I am trying to access remote ssh server from a unix client machine. For this i have used expect script which is calling a bash script to fetch some lines from server log file.
Below is my code:
#!/usr/local/bin/expect -f
set pass "password"
set prompt "(%|$|#)"
spawn ssh deployed#172.16.166.111
expect "password:"
send "$pass\r"
expect -re $prompt
send -- "./access_srvr_log.sh\r"
send -- "exit\r"
code for access_srvr_log.sh file:
#!/usr/local/bin/expect
dir="/home/deployer/Desktop/McKinsey-McKinsey-AdminPanel/log"
tail -n 100 $dir/development.log
echo "hello"
echo >> log.txt
i get this error :
./access_srvr_log.sh
-bash: ./access_srvr_log.sh: No such file or directory
Please help. I have tried lot many changes on the above code and finally reached here.
Thanks.
Friends don't let friends use SSH passwords. It's much less secure.
Use ssh-copy-id to copy your public key to the remote server. (It puts the client ~/.ssh/id_rsa.pub into the server .ssh/authorized_keys) Now you can run "ssh deployer#172.16.144.111 ./access_srvr_log.sh", and it won't prompt for a password. That means you no longer need expect and all the odd problems that come with it.
In fact, it's highly recommended that you disable SSH passwords all together.
To make your script even simpler (maintenance-wise) do this:
1) run ssh-keygen -f ~/.ssh/scriptkey on your client (don't enter a password).
2) Put the public part of your key (~/.ssh/scriptkey.pub on the client) into .ssh/authorized_keys on the server. But this time, put command="/home/deployer/access_srvr_log.sh" just before your new key. This tells the server to run that command for that key.
3) Now your script doesn't even need to specify the command, just the private key. (i.e. scp -i ~/.ssh/scriptkey deployer#172.16.144.111 will run the script). This allows the server to change (i.e. move the script, change the script name) without changing the client. It also means someone stealing your (non-password-protected) key can't log in to the server, but only run your log script.
And there are no guessable passwords laying around in scripts. (You are checking your scripts into version control, right?)
You can simplify it down too
#!/bin/bash
{
/usr/bin/expect <<- EOF
spawn ssh deployer#172.16.144.111 "tail -n 100 /home/deployer/Desktop/McKinsey-McKinsey-AdminPanel/log/development.log"
expect "password:"
send "deployer\r"
expect eof
EOF
} |grep -v "deployer#172.16.144.111's password:">> log.txt
Related
I'm trying to write a shell script (Bash) to log into a SonicWall firewall device and issue a command to perform automated backups of the devices ruleset. I prefer to do this in Bash but I will accept a python, perl, except, or applescript solution. If it cannot be done in bash please mention that.
Problems:
1.) SSH server on firewall is custom, a user name and password has to be specified after issuing a
$ ssh server.com
so no matter what username you issue e.g.
$ ssh admin#server.com
the SSH server still presents a username and password box after
2.) The SSH server is minimal and I cannot use public-keys
I tried using a here-document but it isn't working and it results in an immediate "connection closed by remote host".
The command I need to execute takes the form of this:
export preferences ftp "ftp.server.com" "user1" "mypassword" "output.exp"
Connecting gives me this:
$ ssh admin#server.com
Copyright (c) 2010 SonicWALL, Inc.
User:
After a username is issued it brings up the password prompt:
User:user1
Password:
I tried a here-document to no avail.
$ ssh server <<+
user1
mypassword
export preferences ftp "ftp.server.com" "user1" "mypassword" "output.exp"
exit
+
Pseudo-terminal will not be allocated because stdin is not a terminal.
Connection to 10.1.1.1 closed by remote host.
I tried using echo to pipe in commands too but that doesn't work either.
Typing the commands in manually works just fine.
Any help on this would be greatly appreciated.
As others have suggested, expect is probably what you want to use here.
Here's a short example of how to work with it from bash to get you started:
login=root
IP=127.0.01
password=helloworld
# +whatever variables you need to use
# Run the expect script from bash
expect_sh=$(expect -c "
spawn ssh $login#$IP
expect \"password:\"
send \"$password\r\"
expect \"#\"
send \"cd $dest_dir\r\"
expect \"#\"
send \"chmod +x $server_side_script $other_script\r\"
expect \"#\"
send \"./$device_side_script\r\"
expect \"#\"
send \"cat results_file\r\"
expect \"#\"
send \"exit\r\"
")
# Output or do something with the results
echo "$expect_sh"
You can automate the ssh session using the original expect, here is a nice article discussing it in detail: http://solar1.net/drupal/automating%20SSH%20with%20expect or the Python module pexepect: http://linux.byexamples.com/archives/346/python-how-to-access-ssh-with-pexpect/
I'm not a BASH expert but i had to do something where interactive password prompts was causing me a problem.
