MacOS – Mac OS X Lion and sshpass

macosmacportsssh

I've upgraded from Mac OS X Snow Leopard to Lion. I used several scripts with sshpass but after I upgraded to Lion the following error appears:

Permission denied, please try again.
debug1: read_passphrase: can't open /dev/tty: Device not configured
debug1: permanently_drop_suid: 502
ssh_askpass: exec(/usr/libexec/ssh-askpass): No such file or directory

I can only connect with sshpass (or type the password manually). No public/private key way. I've reinstalled MacPorts and sshpass.

How can I get ssh-askpass? How can I configure /dev/tty ?

Greets!

Best Answer

You should first file a complaint with the server's administration, observing that public key authentication is vastly more secure than simply a password, but I'll assume you've already done so, and your admins are simply idiots.

Apple sadly removed ssh-askpass when they integrated its functionality into ssh, scp, and ssh-add. There is however an SSHKeychain package that provides an ssh-askpass with an Apple-like Cocoa password prompt for macports' openssh package. It should fix your problems the way you want, perhaps even setting the SSH_ASKPASS variable for you.

Just fyi, I'd usually recommend against installing the openssh macports package itself because it break your Apple password prompt, but once you've installed SSHKeychain macports usually offers a more recent openssh than Apple.

There is nothing wrong imho with embedding passwords in scripts when the server disables public key authentication, i.e. if they cared about security, they should reenable public keys. There are even servers that intentionally break sshpass. You could access such machines using the following expect script :

#!/usr/bin/expect -f
set timeout -1
set send_human {.05 0.1 1 .07 1.5}
eval spawn $argv
match_max 100000
expect {
   -re "USERNAME@(\[0-9A-Za-z_\\-\\.\]+)'s password: "
     { sleep 0.1 ; send -- "PASSWORD\r" ; sleep 0.3 }
}
interact

You may speed up this script by reducing the sleeps and send_human delays.

Related Solutions

MacOS – ssh-under-cron stops working in OS X 10.7 Lion

For anyone who ends up on this page, I realized I should post the answer:

Using launchd instead of cron does indeed fix the authorization problem. Your user launchd jobs (which run only when you are logged in) correctly use the SSH agent information that was unlocked via your keychain as part of login (as part of standard OS X key management, no other software required).

To minimize my interactions with launchd, I created a single launchd job that calls a bash script. In this way I can simply edit the script without dealing with launchd.

Here's the launchd file:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
  <key>Label</key>
  <string>com.mycron.hourly</string>

  <key>ProgramArguments</key>
  <array>
    <string>/Users/john/bin/cron.hourly</string>
  </array>

  <key>Nice</key>
  <integer>1</integer>

  <key>StartInterval</key>
  <integer>3600</integer> <!-- start every X seconds -->

  <key>RunAtLoad</key>
  <true/>
</dict>
</plist>

I saved the file to ~/Library/LaunchAgents/com.mycron.hourly.plist, and then loaded it with:

launchctl load ~/Library/LaunchAgents/com.mycron.hourly.plist

Once loaded, it will run right away and then again every 60 minutes.

If you follow the same procedure, you'll want to change the `ProgramArguments' string with the right path to your script.

MacOS – MacPorts-installed packages not working after updating to Lion

Their migration page should cure all of your ills.

Best Answer

Related Solutions

MacOS – ssh-under-cron stops working in OS X 10.7 Lion

MacOS – MacPorts-installed packages not working after updating to Lion

Related Question