I have the following script:
#!/bin/bash
if [ `hostname` = 'EXAMPLE' ]
then
/usr/bin/expect << EOD
spawn scp -rp host:~/outfiles/ /home/USERNAME/outfiles/
expect "id_rsa':"
send "PASSWORD\r"
interact
spawn scp -rp host:~/errfiles/ /home/USERNAME/errfiles/
expect "id_rsa':"
send "PASSWORD\r"
interact
expect eof
EOD
echo 'Successful download'
fi
Unfortunately it doesn't seem to work and I get an error message:
spawn scp -rp host:~/outfiles/ /home/USERNAME/outfiles/
Enter passphrase for key '/home/USERNAME/.ssh/id_rsa': interact: spawn id exp0 not open
while executing
"interact"
I don't know what it means and why it doesn't work. However, when I wrote the above code using a not-embedded Expect script:
#!/usr/bin/expect
spawn scp -rp host:~/outfiles/ /home/USERNAME/outfiles/
expect "id_rsa':"
send "PASSWORD\r"
interact
spawn scp -rp host:~/errfiles/ /home/USERNAME/errfiles/
expect "id_rsa':"
send "PASSWORD\r"
interact
It worked without any problems. So what am I doing wrong?
NOTE: Often when someone posts a question about using Expect to use scp or ssh the answer given is to use RSA keys. I tried, unfortunately on one of my computers there is some crappy bug with the GNOME keyring that means that I can't remove my password from the RSA key, which is exactly why I'm trying to write the above script with an if statement. So please don't tell me to use RSA keys.
Your Bash script is passing the Expect commands on the standard input of expect. That is what the here-document <<EOD does. However, expect... expects its commands to be provided in a file, or as the argument of a -c, per the man page. Three options are below. Caveat emptor; none have been tested.
Process substitution with here-document:
expect <(cat <<'EOD'
spawn ... (your script here)
EOD
)
The EOD ends the here-document, and then the whole thing is wrapped in a <( ) process substitution block. The result is that expect will see a temporary filename including the contents of your here-document.
As #Aserre noted, the quotes in <<'EOD' mean that everything in your here-document will be treated literally. Leave them off to expand Bash variables and the like inside the script, if that's what you want.
Edit Variable+here-document:
IFS= read -r -d '' expect_commands <<'EOD'
spawn ... (your script here)
interact
EOD
expect -c "${expect_commands//
/;}"
Yes, that is a real newline after // - it's not obvious to me how to escape it. That turns newlines into semicolons, which the man page says is required.
Thanks to this answer for the read+heredoc combo.
Shell variable
expect_commands='
spawn ... (your script here)
interact'
expect -c "${expect_commands//
/;}"
Note that any ' in the expect commands (e.g., after id_rsa) will need to be replaced with '\'' to leave the single-quote block, add a literal apostrophe, and then re-enter the single-quote block. The newline after // is the same as in the previous option.
Related
I have been trying to pass a variable to expect script, this variable contains the password for an ssh command, however when I try to execute the script, I receive a message stating that the variable couldn't be read - no such variable.
The variable is declared in the shell script, however expect just can't read it.
Here is how the variable is declared:
D=`s="$LIST1" printenv s |grep $ip | awk '{print $3}'`
If I export variable D, then it works, but I can't have this variable exported to all child process, does anyone know how can I add this variable to expect without having to export it?
/usr/bin/expect <<'END_EXPECT'
set timeout -1
log_file expect-log.txt
spawn -noecho sh ./script.sh
expect "yes" { send "yes\r"}
expect {
-nocase "*assword*" {
send "$D\r"
exp_continue
}
send \r
eof
admin#server1's password: can't read "D": no such variable
while executing
"send "$D\r""
invoked from within
"expect {
-nocase "*assword*" {
send "$D\r"
exp_continue
}
send \r
eof
}"
By far the easiest method of getting the variable into expect is by exporting it. You can unexport it after launching expect, and expect can remove the variable from the environment before launching any subprocesses.
