Folks-

I have 2 questions here:

1.) Is this a reasonable implementation for populating the authorized_keys file for a user on a remote system under their login?
2.) Is doing this compromising security any?

The implementation relies on using expect to handle transporting the users typed-in password to ssh in order to populate far-end authorized_keys the first time. Thereafter the users ssh requests will not need a password anymore.

This requires that the user already has a public and private key setup on their local system. It does not need to worry about wether or not the private key is password protected or not. It just ships the public key over to the target system and installs it into their authorized_keys file.

The only thing I came up with in super-search on this topic, was scp and ssh without passwd, and I couldn't understand why doing this was effecting security any.

Thanks

-Craig

PS - Also, any suggested improvements are welcome!

UPDATE: s/crap/authorized_keys in example program 

use strict;
use warnings;

use Expect;
use Term::ReadKey;

my $exp = new Expect;

my $usr = 'myuser';
my $host = 'myhost';
my $pubkey = `cat $ENV{HOME}/.ssh/id_rsa.pub`;

if(!$pubkey) { die "No public key" };

$exp->spawn("ssh $usr\@$host 'echo \"$pubkey\" >>.ssh/authorized_keys'
+") ||
        die "Dead Spawn";

$exp->expect(15,
    # This handles a first-time query from ssh about adding the target
    #    machine to your known_hosts file if it isn't already there...
    [ '-re', '.*\(yes/no\)\? ',
        sub{
            $exp->send("yes\n");
            $exp->exp_continue;
        }
    ],
    # This handles the password prompt...
    [ 'assword: ',
        sub{
            $exp->send(_GetPass($host, $usr) . "\r");
            $exp->exp_continue;
        }
    ],
    # Handling EOF...
    [eof => sub {
            print "\nERROR: Got an EOF...\n";
        }
    ],
    # Handling timeouts...
    [timeout => sub {
            die "\nERROR: Got a Timeout..\n";
        }
    ],
);

# This normally would be a GUI popup...
sub _GetPass
{
    my $host = shift || die "Missing host";
    my $usr = shift || die "Missing usr";

    ReadMode('noecho');
    print "Enter $usr" . '@' . "$host Password: ";
    chomp(my $pw = ReadLine(0));
    ReadMode('restore');
    print "\n";
    return ( $pw );
}

[download]

In reply to Populating authorized_keys with Expect by cmv

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.