Has anyone used KM to automate logins in Terminal? At work, we're going to be using a real convoluted way to log into our servers via ssh, with multiple prompts along the way. First is a password, then a number to send a 2FA notification to Duo, then a typed reason for connecting. I'd love to be able to automate this. I looked in KM, but don't anything for expecting text to appear.
Thanks.
There is a brief description of solving this problem on this Apple webpage:
Since it can be done with AppleScript, then clearly it can be done in KM using the same AppleScript program in a KM "Execute AppleScript" action. Do you know how to write AppleScript utilities? (I don't, at least not very well.)
But there might be other ways to do it, such as simple keystroke recording and playback. If you can make note of the timing of each of your keyboard strings (username, password, etc.), we can probably use the KM "Insert Text by Pasting" KM action to make it work also. This could be easier for us noobs to write and might also be fairly reliable.
I'm not sure what kind of two-factor authentication you are using, so this may limit your solutions. There are many kinds, and some aren't easily scriptable. (Although at one point I was able to use a camera and OCR software to read a number off another device screen in order to send the 2FA data!!!)
Hey Ken,
I reckon that Keyboard Maestro can do the job – one way or another.
#!/usr/bin/env bash
echo 'YourPassword' | sudo -S ls
This form might well not work for ssh – the -S switch allows sudo to take its password from stdin.
Here's how you might do it with AppleScript:
Terminal ⇢ Auto-Enter Password v1.00.kmmacros (5.7 KB)
The macro types the password in the clear, which I don't like at all – but I haven't found a way around that as yet.
My workaround is to use a short nonsense command to activate sudo and then clear the Terminal and enter the main command that needs sudo.
sudo echo ''
Would be better than ls, because there's no output to wait for.
The selected tab in the Terminal has a contents property, so you can loop along until some text is found if necessary.
Keyboard Maestro has a Pause Until action that takes a found image as a parameter, so you can wait for a dialog.
Yada, yada.
-Chris
Thanks, Chris and Sleepy. That's all very helpful.
-Ken
@ccstone I'm having problems making this work. The commands are going to Terminal but the login fails. I can do the same commands by typing them in Terminal manually and it works. Also in your AppleScript you do script "YourPassword;" What is the final semicolon all about? I've tried it with my password and without.
All I want to do in the end is ssh into my NAS, move a couple of files and exit.
I'm trying to understand this also, but I can tell you in general that the semicolon is used to separate different statements in any Unix Shell, and there's a 90% chance that the semicolon here simply is telling the sudo command where the password ends. So it's probably correct. But I still don't fully understand and I'm still working on it.
I found a solution that seems to work. It uses a command called sshpass which I installed in terminal using the command: brew install esolitos/ipa/sshpass. Of course this assumes you have Homebrew installed on your Mac.
This test script works to ssh into my NAS, list a directory and exit out.
I found instructions about sshpass here https://www.cloudsavvyit.com/14330/how-to-automate-ssh-logins-if-you-must-use-a-password/
I might someday investigate Setting Up SSH Keys as described at the previous URL so I don't have my password in clear text.
Hey Chris,
Here is some Snippet code I have for retrieving a Password from Keychain using AppleScript:
property KeychainPasswordName : "YOUR_KEYCHAIN_PASSWORD" -- name of your password item in the Keychain
set my_password to getPassword(KeychainPasswordName)
set my_username to getUsername()
-- Retrieve the administror password you saved on your Keychain
on getPassword(keychainItemName)
local password
set password to do shell script ("/usr/bin/security 2>&1 >/dev/null find-generic-password -gl " & quoted form of keychainItemName & " | cut -c 11-99 | sed 's/\"//g'")
if password contains "could not be found in the keychain" or password as string is equal to "" then
display alert "Password not found in the keychain" message "Certain tasks in this script need the administrator password to work.
You must create a new password in the OS X Keychain with a custom name, and set it with your administrator password, then edit this script." as critical
error "Password could not be found in the keychain."
else
return password
end if
end getPassword
-- Get the short username (name of your home folder)
on getUsername()
#tell application "System Events" to return the name of current user
short user name of (system info)
end getUsername
I have this in use in many of my Scripts - it should be usable for this approach
Greetings from Germany
Tobias