I have a simple expect script name "vpnloginpractice.sh" that starts my VPN. The script located in "/etc/openvpn/" and works fine if I run it manually. I try using systemd to execute the script at startup, but it won't start the VPN. Below is the code of my VPN script and the service I created in directory /etc/systemd/system. What I'm doing wrong guys?
#------/etc/systemd/system/personal.service permissions "-rwxrwxrwx" ---
[Unit]
Description=startVpnService
[Service]
ExecStart=/etc/openvpn/vpnloginpractice.sh
[Install]
WantedBy=multi-user.target
#------Code of my VPN script with permissions "-rwxrwxrwx"----
#!/usr/bin/expect
set timeout -1
set vpnuser "111111"
set vpnpassword "1234"
set rootpassword "12345"
spawn sudo openvpn {US California.ovpn}
expect "*password*:"
send "$rootpassword\r"
expect "Enter Auth Username: "
send "$vpnuser\r"
expect "Enter Auth Password:"
sleep 5
send "$vpnpassword\r"
send -- "\r"
expect eof
Related
I'm actually working on vi and I want to make a script which connects me to a vpnc (and automatically enters the password), and then, connects me to a ssh distant server.
I made this, but it's not working:
#! /usr/bin/
set force_conservative 1;
set timeout 2
spawn sudo vpnc
expect "password: $"
send "xxx"
spawn ssh marpic#192.xxx.xxx.xxx
expect "password: $"
send "xxx"
interact
I want to implement this so I can later add my copyfiles.sh script which copies the files on the ssh server to my PC.
check your first line.
make sure you invoke the shell correctly.
#!/usr/bin/bash is the path correct?
I'm new to bash and was tasked with scripting a check for a compliance process.
From bash (or if python is better), I need to script an ssh connection from within the host running the script.
For example:
ssh -l testaccount localhost
But I need to run this 52 times so that it is trapped by an IPS.
When running this string I am prompted for a password and I have to hit enter in order to make the script complete.
Is there a way to include a password or carriage return to act as manual intervention so that I do not have to hit enter each time?
Here's a sample of what I was able to get working, but it only sequenced 30 attempts:
#!/bin/bash
i=0
while [$i -lt 52]
do
echo | ssh -l testaccount localhost&
i=$[$i+1]
done
Fail2ban configuration and good practice :
//count how password as root failed
cat /var/log/secure.1 | grep "Failed password for root" --count
//check the list for analyst
cat /var/log/secure.1 | grep "Failed password for root"
//setting fail2ban copy for local configuration
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
//open the configuration file and edit some secu
sudo nano /etc/fail2ban/jail.local
maxfailures = 5 //here you have to set to 56 as you said
bantime = 600 //here time during second try login
ignoreip = 192.168.0.0/16 //add the lan and ip online static
[mail]
enabled = false //true if you want to alert you IP blacklisted banned ...
//log traffic
cat /var/log/fail2ban.log
[ssh]
//network protocole protection & supervision
enabled = true
port = ssh,sftp
filter = sshd
logpath = /var/log/auth.log
maxretry = 6
//enable fail2ban
systemctl enable fail2ban
//start fail2ban
systemctl start fail2ban
NOTE: While expect comes in its own package, expect was already in my SLES base installs ... don't know if this would be true for RHEL, too ... ?
Take a look at this answer on how to automate SSH with a password.
I'm thinking you could probably re-use the expect script from that post to simulate a single failed login, eg:
either set pass to a bogus value or don't set at all
if you don't set pass then remove the send -- "$pass\r" clause
if the remote system re-prompts X times for a password then provide multiple copies of the expect/send commands (a few extras will generate some expect related errors but still cause a failed ssh login)
For one of my remote hosts I'm prompted 3 times to enter a password before I'm returned to the command prompt.
I whipped up the following test:
$ cat sshtest
#!/usr/bin/expect -f
set pass xyz
set server myremotehost
set name bob
spawn ssh $name#$server
match_max 100000
expect "*?assword:*"
send -- "\r"
expect "*?assword:*"
send -- "\r"
expect "*?assword:*"
send -- "\r"
expect "*?assword:*"
send -- "\r"
expect "*?assword:*"
send -- "\r"
interact
And the results of running the script:
$ sshtest
spawn ssh bob#myremotehost
Password:
Password:
Password:
Permission denied (publickey,keyboard-interactive).
send: spawn id exp4 not open
while executing
"send -- "\r""
(file "sshtest" line 16)
If you don't have enough expect/send pairs then you'll be left stranded with a Password: prompt, so I added a few extra expect/send pairs, which in turn generated those last 4 lines of the output. [I don't use expect so there may be a more graceful way to do this ... ymmv.]
Obviously your main script could call this script and place said call in the background, and do whatever you want with the output (>/dev/null 2>&1 ??)