You are strongly advised to not embed the expect script within a shell script, but rather to make it a separate file (that uses Tcl highlighting rules, if you're using an editor that supports it). It's just so much easier that way.
# This is bash; other shells have their own quirks
export D=`s="$LIST1" printenv s |grep $ip | awk '{print $3}'`
expect script.expect
unexport D
# Move the variable from the environment to a script variable; DO THIS BEFORE exec OR spawn
set D $env(D)
unset env(D)
set timeout -1
log_file expect-log.txt
spawn -noecho sh ./script.sh
expect "yes" { send "yes\r"}
expect {
-nocase "*assword*" {
send "$D\r"
exp_continue
}
send \r
eof
That code looks incomplete BTW. The braces aren't balanced, the indentation looks strange, and it generally looks like something is missing. You'll have to fix that before everything works.
I have this bash scipt
#!/bin/bash
Login="bla 0, xy;Z" ##the spaces and the ',' and ';' are important!
expect -c "
spawn telnet *HOST*
expect "Done."
send '$Login'
expect "Done."
send "command 0". ## the ' 0' is important! Same prob as with the password
??? ## what do I have to do to get the output in a VAR?
expect "Done."
"
The two questions are:
the $Login is not interpreted as text from bash, so it thinks with 0 a new command starts... and ',' as well as ';' seems to be a problem too. escaping with '' did not work!?
How do I get the output as a $VAR to use it later?
Is this possible at all in bash? or do I have to use tcl (which I have never ever used or read anything about before)?
Thanks for advices!
andy
In addition to the useful comments above, single quotes have no special meaning in Tcl/expect, they are just ordinary characters that are being sent with the password.
As Charles writes, passing data via the environment is helpful.
Also, Tcl comments are a bit annoying: the # is only recognized as a comment if it occurs where a command starts, so you'll see me use ;# below.
I find using a quoted heredoc removes quoting difficulties.
When you say "result in a VAR", I assume you want a shell variable?
untested
export Login="bla 0, xy;Z"
export HOST=something
VAR=$(expect << 'END_EXPECT'
log_user 0 ;# turn off normal stdout of the interaction
# so we can capture only the output you want
spawn telnet $env(HOST)
expect "Done."
send "$env(Login)\r" ;# don't forget to "hit enter"
expect "Done."
send "command 0\r"
# what do I have to do to get the output in a VAR?
# use a regex capturing the command's output. Note that the command
# itself appears in the output
expect -re "command 0\r\n(.+)Done."
# the shell will capture this output
puts $expect_out(1,string)
send "exit\r" ;# or whatever you need to do to quit
expect eof
END_EXPECT
)
I am trying to get the information from a keepass database and I can't get past this last step!
#!/usr/bin/env bash
#!/usr/bin/expect
firewall=$1
password="PASSWORD"
echo "connecting to KeepassDB..."
function get_creds {
expect <<- DONE
set timeout 10
spawn kpcli
match_max 100000000
expect "kpcli:/>"
send "open /media/sf_VM_shared/keepass.kdb\n"
expect "password:"
send "$password\n"
expect ">"
send "cd General/Network/Firewalls/SSH\n"
expect "SSH>"
send "ls\n"
expect ">"
DONE
}
credentials=$(get_creds)
echo $credentials
When I do a bash -x I can see what I want, it's a long list of information, but without the -x the script is not returning the list to the terminal.
You are getting the output when using bash -x because then every command output is printed after they are run (debug mode)
The script does not print because your last line of output from get_creds is empty. It should print the last line of output from the method.
When using echo to output your credentials you should use quoutes (") in order to preserve newlines.
Try replacing the last line in your script with this:
echo "$credentials"
I want to run openssl and have it begin with the following commands sent to the server:
t authenticate <dynamically generated base64 string from calling script>
t select Inbox
Then from there take input from stdin. I'm very ignorant in shell scripting and the openssl toolkit, and I certainly don't see how to do this simply with piping / redirecting stdin unless perhaps I tried setting up a file that was simultaneously drawing from stdin itself, or such.
