Before the company, because of too many machines too much, the use of jumpers. It decided that the certificate system alone was not secure enough, so it turned on secondary authentication.
That is, every time you log in, you need a dynamic token in Google Authenticator.
But I don’t want to enter this dynamic password every time I log in.
The expect command can realize automatic interactive tasks and automatically enter some information without human intervention, which can easily complete the automatic login function.
Expect has the following commands: Expect receives strings from a process and runs the spawn command to start a new process. Send Sends strings to the process. Interact allows users to interact
A simple automatic login script
#! /bin/sh
export LC_CTYPE="en_US.UTF-8"
expect -c Spawn SSH [email protected] -p 28869 set timeout 3 expect \"[email protected]'s password:\" set password \"bZzPddnvH88b\" send \"\$password\r\" interact "
Copy the code
The above script will try to log in to host 67.226.201.167 and automatically enter the password: bZzPddnvH88b
A script with auth Code for automatic login
First, install Oath Toolkit
https://www.nongnu.org/oath-toolkit/
Copy the code
In this way, it can be used
oathtool --totp -b -d 6 S42D6ODJODUIZJMXU2KTXUIRKU
Copy the code
Such a command to get the dynamic password.
The complete script is as follows:
#! /bin/sh
export LC_CTYPE="en_US.UTF-8"
expect -c " spawn ssh tiger set timeout 3 expect \"Verification code:\" set password \"`oathtool --totp -b -d 6 S42D6ODJODUIZJMXU2KTXUIRKU`\" send \"\$password\r\" interact "
Copy the code
End
Using the Expect command, you can do some interactive automation and save a lot of time.
It is important to note that the purpose of secondary authentication is for added security, so don’t save these login scripts to Github…