Jump to content

Workflow to pass argument to Terminal as one-time password


Recommended Posts

Hi,

 

I am trying to create a work flow that starts with keyword with argument with attempting to pass the user-input argument as a one-time password to a remote ssh server.

(The remote ssh server does not accept ssh-key setup, OTP is the only option there :( )

 

But some how I never managed to succeed. 

 

I am wondering if someone knows how to do this or is this possible at all?

 

Thanks! :)  

Link to comment
1 hour ago, ETN said:

I am wondering if someone knows how to do this or is this possible at all?

 

ssh (and most other programs) only ask for a password if they're connected to a terminal (i.e. an interactive session). If they're not, they exit with an error. That's almost certainly what's happening with your script.

 

You can try using sshpass or a pty library to create the pseudoterminal ssh is expecting.

Link to comment

Hi,

 

Thanks for the tips. I am new to workflow. I was not actually using any scripts for my ssh. My workflow opens the Terminal.app and I assume that was the interactive session?

I am not sure what you meant by "exit with an error". I just notice my Terminal shows "Password:" and just wait for user to input password instead of using the arguments from my workflow. It seems that the workflow kind of stops when it sees "Password:" in the terminal?

 

Link to comment
17 minutes ago, ETN said:

My workflow opens the Terminal.app and I assume that was the interactive session?

 

Yes, it is.

 

17 minutes ago, ETN said:

I am not sure what you meant by "exit with an error".

 

Sorry, I assumed you were running ssh from a Run Script action, not a Terminal Command because that's fundamentally unsuited for "talking" to a process like you're trying to do (enter the password).

 

32 minutes ago, ETN said:

It seems that the workflow kind of stops when it sees "Password:" in the terminal?

 

No, that's not what's happening. Terminal Command is functionally similar to Open URL or Open Files. It just takes whatever command you give it and tells your terminal emulator (Terminal.app, iTerm etc.) to run it in a new tab. It has no idea what happens after that. It can't send anything else to the terminal, nor does it get any response.

 

If your workflow is supposed to send a series of commands, you need to do it programmatically from a Run Script Action.

 

What exactly are you trying to achieve? Are you trying to run a command on a remote server, or auto-login an interactive session in your terminal?

Link to comment
1 hour ago, deanishe said:

What exactly are you trying to achieve?

I was trying to automate the following process:

- Open Terminal and ssh to a remote gateway server using a one-time Password (passed in by user as an argument of workflow)

- once I manage to ssh to the remove server, i would like to execute one or two terminal commands

- exit and close the Terminal app.

 

The challenge here is the gateway server uses one-time password that I have to generate externally from token. And gateway does not allow password-less login. I think these two points make scripting a bit more challenging. So I am wondering if workflow can automate the process the same way as human does.

 

 

Link to comment
2 minutes ago, ETN said:

So I am wondering if workflow can automate the process the same way as human does.

 

Trying to simulate the way a user would do something isn't usually a good approach to automation. Programs have APIs to talk to each other.

 

12 minutes ago, ETN said:

once I manage to ssh to the remove server, i would like to execute one or two terminal commands

 

Always the same commands?

 

Which of the steps you describe cannot be fully automated because they're actually different each time, and which are just things you're doing because that's the way you do it?

Link to comment
2 minutes ago, deanishe said:

Always the same commands?

Yes. Once I have ssh'ed in,  it will be the same commands.

 

4 minutes ago, deanishe said:

Which of the steps you describe cannot be fully automated because they're actually different each time

The 1st step (ssh into the remote gateway server).  The one-time password changes for each login, and can only be generated by external hardware.  So it has to be a variable that I need to input each time I initiate the workflow.

Link to comment

Then you should be able to ask for the OTP with Alfred, then execute your commands on the remote server via a shell script (Run Script action with Language = /bin/zsh).

 

You can use sshpass (install via Homebrew with brew install hudochenkov/sshpass/sshpass). Something like:

 

otp="$1"
/usr/local/bin/sshpass -p "$otp" ssh user@jumphost.domain.com /bin/sh -c 'command 1; command 2'
Edited by deanishe
Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...