I also verified on the remote host that the failed logins were logged in /var/log/warn and /var/log/messages.
I'm trying to make a script connecting via an SSH connection to a server and executing some commands. The first part works:
#!/usr/bin/expect -f
spawn ssh address
expect "password:"
send "password\r"
interact
but after that I want to execute some more commands, e.g cd to directory, launch some more scripts etc. Is there any way to implement these things ?
try following:
#!/usr/bin/expect
set login "any_user"
set addr "some_address"
set pw "any_pwd"
spawn ssh -t $login#$addr
expect "$login#$addr\'s password:"
send "$pw\r"
expect "~" ; # put here string from your server prompt
send "mkdir some_dir\r"
interact
This is one of the command, you could try other commands like cd, any other scripts too in it and let us know if any queries.
I found the following script which gives me the possibility to go to a server without manually type in a required password.
Sadly I don't know how to execute commands after the connection is made :(
#!/usr/bin/expect -f
spawn ssh user#server
expect "assword:"
send "pw123\r"
interact
#the following is not executed anymore
cd /tmp/
The cd /tmp/ command is not executed, does someone know how to do this ?
I don't care about security :)
Key-based authentication is not an option.
Edit:
Ok, I found a solution that fits my needs:
#!/usr/bin/expect -f
spawn user#server
expect "assword:"
send "pw123\r"
expect "> " { send "cd /tmp\r" }
interact
The expect "> " has to be like your prompt.
After the connection is made, you are in the shell of the remote host to which you connected through the script. So to execute any command you will have to execute command manually on the command prompt.
If you want only to execute the command on the remote server automatically without need for ssh then you can use the below command.
#!/usr/bin/expect -f
#Changed here
spawn ssh user#server "cd /tmp && ls"
expect "password:"
send "pw123\r"
interact
I realize this question has been asked a few times but I could not find a relevant answer anywhere in my searching.
I am working in a development environment where security is not an issue and anyone could just guess the password if the thought for a few seconds.
What I am trying to do is simple. I have created an alias function in my local .bashrc file and I would like this function to automatically log into a machine with a default password.
My current implementation looks something like this:
function s () {
ssh root#192.168.1.$1
}
When I run it I get something like this:
~]s 122
ssh root#192.168.1.122
root#192.168.1.122's password:
Using Bash, and not using RSA keys I would like to get this to use the default password 'password'.
I've tried the following where IP and User have already been set.
Do=$(expect -c "
spawn ssh $User#${IP[0]}.${IP[1]}.${IP[2]}.${IP[3]}
expect \"yes/no\"
send \"yes\r\"
expect \"assword\" send \"password\"")
echo $Do
$Do
It gives the follwing error:
Connecting and logging into server using expect
usage: send [args] string
while executing
"send"
invoked from within
"expect "assword" send "password""
Administrator#192.168.1.176's password:
bash: spawn: command not found...
Using the following command I am able to connect a machine. If I remove the interact it just runs the uptime command and closes the connection. With the interact command I am unable to see what I am typing or actually interact with the machine. Any ideas?
Do=$(expect -c "spawn ssh $User#${IP[0]}.${IP[1]}.${IP[2]}.${IP[3]}; set timeout 4; expect \"assword\"; send \"password\n\"; expect \"test\"; send \"uptime\n\"; interact;");echo $Do;
You can do this with the expect tool: http://expect.sourceforge.net/
It's widely available, so depending on your system, the equivalent of sudo apt-get install expect or yum install expect will install it.
Here's an example of an expect script with ssh. This logs you in and gives you control of the interactive prompt:
#!/usr/bin/expect
set login "root"
set addr "127.0.0.1"
set pw "password"
spawn ssh $login#$addr
expect "$login#$addr\'s password:"
send "$pw\r"
expect "#"
send "cd /developer\r"
interact
Here's an example of how to use expect as part of a bash script. This logs in with ssh, cd to /var, runs a script, then exits the ssh session.
#!/bin/bash
...
login_via_ssh_and_do_stuff() {
# build the expect script in bash
expect_sh=$(expect -c "
spawn ssh root#127.0.0.1
expect \"password:\"
send \"password\r\"
expect \"#\"
send \"cd /var\r\"
expect \"#\"
send \"chmod +x my_script.sh\r\"
expect \"#\"
send \"./my_script.sh\r\"
expect \"#\"
send \"exit\r\"
")
# run the expect script
echo "$expect_sh"
}
You can leave these snippets in a script on your local system, and then just alias to the scripts.
Also: I know you said security isn't an issue, but I'd like to just note, again, that the "proper" way to ssh without using a password is to use a ssh key-pair =)
Use sshpass which is available in package repositories on major Linux-es.
For example, when password is in password.txt file:
sshpass -fpassword.txt ssh username#hostname
sshpass runs ssh in a dedicated tty, fooling it into thinking it is
getting the password from an interactive user.