If we have an SSH key protected by a passphrase, it can be a problem when performing tasks from Cron, for example when running Rsyncs. A quick solution to this problem is to execute a script in Expect to which the passphrase is indicated and executes the Rsync.
The installation of Expect will vary depending on the operating system used. In FreeBSD, we will have to install the binary package and generate a generic symbolic link to the binary:
pkg install expect
which tclsh8.6
/usr/local/bin/tclsh8.6
ln -s /usr/local/bin/tclsh8.6 /usr/local/bin/tclsh
echo "dev-tcltk/expect threads -debug doc" > /etc/portage/package.use/expect
emerge -av dev-tcltk/expect
bzip2 -d /usr/share/doc/expect-5.45.4/examples/autoexpect.bz2
cp /usr/share/doc/expect-5.45.4/examples/autoexpect /usr/local/bin/
chmod 700 /usr/local/bin/autoexpect
Now, as a regular user, we launch expect_autoexpect/autoexpect with the command we want to automate:
We can view the content of the script:
#!/usr/local/bin/expect -f
#
# This Expect script was generated by autoexpect on Tue Sep 22 18:03:18 2020
# Expect and autoexpect were both written by Don Libes, NIST.
#
# Note that autoexpect does not guarantee a working script. It
# necessarily has to guess about certain things. Two reasons a script
# might fail are:
#
# 1) timing - A surprising number of programs (rn, ksh, zsh, telnet,
# etc.) and devices discard or ignore keystrokes that arrive "too
# quickly" after prompts. If you find your new script hanging up at
# one spot, try adding a short sleep just before the previous send.
# Setting "force_conservative" to 1 (see below) makes Expect do this
# automatically - pausing briefly before sending each character. This
# pacifies every program I know of. The -c flag makes the script do
# this in the first place. The -C flag allows you to define a
# character to toggle this mode off and on.
set force_conservative 0 ;# set to 1 to force conservative mode even if
;# script wasn't run conservatively originally
if {$force_conservative} {
set send_slow {1 .1}
proc send {ignore arg} {
sleep .1
exp_send -s -- $arg
}
}
#
# 2) differing output - Some programs produce different output each time
# they run. The "date" command is an obvious example. Another is
# ftp, if it produces throughput statistics at the end of a file
# transfer. If this causes a problem, delete these patterns or replace
# them with wildcards. An alternative is to use the -p flag (for
# "prompt") which makes Expect only look for the last line of output
# (i.e., the prompt). The -P flag allows you to define a character to
# toggle this mode off and on.
#
# Read the man page for more info.
#
# -Don
set timeout -1
spawn /usr/local/bin/rsync -avz --del {--rsh=ssh -p22} /home/kr0m/data/ kr0m@192.168.1.2:/home/kr0m/data/
match_max 100000
expect -exact "Enter passphrase for key '/home/kr0m/.ssh/id_rsa': "
send -- "PASSWORD\r"
expect eof
In this case, it is a backup script. This script will be very simple, just calling the script in Expect:
#!/usr/local/bin/bash
/home/kr0m/script.exp
We assign the necessary permissions to the script:
This script can be scheduled in crontab without asking for any passphrase:
* 10 * * * /home/kr0m/backup.sh