bad gnome-terminal or bad script?
Cameron Simpson
cs at zip.com.au
Tue Feb 15 04:20:51 UTC 2005
On 02:49 15 Feb 2005, Stefan Held <obi at unixkiste.org> wrote:
| Am Sonntag, den 06.02.2005, 21:42 -0600 schrieb Marc Williams:
| > On Sun, 06 Feb 2005 23:56:52 +0000, James Wilkinson wrote:
| >
| > > Marc Williams wrote:
| > >> I've just started exploring the Expect language and have quickly hit a
| > >> little bit of a speed bump. But I'm not sure it's Expect that's the
| > >> problem.
| > >>
| > >> In an FC3 gnome-terminal, I try to run the following script:
| > >> ----------------------
| > >> #!/usr/bin/expect --
| > >> spawn ssh 192.168.0.9
| > >> expect "word: "
| > >> send "password\r"
| > >> expect "]$ "
| > >> interact
| > >
|
| The Question is, why do you _NOT_ use ssh keys for authentication.
| It's even more secure and there is no plaintext shell script with a
| password hanging around in your filesystem.
I can think of two reasons.
Firstly he's learning expect, so who cares what he's using
underneath? Also he _needs_ something that expect has to interact with
if he's going to play with it.
Secondly, and perhaps more relevant, is if he's intending this stuff to
run in batch mode (cron, whatever) then he'll need a passphraseless key
for that, and that's as bad as a password.
Well not quite, in that the far end never sees the private half of the
key while a password _is_ sent to the far end, but it does mean the key
is in the clear at the near/calling end.
So yes, keys are slightly better that passwords, but not enormously
better if it's a batch mode requirement.
--
Cameron Simpson <cs at zip.com.au> DoD#743
http://www.cskk.ezoshosting.com/cs/
There is a fine line between idiocy and genius. We aim to erase that line.
More information about the fedora-list
mailing list