There are many ways to create secure password-less accesses to remote machines. The most commonly used method is ssh public key authentication. A less well known but more powerful method is Kerberos. Indeed, Kerberos is often used implicitly in Mac OS X.

Unfortunately, there are computer centers that think they know about security and 1) disable public key authentication on their machines, 2) do not support Kerberos, 3) force you to use a random password that they created. This is probably the worst combination of security policies that human being can come up with.

I won’t put their random password in my biochemical memory (because it’s already small). To make their system usable, I wrote a bash script like the following to fill in the password for me:

#!/usr/bin/expect -f

set timeout 10
spawn ssh non-sense_machine
expect "*assword*" { send "passwd_that_I_cant_remember\r" }


The carrier return '\r' is necessary here to emulate “enter” when you key-in your password.

I did make sure that the above script has permission 700 so it is only readable by me. However, as all of you can tell, this is no more securer than ssh public key authentication. A non-usable policy is the worst security hole because people (like me) will try to get away with it. Sorry, administrators.


Leave a Reply

Your email address will not be published. Required fields are marked *

Set your Twitter account name in your settings to use the TwitterBar Section.