Hello everyone.
I'm a Linux novice trying out a lot of bash scripting lately, as it is so very addictive.
Lately I have been setting up one of my boxes remotely and have been hardening it as much as possible. Please allow me to explain the scenario, as it does tend to become a little complicated (at least for me). 
The target box is a debian system. I have implemented the following:
- - portknocking (to open up ssh port)
- - I use keys to connect instead of password
- - I also use OTPW (one time passwords) in addition (its a 2 factor authentication).
So it must satisfy both requirements in order to allow me to login. Up to this point it all works great as expected. At some point when I need to scp some files or I need to login multiple times a day, it gets a bit annoying with the OTPW, so I created a small shell script where I would enter the challenge number and it will grep my pass file and provide me with the one-time-pass to use for this login. So i can just copy/paste it. This part also works fine so far.
Now, I want to create a shell script... that will do the initial ssh connection and wait for the response at the login which looks like this:
Authenticated with partial success.
Password 067:
So it asks me for my one time password for number 067
I want the script to automatically read the 067 and place it in a variable, so that I can use that variable to calculate my pass needed (i have the part already working where i can enter the number and get a pass from it), and after this process is done to send the password for 067 to the server to complete the login process.
The script that I have made where I can enter manually the number 067 and it greps and cuts the results to my liking (which works) is:
### Please set the location folder of your otpw keys
#
loc="/home/user1/"
#
### Please set the filname of your otpw keys.
#
file=".secretkeys"
#
### Do NOT edit anything below this line, unless you know what you are doing! ###
#
function NOR () {
clear
echo ""
echo ""
echo -n "Please enter your challenge password :"
read def
clear
echo ""
echo ""
echo -n "Please enter your requested challenge number: "
read nnum
echo ""
echo ""
echo -n "Your requested login credentials are: "; grep -E -o ".{0}$nnum.{0,10}" $loc$file | cut -c 5- | tr -d ' ' > temp-key-file-otpw
tput setaf 1; echo -n "$def" && cat temp-key-file-otpw ; tput sgr0
echo ""
echo ""
echo "Have a nice day `whoami`"
echo ""
rm temp-key-file-otp*
exit 0
}
#
function SEC () {
#removed for forum post as this step is not required at the moment)
#
}
#
clear
echo -n "Do you require a normal login credential or a security login credential? ( n/s or 'c' for cancel ): "
read type
while :
do
case $type in
n)
NOR
exit 1
;;
s) SEC
exit 1
;;
c)
clear
echo ""
echo "Operation canceled. Have a nice day :-)"
echo ""
echo ""
exit 0
;;
*)
clear
echo ""
echo "Invalid selection."
echo "Please run this script again if you wish to try again."
echo ""
read -p "Press 'ENTER' to continue."
echo ""
echo ""
exit 0
;;
esac
So in this script, I enter the number given to me by the challenge from the SSH login, and it returns for me the one-time-pass.
I now need a script that will by itself read the challenge, and automatically do similar/same steps as above and complete the login automatically.
What I have so far is:
#!/bin/bash
#
# Test for otpw auto login
#
# v0.1-Alpha
##
function b0x () {
clear
echo ""
echo -n "Please enter your static password for the challenge key: "
read STATIC
clear
echo ""
echo "Connecting now to srv1 ..."
echo ""
#local CMD
CMD=`knock -v xxx.xxx.xxx.xxx **** **** **** ; ssh -p 8588 bla@xxx.xxx.xxx.xxx`
echo "$CMD"
#challenge=$($CMD)
#echo $challenge
exit 0
}
#
clear
echo ""
echo "Welcome `whoami`"
echo ""
echo "Please choose the server you wish to login to"
echo ""
echo ""
echo "1) xxx.xxx.xxx.xxx"
echo "2) xxx.xxx.xxx.xxx.xxx"
echo "3) xxx.xxx.xxx.xxx"
echo ""
echo -n "Please choose 1/2/3 or 'c' to cancel (1/2/3/c) : "
read SERVER
while :
do
case $SERVER in
1)
b0x
exit 1
;;
2)
slack
exit 1
;;
3)
debian
exit 1
;;
c)
clear
echo ""
echo "Operation cancelled. Have a nice day `whoami` :-)"
echo ""
echo ""
exit 0
;;
*)
clear
echo ""
echo "Invalid selection."
echo "Please run this script again if you wish to retry."
echo ""
read -p "Press 'ENTER' to continue"
echo ""
echo ""
exit 0
;;
esac
done
#
### EOF ###
There is alot of stuff commented out or missing in this script, but please ignore those, as it is nowhere near complete.
NOTE: Just to be clear, i only need help with the part of getting the 067 response put in to a variable, from there I should be able to tackle the rest on my own.
Any help would be appreciated
Cheers,
instro