Before the company, because of too many machines too much, the use of jumpers. It decided that the certificate system alone was not secure enough, so it turned on secondary authentication.

That is, every time you log in, you need a dynamic token in Google Authenticator.

But I don’t want to enter this dynamic password every time I log in.

The expect command can realize automatic interactive tasks and automatically enter some information without human intervention, which can easily complete the automatic login function.

Expect has the following commands: Expect receives strings from a process and runs the spawn command to start a new process. Send Sends strings to the process. Interact allows users to interact

A simple automatic login script

#! /bin/sh
export LC_CTYPE="en_US.UTF-8"
expect -c Spawn SSH [email protected] -p 28869 set timeout 3 expect \"[email protected]'s password:\" set password \"bZzPddnvH88b\" send \"\$password\r\" interact "
Copy the code

The above script will try to log in to host 67.226.201.167 and automatically enter the password: bZzPddnvH88b

A script with auth Code for automatic login

First, install Oath Toolkit

https://www.nongnu.org/oath-toolkit/
Copy the code

In this way, it can be used

oathtool --totp -b -d 6 S42D6ODJODUIZJMXU2KTXUIRKU
Copy the code

Such a command to get the dynamic password.

The complete script is as follows:

#! /bin/sh
export LC_CTYPE="en_US.UTF-8"
expect -c " spawn ssh tiger set timeout 3 expect \"Verification code:\" set password \"`oathtool --totp -b -d 6 S42D6ODJODUIZJMXU2KTXUIRKU`\" send \"\$password\r\" interact "
Copy the code

End

Using the Expect command, you can do some interactive automation and save a lot of time.

It is important to note that the purpose of secondary authentication is for added security, so don’t save these login scripts to Github…