Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

An AppleScript to automate SSH -X forwarding UNIX
I'm running a Linux server in my home network that I connect to several times during the day. Sometimes I connect just to look at logs, and other times to run X programs, forwarding the display to my G5 using the ssh -x option. After doing this for a while, I got tired of typing in the commands and looked into automating the process with AppleScript. The code below is what I came up with.
global UserName
global ServerName
global passwd

on ActivateX11()
  tell application "X11"
    activate
  end tell
end ActivateX11

on ActivateTerminal()
  set ScriptCommand to "ssh -X " & UserName & "@" & ServerName
  tell application "Terminal"
    activate
    do script ScriptCommand --  Establish the SSH connection
    delay 3 -- Wait 3 seconds for the password prompt to appear
    do script passwd in window 1
  end tell
end ActivateTerminal

on run
  set ServerName to "xxxxxx" --  The name of the server to connect to
  set UserName to "yyyyyy" --  The user to connect as
  set passwd to "zzzzzzz" --  The password for the user
  ActivateX11()
  ActivateTerminal()
end run

To make use of this yourself all you should have to do is set the ServerName, UserName and passwd variables to the correct values. The only other thing you might have to adjust is the delay between sending the SSH command and supplying the password in the ActivateTerminal procedure.
    •    
  • Currently 3.50 / 5
  You rated: 5 / 5 (4 votes cast)
 
[10,141 views]  

An AppleScript to automate SSH -X forwarding | 10 comments | Create New Account
Click here to return to the 'An AppleScript to automate SSH -X forwarding' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Another option
Authored by: djenve on Apr 21, '04 12:17:16PM

Another option is to edit the system wide ssh configuration file (/etc/ssh_config) or create a custom ssh configuration file in your home directory ($HOME/.ssh/ssh_config) with the following entry:

Host *
ForwardX11 yes

man ssh_config - will give you a list of other useful options

- d



[ Reply to This | # ]
Security Threat
Authored by: mschiller on Apr 21, '04 12:33:06PM

I assume it goes without saying that having passwords saved in potentially clear text [even a compiled Applescript is likely to not be safe since the username and password can probably be seen in a hexeditor] on your computer is a bad idea....

Instead of using username/password you'd be better off using a public/private key pair with SSH.. Pretty trivial to set up and if it's done right, if your laptop gets stolen it's trivial to remove the compromised key from the linux server.

Just google for a SSH keygen help page such as

http://www.phy.bnl.gov/computing/gateway/ssh-agent.html


On otherhand a compromised password, if your like most people, could mean needing to change MANY passwords...

[Yeah Yeah, your linux server should have a unique password....]



[ Reply to This | # ]
Security Threat
Authored by: bluehz on Apr 21, '04 01:46:26PM

Yes pub/priv key is definitely the way to go...
Look for SSHLogin at Macupdate. Will allow you to tie your SSH keys into your Keychain.... when you unlock your Keychain (for example when you login) it also authorizes the SSH keys. You will never have to enter another log/pass again from your Mac to Linux as long as you are logged in on OS X box. This is how I do it from my Mac to Slack (Linux) box.



[ Reply to This | # ]
SSHLogin
Authored by: chris_on_hints on Apr 21, '04 04:24:48PM
Just looked for SSHLogin on version tracker and it seems like it has vanished... The website is gone... (see version tracker) shame, because it sounded good!

[ Reply to This | # ]
SSHLogin
Authored by: bluehz on Apr 22, '04 01:52:00AM

Hmmm sshLogin has disappeard... supposedly either of these two items will do the same thing. I have not tried them though:

http://www.sshkeychain.org/
http://www.codefab.com/unsupported/SSHPassKey_v1.1-1-README.html



[ Reply to This | # ]
Another option (store password in keychain)
Authored by: sjonke on Apr 21, '04 02:38:16PM
this applescript code will retrieve a password from the Keychain:
		tell application "Keychain Scripting"
			tell keychain 1
				unlock
				set theKey to first key whose name is "Some Password"
				set theUsername to (account of theKey) as string
				set thePassword to (password of theKey) as string
			end tell
		end tell
Use the Keychain Access application to create a new password with the name you chose ("Some Password" in the example). The "unlock" command will request your keychain password if the keychain is locked. If the keychain is already locked it won't ask.

---
--- What?

[ Reply to This | # ]

Security Threat
Authored by: kholburn on Apr 21, '04 06:29:33PM

I use SSHKeychain. It keeps sshagent key passwords in the Keychain and turns them off if the screen saver is on. (Look for it on versiontracker)



[ Reply to This | # ]
Security Threat
Authored by: gustou on Apr 21, '04 06:41:45PM

Don't forget that any root on a machine you're connected has acces to all the box you can log on without password.



[ Reply to This | # ]
Security Threat
Authored by: David on Apr 22, '04 09:32:51AM

Well, root can become you and then get in that way. But the root user can't directly contact your host and get in using your public/private key.

But yeah, if you don't trust your admin, don't store ANYTHING you don't want him to see on the computer he runs.



[ Reply to This | # ]
Security Threat
Authored by: gustou on Apr 22, '04 10:12:09AM

To explain what I want to say a little more let's have a simple scenario.

I own a laptop. I am the only root in this computer. All my pub/priv keys are securely stored in this computer.

But I am in a company and I often ssh to other computers. So I use ssh-agent.

Then if I do a ssh on a computer B then any root user on B can use my agent (even wihtout getting the pub/priv keys pair) and ssh to any computer that I usually use. This without beeing asked for a password.

In other words don't access a computer whose admin are "untrused"

If I'm not clear please don't hesitate to dop me a line :)



[ Reply to This | # ]