multiple commands in spawn script to copy keys - expect

I'm trying to create a script to copy ssh keys to multiple servers for passwordless login. I have a list of servers entered one per line in serverlist.txt. Below is the script I created.
#!/usr/bin/expect -f
set f [open "serverlist.txt"]
set hosts [split [read $f] "\n"]
close $f
foreach host $hosts {
spawn -noecho sh -c "cat ~/.ssh/id_rsa.pub | ssh -t -o StrictHostKeyChecking=no $host 'mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys'"
expect "assword:";
send "abc123\r"; # sending the password
expect "$"; #expecting the $prompt
send "exit\r";
interact
}
Im getting below error while running this script
send: spawn id exp4 not open
while executing
"send "exit\r""
("foreach" body line 6)
invoked from within
"foreach host $hosts {
spawn -noecho sh -c "cat ~/.ssh/id_rsa.pub | ssh -t -o StrictHostKeyChecking=no $host 'mkdir -p ~/.ssh && cat >> ~/.ssh/authori..."
(file "sshkeys" line 6)
If i commented below lines I'm getting diff error
#expect "assword:";
#send "abc123\r";
#expect "$";
#send "exit\r";
Pseudo-terminal will not be allocated because stdin is not a terminal.
user#1.1.1.1's password:
Pseudo-terminal will not be allocated because stdin is not a terminal.
ssh: mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys: Name or service not known
Note:
ssh-copy-id is not available.
None of the target servers have the .ssh directory created.
Can somebody help me to identify the issue.

Related

Run bash script on remote server

I'm trying to run a bash script on the remote server that is already on the remote server. I'm using ssh pass to do it but I'm seeing errors
test.sh (resides on the remote server)
#!/usr/bin/env bash
echo "This is test"
adb start-server
sshpass command (I'm running this sshpass command from docker ubuntu image
sshpass -p password ssh -oStrictHostKeyChecking=no -oCheckHostIP=no user#host "bash -s" < /Users/user/Documents/workspace/test.sh
I also tried
sshpass -p password ssh -oStrictHostKeyChecking=no -oCheckHostIP=no user#host 'cd /Users/user/Documents/workspace/; sh test.sh'
I get this error message
bash: /Users/user/Documents/workspace/test.sh: No such file or directory
The examples you're showing are for a local script, and you said it's a remote script.
sshpass -p password ssh -oStrictHostKeyChecking=no -oCheckHostIP=no user#host "bash /path/to/test.sh"
that ought to do it.
you can try to find your test.sh on the remote computer:
sshpass -p password ssh -oStrictHostKeyChecking=no -oCheckHostIP=no user#host "find ~/ -name \"test.sh\""
Try with here-document:
sshpass -p password ssh -oStrictHostKeyChecking=no -oCheckHostIP=no -T user#host <<EOF
bash /Users/user/Documents/workspace/test.sh
EOF
Include -T option for ssh command, as mentioned above, to disable pseudo-tty.
[AT REMOTE MATCHINE] Ensure that path of adb executable is included in PATH environment variable. Else, specify it with absolute path in the Shell script.

Creating an SSH Key Pair for User Authentication with Expect in Bash

I have tried the following steps to set ssh passwordless (SSH Key Pair Authentication)login.
Set ip and port in bash.
ip="xxxx"
port="xxxx"
Set ssh config file on client side
cat > $HOME/.ssh/config <<EOF
Host $ip
IdentityFile $HOME/.ssh/id_rsa
User root
EOF
Create a ssh key pair on client side
ssh-keygen -t rsa -f $HOME/.ssh/id_rsa -q -b 2048 -N ""
Push id_rsa into ssh server from client side.
Prepare for ssh server
ssh -p $port root#$ip "mkdir -p /root/.ssh"
Push authorized file into ssh server
scp -P $port id_rsa.pub root#$ip:/root/.ssh/authorized_keys
Set permission for authorized file
ssh -p $port root#$ip "chmod 700 .ssh; chmod 640 .ssh/authorized_keys"
Succeeded!
Now i want to write all steps into a one-click bash script for the job.
Here is my try.
#! /bin/bash
ip="xxxx"
port="xxxx"
pass="yyyy"
cat > $HOME/.ssh/config <<EOF
Host $ip
IdentityFile $HOME/.ssh/id_rsa.bwg_root
User root
EOF
ssh-keygen -t rsa -f $HOME/.ssh/id_rsa.bwg_root -q -b 2048 -N ""
cd $HOME/.ssh
/usr/bin/expect <<EOF
spawn ssh -p $port root#$ip "mkdir -p /root/.ssh"
expect "password:"
send "$pass\r"
spawn scp -P $port id_rsa.pub root#$ip:/root/.ssh/authorized_keys
expect "password:"
send "$pass\r"
spawn ssh -p $port root#$ip "chmod 700 .ssh; chmod 640 .ssh/authorized_keys"
expect "password:"
send "$pass\r"
EOF
It got the following output info:
spawn ssh -p xxxx root#yyyy mkdir -p /root/.ssh
root#yyyy's password: spawn scp -P xxxx id_rsa.bwg.pub root#yyyy:/root/.ssh/authorized_keys
root#yyyy's password: spawn ssh -p xxxx root#yyyy chmod 700 .ssh; chmod 640 .ssh/authorized_keys
Why and how to fix it?
I'd simplify it with sshpass.
#!/bin/bash
ip="x.x.x.x"
port="xx"
export SSHPASS="yyy"
cat >$HOME/.ssh/config <<EOF
Host $ip
IdentityFile $HOME/.ssh/id_rsa.bwg_root
User root
EOF
ssh-keygen -t rsa -f "$HOME/.ssh/id_rsa.bwg_root" -q -b 2048 -N ""
cd "$HOME/.ssh" || exit 1
sshpass -e ssh -oStrictHostKeyChecking=no -p "$port" "root#$ip" "mkdir -p -m 700 /root/.ssh"
sshpass -e scp -oStrictHostKeyChecking=no -P "$port" id_rsa.bwg_root.pub "root#$ip:/root/.ssh/authorized_keys"
sshpass -e ssh -oStrictHostKeyChecking=no -p "$port" "root#$ip" "chmod 640 .ssh/authorized_keys"
Btw: I replaced last id_rsa.pub with id_rsa.bwg_root.pub and added -m 700 to mkdir and removed chmod 700 .ssh.
Use ssh-copy-id to push the new key to the remote host. You'll need to enter the password for that login, of course, but it's the last time you'll have to use it.
#!/bin/bash
ip="x.x.x.x"
port="xx"
id_file=$HOME/.ssh/id_rsa_$ip
cat > $HOME/.ssh/config <<EOF
HOST $ip
IdentityFile $id_file
User root
EOF
ssh-keygen -t rsa -f "$HOME/.ssh/id_rsa_$ip" -q -b 2048 -N ""
ssh-copy-id -i "$id_file" -p "$port" root#"$ip"
As a general rule, always look for a non- (or less) interactive solution using existing tools before trying except.