Basically your script needs to wait to be asked to enter login credentials, and pass them when prompted in order to login, once logged in you can issue the command.
I recommend looking at spawning "expect" sessions. Basically in your script you use expect to basically say "i expect to see password: in the response, when i do, i need to pass in the following data".
Here's the wiki page which helps explain it http://en.wikipedia.org/wiki/Expect
and if you google around you will find lots of help.
that didn't work for me.
I had to pass the variables to the script at launch.
Example launch script login2.sh, with three arguments:
-bash-4.1$ ./login2.sh Jan2**** HIE_SUPER 10.244.112.182
I realize this question has been asked a few times but I could not find a relevant answer anywhere in my searching.
I am working in a development environment where security is not an issue and anyone could just guess the password if the thought for a few seconds.
What I am trying to do is simple. I have created an alias function in my local .bashrc file and I would like this function to automatically log into a machine with a default password.
My current implementation looks something like this:
function s () {
ssh root#192.168.1.$1
}
When I run it I get something like this:
~]s 122
ssh root#192.168.1.122
root#192.168.1.122's password:
Using Bash, and not using RSA keys I would like to get this to use the default password 'password'.
I've tried the following where IP and User have already been set.
Do=$(expect -c "
spawn ssh $User#${IP[0]}.${IP[1]}.${IP[2]}.${IP[3]}
expect \"yes/no\"
send \"yes\r\"
expect \"assword\" send \"password\"")
echo $Do
$Do
It gives the follwing error:
Connecting and logging into server using expect
usage: send [args] string
while executing
"send"
invoked from within
"expect "assword" send "password""
Administrator#192.168.1.176's password:
bash: spawn: command not found...
Using the following command I am able to connect a machine. If I remove the interact it just runs the uptime command and closes the connection. With the interact command I am unable to see what I am typing or actually interact with the machine. Any ideas?
Do=$(expect -c "spawn ssh $User#${IP[0]}.${IP[1]}.${IP[2]}.${IP[3]}; set timeout 4; expect \"assword\"; send \"password\n\"; expect \"test\"; send \"uptime\n\"; interact;");echo $Do;
You can do this with the expect tool: http://expect.sourceforge.net/
It's widely available, so depending on your system, the equivalent of sudo apt-get install expect or yum install expect will install it.
Here's an example of an expect script with ssh. This logs you in and gives you control of the interactive prompt:
#!/usr/bin/expect
set login "root"
set addr "127.0.0.1"
set pw "password"
spawn ssh $login#$addr
expect "$login#$addr\'s password:"
send "$pw\r"
expect "#"
send "cd /developer\r"
interact
Here's an example of how to use expect as part of a bash script. This logs in with ssh, cd to /var, runs a script, then exits the ssh session.
#!/bin/bash
...
login_via_ssh_and_do_stuff() {
# build the expect script in bash
expect_sh=$(expect -c "
spawn ssh root#127.0.0.1
expect \"password:\"
send \"password\r\"
expect \"#\"
send \"cd /var\r\"
expect \"#\"
send \"chmod +x my_script.sh\r\"
expect \"#\"
send \"./my_script.sh\r\"
expect \"#\"
send \"exit\r\"
")
# run the expect script
echo "$expect_sh"
}
You can leave these snippets in a script on your local system, and then just alias to the scripts.
Also: I know you said security isn't an issue, but I'd like to just note, again, that the "proper" way to ssh without using a password is to use a ssh key-pair =)
Use sshpass which is available in package repositories on major Linux-es.
For example, when password is in password.txt file:
sshpass -fpassword.txt ssh username#hostname
sshpass runs ssh in a dedicated tty, fooling it into thinking it is
getting the password from an interactive user.
Regardless of security issues, I want to automate ssh login by putting password into a script file (in form of plaintext). For example, I tried following, but without success...
echo "mypassword" | ssh -X root#remote_node_address
it still prompt with password inputs...
Edit: I am aware of setting up passphraseless ssh (and actually have done this). What my question really is is how to automate process of setting up passphraseless ssh...
Automate with Expect
You can use Expect to drive password authentication with SSH. For example:
#!/usr/bin/expect -f
set timeout -1
spawn ssh -o PubkeyAuthentication=no host.example.com
expect -exact "Password: "
send -- "secret\r"
expect {\$\s*} { interact }
This script is a very basic example, and not especially robust in the face of failure or when running under a non-standard remote TERM like GNU screen, but it works for the common case. You can also use /usr/bin/autoexpect from the expect-dev package to generate your own custom scripts based on a manual session.
you will need to use public key authentication, see
http://www.ece.uci.edu/~chou/ssh-key.html
in order to add new keys for existing hosts, you will need to automate updating of public keys in ~/.ssh/authorized_keys on remote machine
it is easy to do with
ssh-keygen -t rsa -b 1024 -f ~/.ssh/new-key -P ""
cat ~/.ssh/new-key.pub | ssh root#target-host 'cat >> ~/.ssh/authorized_keys'
then you can use new key to access host with
ssh -i ~/.ssh/new-key root#remote-host
I run into empty recently. I am surprised that it seems not to be well known since it is rarely talked about when problems like "how to automate ssh" arise.
