How can I use shell script to login the netopeer2-cli first time?

CESNET / netopeer2

NETCONF toolset

BSD 3-Clause "New" or "Revised" License

301 stars 189 forks source link

How can I use shell script to login the netopeer2-cli first time? #1401

Closed matlabrui-code closed 1 year ago

matlabrui-code commented 1 year ago

Hi, I wan to use shell script to realize login neotpeer2-cli first time. But after I use the "connect" command , it will require me to put "yes" on the terminal.

root@A3-O:/tmp# netopeer2-cli
> connect
The authenticity of the host 'localhost' cannot be established.
ssh-rsa key fingerprint is cc:7b:56:05:ab:aa:91:cf:04:0b:e1:75:cf:f6:64:b4:ab:3f:ed:05.
Are you sure you want to continue connecting (yes/no)?

Here is my script as below:

netopeer2-cli <<END
connect
yes
END

"yes“ would not work, how can I let the "yes" send to the netopeer2-cli ?

michalvasko commented 1 year ago

There are at least 3 solutions to this problem. The ideal solution would be for you to use a non-interactive authentication method, publickey. That is what scripted SSH connections are supposed to use for this exact reason.

Then, you can avoid this question by having the host key stored in your known_hosts in advance. I am not sure what is the easiest way of doing that but I am sure you could find something with a quick search. Probably, ssh(1) could be configured to perform this.

Lastly, if you do not mind changing the code of the CLI, you can define your own callback for verifying the host key. It is set by the function nc_client_ssh_set_auth_hostkey_check_clb().

jktjkt commented 1 year ago

This is a bit "tricky" because netopeer2-cli is using libssh internally. Now, libssh implements some bits which make it similar to OpenSSH's ssh(1) binary, but it only goes half way there. For example, OpenSSH has a ton of options that you can use for, say, configuring whether the host keys are checked at all, and where to store them. There's no control over that using libssh (unless one writes some C code).

In netconf-cli we decided to avoid this problem by simply forking and launching ssh(1), and talking to that over a pipe. That way we delegate 100% of SSH communication (and authentication, and option handling, and...) to the existing systemwide or user-specific configuration, and we did not have to reinvent any new wheels.

matlabrui-code commented 1 year ago

Hi all, I have finished this issue right now. Actually, when the "The authenticity of the host 'localhost' cannot be established." appeared, and I clicked "yes". My linux system root path would generated a public key file called "known_keys". So I stored this key file, and write a script ,when system restart my script would copy the key file to the root path, then when I login to netopeer2-cli , the authentication info would not appeared.

Thank your all for your kind suggestion, have a good day!