I'm not exactly sure the technologies openssl uses to read its input. For example the following:
$ echo "t login testacct#yahoo.com password" | openssl s_client -connect imap.mail.yahoo.com:993
Does not do the same thing as
openssl s_client -connect imap.mail.yahoo.com:993
# openssl dialogue opens...
C: t login testacct#yahoo.com password
S: t NO [AUTHENTICATIONFAILED] Incorrect username or password. (#YSH002)
I imagine openssl is opening a new shell session (I'm weak in my understanding here) and it does not pass its arguments from stdin to the inner shell it creates.
I'd recommend splitting the problem into two scripts:
Firstly you have one script that echoes the initial commands that you want to send and then reads from stdin and writes to stdout. Like this (call it script1.sh for instance):
#!/bin/bash
echo "first command"
echo "second command"
while read x
do
echo "$x"
done
The second script then just bundles the arguments to openssl so you don't have to keep typing them (call this script2.sh for instance. Note that as with script1.sh above, you should have the #!/bin/bash on the first line to tell the OS that it's a bash script.
then you can just type:
script1.sh | script2.sh
and you'll get the first two lines passed to openssl and then everything you type will get passed after that. If you want to always finish with a few commands you can add them after the while loop in script1.sh.
You terminate the whole thing with Ctrl-D
If openssl echoes the input you type then you will get the lines you type in shown twice (which is a bit irritating). In that case the "-s" argument to "read" will suppress the first line (useful for typing passwords for instance)
Note that this solution is similar to the solution suggested earlier with the temporary file and the tail -f but it avoids the need for a temporary file and everything is done in a single line.
The problem with the solution given in the question is that stdin to the openssl command is closed when the 'echo "t login ..."' command finishes and this will generally cause programs to exit. With the solution given here the pipe connects the stdout of the first script to the stdin of the second and everything typed into read will get passed on to openssl
None of these solutions return control of stdin to the user. This should pass first command and second command to openssl and then read stdin:
cat <<EOF - | openssl ....
first command
second command
EOF
The basic SSL/TLS connection to an SSL-enabled IMAP server can be established through s_client:
openssl s_client -connect imapserver.example.com:143 -starttls imap
Note the trailing -starttls imap: openssl "knows" how to tell the IMAP server that it would like to move from the plain-text connection (as you would get with telnet) to the SSL-secured.
After this, openssl's job is done, and you need to speak proper IMAP to the server, including authentification!
You can change your script to write the commands to a file, and then use tee -a to redirect stdin to that same file. Let me show you an example:
jweyrich#pharao:~$ echo "command1" > cmds
jweyrich#pharao:~$ tee -a cmds > /dev/null
command2
command3
^C
In the mean time, I was running tail -f cmds in another tty:
jweyrich#pharao:~$ tail -f cmds
command1
command2
command3
This will turn that file into the single source you have to read and process.
I'd like to add that you can use Nick's solution as one-line script:
$ sh -c 'echo "first command"; echo "second command"; while read x; do echo "$x"; done' | whatever
I am trying to capture the output of the "dir" command by logging into a switch, but I am unable to do so. I am using Expect within Bash. I am making use of expect_out to capture output of that command in a buffer and print it out. Actually I want to capture the output and perform some operations on it.
Script:
#!/bin/bash
expect -c "
spawn telnet 1.1.1.1 2000
sleep 1
send \"\r\"
send \"\r\"
expect {
Prompt> { send \"dir\r\" }
}
set output $expect_out(buffer)
"
echo "$output"
Output:
spawn telnet 1.1.1.1 2000
Trying 1.1.1.1...
Connected to 1.1.1.1 (1.1.1.1).
Escape character is '^]'.
Prompt>
Prompt>
After these prompts are displayed, the scripts just exits. How can I fix this problem?