Establishing password less connection SunOS using expect

The host system from where I am trying to establish remote connection is running on SunOS. There isn't ssh-copy-id available on the system.
After searching, I found that the following command, when executed will mimic the ssh-copy-id function.
cat ~/.ssh/id_rsa.pub | ssh remotehost 'cat >>~/.ssh/authorized_keys && echo "Host Key Copied"'
I am trying to write a script using expect for doing this operation but it is failing with the following error.
Code:
#!/usr/bin/expect -f
#!/bin/bash
set username [lindex $argv 0]
set password [lindex $argv 1]
set host [lindex $argv 2]
cat ~/.ssh/id_rsa.pub | ssh remotehost 'cat >>~/.ssh/authorized_keys && echo \"Host Key Copied\"'
expect "Password:"
send "$password\n"
expect eof
Error:
invalid command name "cat"
while executing
"cat ~/.ssh/id_rsa.pub | ssh remotehost 'cat >>~/.ssh/authorized_keys && echo \"Host Key Copied\"'"
(file "./remote.sh" line 8)
From search, I understood that expect won't entertain shell commands by default. Could someone help in resolving my issue. Thanks in advance.
You're missing the spawn command: spawn launches the process that you're interacting with. You're also missing the ssh-copy-id command:
spawn ssh-copy-id $username#$host
expect ...
However, what you're doing is greatly reducing security. Passing the password in clear text on the command line, where it will likely be stored in your shell's history file.

Shell script to grep logs on different host and write the grepped output to a file on Host 1

Shell script needs to
ssh to Host2 from Host1
cd /test/test1/log
grep logs.txt for string error
write the grepped output to a file
and move that file to Host1
This can be accomplished by specifying the -f option to ssh:
ssh user#host -f 'echo "this is a logfile">logfile.txt'
ssh user#host -f 'grep logfile logfile.txt' > locallogfile.txt
cat locallogfile.txt
An example using a different directory and cd changing directories to it:
ssh user#host -f 'mkdir -p foo/bar'
ssh user#host -f 'cd foo/bar ; echo "this is a logfile">logfile.txt'
ssh user#host -f 'cd foo/bar ; echo "this is a logfile">logfile.txt'
ssh user#host -f 'cd foo/bar ; grep logfile logfile.txt' > locallogfile.txt
cat locallogfile.txt

Issuing commands on remote linux

I'm looking for any way to do this task with expect:
Mac-mini:~ root# scp file peter#Mac-mini:file2
The authenticity of host 'mac-mini (192.168.1.105)' can't be established.
RSA key fingerprint is b6:12:3e:48:10:e6:d2:1f:8f:57:f4:01:2d:f3:23:89.
Are you sure you want to continue connecting (yes/no)? yes
Password: ********
and issue
crontab -l > crontab.src
#!/usr/bin/expect
set machine0 "Mac-minimini"
set machine1 "Mac-mini"
set machine2 "Mac-pro"
...
set machine19 "Mac-air"
for {set i 1} {$i < 20} {incr i 1} {
eval spawn scp file peter#${machine${i}}:file2
expect "connecting (yes/no)?"
send "yes\r"
#use correct prompt
set prompt ":|#|\\\$"
interact -o -nobuffer -re $prompt return
send "password\r"
interact -o -nobuffer -re $prompt return
send "crontab -l > crontab.src\r"
interact
}
Edit: You can use for loop and concatenate names for each machine using the variable of the loop.(e.g. Mac-mini0, Mac-mini1, ... Mac-mini19)
Edit2: I am not sure if ${machine${i}} works but worth to try..
Set up an ssh key like so:
ssh-keygen -t rsa
Place your public key on the remote machine (assuming you create a key in your home directory called id_rsa)
ssh-copy-id peter#Mac-mini
Then you will be able to scp without entering a password.
autoexpect -f scp file peter#Mac-mini:file2
For the crontab part, am assuming you mean on the remote machine.
autoexpect -f crontab ssh peter#Mac-mini "crontab -l > crontab.src"

Resources