I'm new to expect and learning from somebody's script. There is a block like this after the ssh command,
expect {
"Password:" {puts stderr "Wrong password."; exit 1}
"Last login:" {puts "Login Successful."}
timeout abort
}
Well, a problem of this in my case is that if this is the first login to the machine, there won't be a "Last login" showing up. So what I did was to add something and thought this might work
expect {
"Password:" {puts stderr "Wrong password."; exit 1}
"Last login:" {puts "Login Successful."}
"# " {puts "Login Successful."}
timeout abort
}
Now it can print the message, however after adding this the script just hang there after login succeeded.
Turning on -d option while running it, looks like it's trying to match "", not sure how does puts results in this? Or what mistake am I making here?
EDIT:
The last few lines of -d output is
expect: does " *********# " (spawn_id exp6) match glob pattern "Password:"? no
"Last login:"? no
"# "? yes
expect: set expect_out(0,string) "# "
expect: set expect_out(spawn_id) "exp6"
expect: set expect_out(buffer) " *********# "
Login Successful too.
expect: does "" (spawn_id exp6) match glob pattern "# "? no
I replaced something with private info with ***. The next line in my script is
expect "# "
Related
I've been struggling with getting the output from a remote server to a local variable or a local file.
My attempt:
#!/bin/bash
my_pass=!!psw!!
server=10.10.10.10
/usr/bin/expect << ENDOFEXPECT
exp_internal 1 ;# expect internal debugging. remove when not needed
set PROMPT ":~ ?# ?"
set timeout 30
spawn bash -c "ssh root#$server"
expect "assword:"
send "$my_pass\r"
expect -re "$PROMPT"
send -- "df -kh /\r"
expect -re "df\[^\n]+\n.+\n(.+\r\n.+)\r\n"
set command_output $expect_out(1,string)
send_user "$command_output\r"
interact
ENDOFEXPECT
echo "====================="
echo " >> $command_output"
Output:
spawn bash -c ssh root#10.10.10.10
parent: waiting for sync byte
parent: telling child to go ahead
parent: now unsynchronized from child
spawn: returns {154725}
expect: does "" (spawn_id exp4) match glob pattern "assword:"? no
Password:
expect: does "\rPassword: " (spawn_id exp4) match glob pattern "assword:"? yes
expect: set expect_out(0,string) "assword:"
expect: set expect_out(spawn_id) "exp4"
expect: set expect_out(buffer) "\rPassword:"
send: sending "!!psw!!\r" to { exp4 }
Gate keeper glob pattern for '' is ''. Not usable, disabling the performance booster.
expect: does " " (spawn_id exp4) match regular expression ""? (No Gate, RE only) gate=yes re=yes
expect: set expect_out(0,string) ""
expect: set expect_out(spawn_id) "exp4"
expect: set expect_out(buffer) ""
send: sending "df -kh /\r" to { exp4 }
Gate keeper glob pattern for 'df[^
]+
.+
(.+
.+)
' is ''. Not usable, disabling the performance booster.
expect: does " " (spawn_id exp4) match regular expression "df[^\n]+\n.+\n(.+\r\n.+)\r\n"? (No Gate, RE only) gate=yes re=no
expect: does " \r\n" (spawn_id exp4) match regular expression "df[^\n]+\n.+\n(.+\r\n.+)\r\n"? (No Gate, RE only) gate=yes re=no
Last login: Fri Dec 2 23:58:09 2022 from 10.10.10.1
Welcome to server image 2.2
expect: does " \r\nLast login: Fri Dec 2 23:58:09 2022 from 10.10.10.1\r\r\n\r\nWelcome to server image 2.2\r\n\r\n" (spawn_id exp4) match regular expression "df[^\n]+\n.+\n(.+\r\n.+)\r\n"? (No Gate, RE only) gate=yes re=no
REMY_SERVER:~ #
expect: does " \r\nLast login: Fri Dec 2 23:58:09 2022 from 10.10.10.1\r\r\n\r\nWelcome to server image 2.2\r\n\r\n\u001b[?1034h\u001b[1m\u001b[31mREMY_SERVER:~ # \u001b(B\u001b[m" (spawn_id exp4) match regular expression "df[^\n]+\n.+\n(.+\r\n.+)\r\n"? (No Gate, RE only) gate=yes re=no
expect: timed out
interact: received eof from spawn_id exp0
=====================
>>
Expected:
What I ultimately want is to get the output of df -kh into a local variable or even better, append it directly to a local file (on the local machine, not the server on which the command is executed) so that it contains something like:
$ cat ./result.txt
Filesystem Size Used Avail Use% Mounted on
/dev/sda1 20G 18G 1,7G 92% /
Method 1: The proper way is to not use expect and use key pair access :
Step #1
Setup a SSH key pair (google it) and then copy the SSH key to the remote server. To do this I'd recommend using ssh-copy-id.