I use it on openwrt, it has a package about 7KB in size without dependency, while tcl package is around 440KB. And you can use it in shell directly.
"empty is an utility that provides an interface to execute and/or interact with processes under pseudo-terminal sessions (PTYs). This tool is definitely useful in programming of shell scripts designed to communicate with interactive programs like telnet, ssh, ftp, etc. In some cases empty can be the simplest replacement for TCL/expect or other similar programming tools "
For example:
#!/bin/sh
empty -f -i in -o out telnet foo.bar.com
empty -w -i out -o in "ogin:" "luser\n"
empty -w -i out -o in "assword:" "TopSecret\n"
empty -s -o in "who am i\n"
empty -s -o in "exit\n"
I am new to world of scripting. I am getting problem while executing local shell script on remote server using expect script.
my script is following
VAR=$(/home/local/RD/expect5.45/expect -c "
spawn -noecho ssh -q -o StrictHostKeyChecking=no $USER#$HOST $CMD
match_max 100000
expect \"*?assword:*\"
send -- \"$PASS\r\"
send -- \"\r\"
send \"exit\n\r\"
expect eof
")
It is working fine if CMD is basic commands like df -kh;top.
But I need to collect several stats on remote server for which i have created a shell script.
I have tried following with no luck
spawn -noecho ssh -q -o StrictHostKeyChecking=no $USER#$HOST 'bash -s' < localscript.sh
its not able to pick and execute localscript on remote server.
Please help to resolve this issue.
The last time I tried something like this, I quickly grew weary of using expect(1) to try to respond to the password prompts correctly. When I finally spent the ten minutes to learn how to create an ssh key, copy the key to the remote system, and set up the ssh-agent to make key-based logins easier to automate, I never had trouble running scripts remotely:
ssh remotehost "commands ; go ; here"
First, check if you need to create the key or if you already have one:
ls -l ~/.ssh/id_*
If there are no files listed, then run:
ssh-keygen
and answer the prompts.
Once your key is generated, copy it to the remote system:
ssh-copy-id remote
Most modern systems run ssh-agent(1) as part of the desktop start up; to determine if you've got the agent started already, run:
ssh-add -l
If you see "The agent has no identities.", then you're good to go. If you see "Could not open a connection to your authentication agent." then you'll have to do some research about the best place to insert the ssh-agent(1) into your environment. Or, forgo the agent completely, it is just a nice convenience.
Add your key, perhaps with a timeout so it is only valid for a short while:
ssh-add -t 3600
Now test it:
ssh remote "df -hk ; ps auxw ; ip route show ; free -m"
expect(1) is definitely a neat tool, but authentication on remote systems is easier (and more safely) accomplished with SSH keys.
I want to basically copy files from remote machines, and after copying, delete them.
I have managed to copy the files using expect and scp.
Also, managed to delete the files outside of the script, but not able to use the ssh command inside the script.
This is what I have
#!/usr/bin/expect -f
log_user 1
set timeout -1
set pass "pass"
spawn scp user#remote.machine.com:Desktop/LoginCheck/Login/* .
expect {
password: {send "$pass\r" ; exp_continue}
}
ssh user#remote.machine.com 'rm -rf Desktop/LoginCheck/Login/*'
expect {
password: {send "$pass\r" ; exp_continue}
}
So the scp section of code works.
But the ssh and rm -rf
this is the error for ssh
invalid command name "ssh"
while executing
Can someone provide a working script?
Shouldn't the ssh command be a new spawn? By the way, just reading the wikipedia article on expect, one of the "cons" listed is:
A less obvious argument against Expect is that it can enable
sub-optimal solutions. For example, a systems administrator needing to
log into multiple servers for automated changes might use Expect with
stored passwords, rather than the better solution of ssh agent keys.
The ability to automate interactive tools is attractive, but there are
frequently other options that can accomplish the same tasks in a more
robust manner.
Sounds like you're doing exactly the example sub-optimal solution. If you were using a proper ssh key pair, you wouldn't need expect at all.
Replace ssh with spawn ssh - ssh is not a built-in command of expect.
You just missed the spawn in front of the ssh line:
spawn ssh user#remote.machine.com 'rm -rf Desktop/LoginCheck/Login/*'
You should also add a wait line before it, potentially checking for the exit code of scp.
In any case, don't use expect to automate ssh, use ssh keys and sh scripts like the other posters described.