without passwords caus if your machine gets compromised, the
attacker would have root access to another machines in your network. When I
needed automated scripting using ssh and scp I used this programming
language called EXPECT, perl includes a module that implements the expect
language. It goes something like this:
exec ssh myhost "commands" (could be scp myfile myhost:path) expect yes/no
send yes\r expect assword send my_password
Just to make the figure.
It worked quite well,but if one host goes down and you dont include error
exception it may get stuck in the middle of the script. Still better than
keys.
-----Mensagem original-----
De: Trevor Cushen [mailto:[EMAIL PROTECTED]]
Enviada em: terça-feira, 8 de outubro de 2002 12:24
Para: [EMAIL PROTECTED]
Assunto: Is SSH worth it??
Many thanks to those that answered and all excellent answers that I will use
in my argument to the customer. A few interesting points came up also.
Ettercap and dsniff were mentioned and duly noted as I have used them before
and should have left out the part about sniffing a switched network in my
question. Another point was raised that the access needed to sniff should
be removed first and foremost (Brad Arlt I think). Most definantely and it
has as much as possible. Physical security to the building and any access
points is quite strong. No external access connections are part of this
segment of the network so external attacks getting in is a low possiblity
(but yes possible I suppose so can't be ruled out) I want to go SSH and have
the encryption but the work involved is hard to justify to the customer
(because the work is their side, as in rewrite the scripts). The argument
that Ettercap claims to break SSH must also be throw into the mix here too.
I could use stunnel if I just wanted encryption????
Here is another spanner in the works and I hope I am corrected on this
because I want to be wrong here.
We would be using SSH and SCP. SCP for automated scripts. To get scripts
automated my understanding is that the best security in this scenerio is use
RSA authentication only. Thus no password request when I do 'scp host:file
filedst'. But then does that mean that my SSH client will not be prompted
for a password. In that case accountability is at the machine level. If I
am wrong please inform me gently as I have only started looking at this in
ernest. Yes I can go rhosts authentication but that defeats the purpose to
a large degree as rhost files is what we want to get them away from.
I am currently installing a SCO machine, Solaris machine and NT machine to
set all this up and emulate the site as much as possible. I will post the
final result in time.
Thanks again for the feedback.
Trevor Cushen
Sysnet Ltd
www.sysnet.ie
Tel: +353 1 2983000
Fax: +353 1 2960499
****************************************************************************
**
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this message in error please notify SYSNET Ltd., at
telephone no: +353-1-2983000 or [EMAIL PROTECTED]
****************************************************************************
**
****************************************************************************
**
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this message in error please notify SYSNET Ltd., at
telephone no: +353-1-2983000 or [EMAIL PROTECTED]
****************************************************************************
**
