simple wrapper around ssh for password less logins with passwords

Username and password are extracted from OpenVPN auth-user-pass file
The hostname is expected to be the first argument, all others are just appended
to the ssh command. Nothing is verify, so it's doomed to fail in many ways but
might serve its purpose to allow hassle free logins to certain systems.

diff --git a/home/login.tcl b/home/login.tcl
new file mode 100644 (file)
index 0000000..1d09e7e
--- /dev/null
+++ b/home/login.tcl
@@ -0,0 +1,45 @@
+#!/usr/bin/expect -f
+
+set pwfile "/etc/openvpn/pass.txt"
+
+# minimalistic argument parsing, only assumtion is that the first one will be the hostname
+if { $argc == 1 } {
+    set host [lindex $argv 0]
+    set sshargs ""
+} elseif { $argc > 1 } {
+    set host [lindex $argv 0]
+    set sshargs [lrange $argv 1 end]
+} else {
+    puts "Error no hostname given"
+    puts "$argv0 hostname \[other ssh arguments\]"
+    exit 1
+}
+
+# extract username and password from an OpenVPN password file
+# assumption is that the first line holds the username, the second the password
+proc read_pwfile { pwfile } {
+ global user pass
+ set pwf [open $pwfile r]
+ set pwdat [read $pwf]
+ close $pwf
+
+ set pwlines [split $pwdat "\n"]
+ set user [lindex $pwlines 0]
+ set pass [lindex $pwlines 1]
+}
+
+
+read_pwfile $pwfile
+
+# assemble the spawn command we plan to execute
+if { [string length $sshargs] == 0 } {
+    set spawncmd "spawn ssh -l $user $host"
+} else {
+    set spawncmd "spawn ssh -l $user $sshargs $host"
+}
+
+puts "Connecting with user $user to hosts $host with args $sshargs"
+eval $spawncmd
+expect -re ".*password:"
+send "$pass\r"
+interact