Si tenemos la key Ssh protegida mediante passphrase puede resultar un problema al realizar tareas desde Cron, por ejemplo al ejecutar Rsyncs. Una solución rápida a esta problemática es ejecutar un script en Expect al que se le indica la passphrase y ejecuta el Rsync.
La instalación de Expect variará según el sistema operativo utilizado, en FreeBSD tendremos que instalar el paquete binario y generar un enlace simbólico genérico al binario:
pkg install expect
which tclsh8.6
/usr/local/bin/tclsh8.6
ln -s /usr/local/bin/tclsh8.6 /usr/local/bin/tclsh Â
echo "dev-tcltk/expect threads -debug doc" > /etc/portage/package.use/expect
emerge -av dev-tcltk/expect
bzip2 -d /usr/share/doc/expect-5.45.4/examples/autoexpect.bz2
cp /usr/share/doc/expect-5.45.4/examples/autoexpect /usr/local/bin/
chmod 700 /usr/local/bin/autoexpectÂ
Ahora como usuario regular lanzamos expect_autoexpect/autoexpect con el comando que queramos automatizar:
Podemos ver el contenido del script:
#!/usr/local/bin/expect -f
#
# This Expect script was generated by autoexpect on Tue Sep 22 18:03:18 2020
# Expect and autoexpect were both written by Don Libes, NIST.
#
# Note that autoexpect does not guarantee a working script. It
# necessarily has to guess about certain things. Two reasons a script
# might fail are:
#
# 1) timing - A surprising number of programs (rn, ksh, zsh, telnet,
# etc.) and devices discard or ignore keystrokes that arrive "too
# quickly" after prompts. If you find your new script hanging up at
# one spot, try adding a short sleep just before the previous send.
# Setting "force_conservative" to 1 (see below) makes Expect do this
# automatically - pausing briefly before sending each character. This
# pacifies every program I know of. The -c flag makes the script do
# this in the first place. The -C flag allows you to define a
# character to toggle this mode off and on.
set force_conservative 0 ;# set to 1 to force conservative mode even if
;# script wasn't run conservatively originally
if {$force_conservative} {
set send_slow {1 .1}
proc send {ignore arg} {
sleep .1
exp_send -s -- $arg
}
}
#
# 2) differing output - Some programs produce different output each time
# they run. The "date" command is an obvious example. Another is
# ftp, if it produces throughput statistics at the end of a file
# transfer. If this causes a problem, delete these patterns or replace
# them with wildcards. An alternative is to use the -p flag (for
# "prompt") which makes Expect only look for the last line of output
# (i.e., the prompt). The -P flag allows you to define a character to
# toggle this mode off and on.
#
# Read the man page for more info.
#
# -Don
set timeout -1
spawn /usr/local/bin/rsync -avz --del {--rsh=ssh -p22} /home/kr0m/data/ kr0m@192.168.1.2:/home/kr0m/data/
match_max 100000
expect -exact "Enter passphrase for key '/home/kr0m/.ssh/id_rsa': "
send -- "PASSWORD\r"
expect eof
En este caso se trata de un script de backup, este script será muy sencillo, tan solo llamará al script en Expect:
#!/usr/local/bin/bash
/home/kr0m/script.exp
Asignamos los permisos necesarios al script:
Este script se podrá crontabear sin que pida ninguna passphrase:
* 10 * * * /home/kr0m/backup.sh