I'm trying to write a set of scripts, a main payload script that runs some commands over ssh and a small expect wrapper that runs it. (For sake of argument, please accept that I can't put my ssh keys on my target machines.)
The expect script runs fine, filling in the password when required. However, it also passes the prompt (user#machine's password:) through to stdout. I want to remove the matched prompts and only the matched prompts from the output. I still want the results of the remote scripts running, so log_user 0 is too broad.
Is there a way to do this?
Related
I'd like to automate getting diagnostic files from a controller that responds to ssh commands, like e.g.
ssh diag#controller tarred > diags.tgz
Unfortunately, I have to type a password to make the above command go through.
What have I considered to get around that:
using ssh keys: not possible, since I can't login to the controller, it just expects commands and doesn't offer a shell
using ssh-pass package: I don't have admin rights on the machine and can't install packages
using "expect": works to some extent, but the resulting file is corrupted.
Here's the "expect" script I've used:
#!/usr/bin/expect -f
log_user 0
set timeout 300
spawn ssh diag#controller tarred
expect "?assword:"
send "unrealpassword\r"
expect \r\n
log_user 1
expect eof
The script makes sure that only the required output gets stored with the "log_user" commands until eof is encountered.
I've piped this script to a file and that file is corrupted, i.e. it's either too short (because of a timeout?) or too long (?).
Any idea about what goes wrong here.?
I'm writing a script that will eventually execute a list of commands on a switch (via SSH). These commands are stored in a file and the number of commands will vary
However, I'm not sure how this can be done using Expect. I know Expect can use a while loop, but I can't find a clear example. can someone here help?
/usr/bin/expect <<EOD
spawn ssh -o StrictHostKeyChecking=no admin#$switch
expect "*Enter password for admin\:"
send "password\r"
expect "*#"
send "????"
there should be a while loop that reads line by line from a file called "commands" that looks like this
command 1
command 2
command 3
...
Extreme Networks XOS has an XML API. You can use this for executing arbitrary commands. See the ExtremeXOS XML API Developer Guide which is listed on the support documentation page.
Managing switches by expect-scripting their CLIs is often erratic and error prone, I'd recommend that you avoid doing so if possible.
I want to write a simple bash script using ncat to open a connection to a ISP and its port.
The first command would be:
nc address port
Upon doing this, I am prompted first to provide a username. I must hit ENTER, and then I will be prompted to provide a password and then I must hit ENTER again.
After this, I want to open a Terminal process window. Can anyone point me to sufficient resources for this type of scripting?
I know the username and password already, but I'm not too sure how to work around the fact that I must provide it and then hit enter. I'm also unsure how to open a new Terminal proceses.
Thanks in advance!
Check out expect script
Expect
Example:
# Assume $remote_server, $my_user_id, $my_password, and $my_command were read in earlier
# in the script.
# Open a telnet session to a remote server, and wait for a username prompt.
spawn telnet $remote_server
expect "username:"
# Send the username, and then wait for a password prompt.
send "$my_user_id\r"
expect "password:"
# Send the password, and then wait for a shell prompt.
send "$my_password\r"
expect "%"
# Send the prebuilt command, and then wait for another shell prompt.
send "$my_command\r"
expect "%"
# Capture the results of the command into a variable. This can be displayed, or written to disk.
set results $expect_out(buffer)
# Exit the telnet session, and wait for a special end-of-file character.
send "exit\r"
expect eof
The secret lies in the HEREDOC
You can solve this problem with something akin to:
$ command-that-needs-input <<EOF
authenticate here
issue a command
issue another command
EOF
Look at the link I provided for here documents - it includes support for variable substitution and lots of other useful things. Enjoy!
I'm trying to automate a startup of a specific service with bash
When the service is started with init.d (/etc/init.d/openvpn.custom) it is promting for username and then password - and then it connects
The auth-user-pass from-file is not possible with the installed version, and it cannot be upgraded because of dependencies
So i'm trying to write a simple bash scripts that executes the init.d script, sleeps for a bit, inputs the username, returns, sleeping a bit, inputting the password - you'll get the flow.
like http://pastebin.com/qWHX7Di5
I've experimented with echo, but it doesent seem to work
This is for a rather legacy firewall i'm asked to keep connected.
Is this even possible?
I would use expect instead of bash. You can still call it from within bash if you need to do other tasks as well.
In expect, the script would be something like the following (untested):
#!/usr/bin/expect -f
set username "username"
set password "password"
spawn /etc/init.d/openvpn.custom start
expect "Username:"
send "$username\r"
expect "Password:"
send "$password\r"
expect eof
You'd want to change the expect "Username:" & expect "Password:" lines to match the actual login prompts that are output by your init.d script.
See the expect man page for further details.
You can try using a here-doc:
/path/to/init.d << END
$username
$password
END
Problem statement
I want to access a server without asking me the password (will be mentioned in the script) and run a command on that server.
My Code
#!/usr/bin/expect
spawn sudo su - <server_name>
expect "[sudo] password for chronicles:"
set Password "xxxxxxx"
send "$Password\r"
#set timeout 300
send "whoami\r"
send "ls -ltr\r"
expect eof
Output
invalid command name "sudo"
while executing
Restrictions
I dont have access rights to change env variables or modify
.bash_profile / .bashrc.
su server_name command not allowed
David is right that generally this is a bad idea. There are occasionally good reasons for doing it, or doing something similar (e.g. automatically logging into serial consoles for lights-out management), but you haven't provided any indication as to why it makes sense for you to do it this way.
Caveats aside, the invalid command name is not coming from the spawn line but from the [sudo] in the expect line. Expect is based on tcl, which treats [] square parentheses as special characters indicating command substitution. Additionally, the value passed to expect is a glob pattern not a fixed string, and [] square parentheses are also special characters in globs. So the answer you are looking for is to quote those characters twice:
expect "\\\[sudo\\\] password for chronicles:"
Also note that after sending the password you should probably include another expect line to wait for the root shell prompt.
The secure way to access a server without prompting for a password is through keyed logins over SSH. Don't ever give your password in plain text.
If you simply Google, you will find many articles explaining how to do this. SSH login without password is a perfectly fine explanation.
[] is interpreted as "command quotes" ("command" as in "Tool Command Language", which is what Tcl is short for) in Tcl.
{} is the strongest quote in Tcl, you can use it to prevent any interpretation:
expect {[sudo] password for chronicles:}
of course you could also just omit [sudo]:
expect "password for chronicles:"