After I split it, I can use parameter substitution as well as single quotes. Now I am facing different error.
Script:
expect -c "
spawn telnet $IP $PORT1
sleep 1
send \"\r\"
send \"\r\"
"
expect -c '
expect {
Prompt> { send \"dir\r\" }
set output $expect_out(buffer)
puts "$output"
}
'
Output:
spawn telnet 172.23.149.139 2033
can't read "expect_out(buffer)": no such variable
while executing
"expect {
Prompt> { send \"dir\r\" }
set output $expect_out(buffer)
puts "$output"
}
"
I changed it to according to the suggestions. But I am still facing errors.
Script:
output=$(expect -c '
spawn telnet '"$IP $PORT1"'
sleep 1
send '"\r"'
send '"\r"'
expect Prompt> { send '"dir\r"' }
expect '"\n"'
expect -indices Prompt>
puts '"[string range $expect_out(buffer) 0 [expr $expect_out(0,end) - 1]]"'
')
echo "======="
echo "$output"
echo "======="
Output:
syntax error in expression "(0,end) - 1"
while executing
"expr (0,end) - 1"
invoked from within
"string range (buffer) 0 [expr (0,end) - 1]"
invoked from within
"puts [string range (buffer) 0 [expr (0,end) - 1]]"
=======
spawn telnet 1.1.1.1 2000
Trying 1.1.1.1...
Connected to 1.1.1.1 (1.1.1.1).
Escape character is '^]'.
Prompt>
Prompt>
=======
Hence to circumvent the error, I changed, the line
puts '"[string range $expect_out(buffer) 0 [expr $expect_out(0,end) - 1]]"'
to
puts '"$expect_out(buffer)"'
But then I am getting no error, but the output of dir is also not getting printed. Something like:
Prompt>
Prompt> (buffer)
The second of your “split” Expect programs does not have access to the spawned telnet process. When you split them like that, you made them independent (one can not access the variables or state of the other; actually by the time the second one has started the first one, and its telnet process, no longer exist).
The shell will automatically concatenate any strings (that are not separated by unquoted/unescaped whitespace) without regard to the kind of quotes (if any) they use. This means you can start put the first part of your Expect program in single quotes, switch to double quotes for the parameter substitution, and then go back to single quotes for the rest of the program (to avoid having to escape any of "$\` that occur in your Expect code).
expect -c '
spawn telnet '"$HOST $PORT"'
sleep 1
⋮ (rest of Expect program)
'
It uses single quotes to protect most of the program, but switches back to double quotes to let the shell substitute the its HOST and IP parameters into the text of the Expect program.
Next, the shell that started expect can not access variable set inside the Expect program. The normal way to collect output from a child process is to have it write to stdout or stderr and have the shell collect the output via a command substitution ($()).
In Tcl (and Expect), you can use puts to send a string to stdout. But, by default, Expect will also send to stdout the normal “interaction” output (what it receives from any spawned commands and what it sent to them; i.e. what you would see if you were running the spawned command manually). You can disable this default logging with log_user 0.
You might write your program like this:
#!/bin/sh
output=$(expect -c '
# suppress the display of the process interaction
log_user 0
spawn telnet '"$HOST $PORT"'
sleep 1
send "\r"
send "\r"
# after a prompt, send the interesting command
expect Prompt> { send "dir\r" }
# eat the \n the remote end sent after we sent our \r
expect "\n"
# wait for the next prompt, saving its position in expect_out(buffer)
expect -indices Prompt>
# output what came after the command and before the next prompt
# (i.e. the output of the "dir" command)
puts [string range $expect_out(buffer) \
0 [expr $expect_out(0,start) - 1]]
')
echo "======="
echo "$output"
echo "======="
Because your Expect script is enclosed in double quotes, the shell is expanding $expect_out to an empty string. Put the body of the expect script in single quotes.
When you set a variable in Expect, the shell will have no idea. When the Expect script completes, its variables vanish too. You have to puts the expect_out buffer.