Step #2
Now with the ability to SSH to a server in place using a key, your above problem turns into this:
$ ssh root#10.10.10.10 "df -kh"
You can get fancy and use here documents (heredocs aka. here-docs) to further enhance this technique.
$ ssh root#10.10.10.10 <<EOF
> df -kh
> EOF
or put the commands in a file and pass them to ssh:
$ ssh root#10.10.10.10 < my.cmds
Method 2: Expect
See the following, expains how to use it properly and a tool to create expect scripts
https://hostadvice.com/how-to/how-to-automate-tasks-in-ssh/
First, your PROMPT regex is not matching. I see the output has some colour codes in it:
expect: does " \r\nLast login: ...REMY_SERVER:~ # \u001b(B\u001b[m" (spawn_id exp4) match regular expression ...
It's good to anchor prompt regexes, and to enclose them in braces. Try
set PROMPT { # \S*$}
Or, assuming the login shell is bash, set a new prompt that's easier to match:
send "$my_pass\r"
expect "Welcome to server"
send -- "PS1='>'\r"
set PROMPT {>$}
expect -re $PROMPT
Next, the relevant code for the question.
send -- "df -kh /\r"
expect -re "df\[^\n]+\n.+\n(.+\r\n.+)\r\n"
set command_output $expect_out(1,string)
send_user "$command_output\r"
I'd adjust your regex a touch:
set cmd "df -kh /"
send -- "$cmd\r"
expect -re "$cmd\r\n(.+)\r\n.*$PROMPT"
Then you're capturing and "echoing" the result correctly
set command_output $expect_out(1,string)
send_user "$command_output\n"
# use a newline here ......^
And to append it to a local file:
set fh [open ./results.txt a]
puts $fh $command_output
close $fh
The problem is the command send "xxxxx" just does not send. The command seem to be completely ignored.
In the script below I am able to log in to the server but no more send commands are transmitted to the server.
At the end there is an example of the output.
The timeout traps were for debugging.
#!/usr/bin/expect -f
## getver_t.sh - Use telnet to get ver from Cisco devices
## Could be asked for login ID or just pasword
set pass {Password1 Pass2}
set index 0
set timeout 5
set host [lindex $argv 0 ]
spawn ssh -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null admin#$host
expect {
"assword:" {
send_user "\n--- sending [lindex $pass $index] ---\n"
send "[lindex $pass $index]\r"
incr index
exp_continue
}
"\>" {
send_user "\n--- I see a prompt ---\n"
send -- "ter len 0\r"
sleep 3
send -- "show inv\r"
sleep 3
send -- "show ver\r"
send_user "\n--- Time to end ---\n"
sleep 3
send -- "exit\r"
sleep 3
exit
}
timeout {
send -- "\r"
set timeout 5
send_user "\n--- TIMED OUT 1 ---\n"
send -- "ter len 0\r"
sleep 3
send -- "show inv\r"
sleep 3
send -- "show ver\r"
sleep 3
send -- "exit\r"
sleep 3
exit
}
}
send_user "\n--- out side land ---\n"
send "\r"
expect {
timeout {
send_user "\n--- TIMED OUT 2 ---\n"
}
}
This is what I see running the script.
$ ./getver_s.sh server1
spawn ssh -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null admin#server1
Warning: Permanently added 'server1,10.1.1.3' (RSA) to the list of known hosts.
Password:
--- sending Password1 ---
Password:
--- sending Pass2 ---
------------------------------------------------------------
Welcome to server1
------------------------------------------------------------
server1>
--- I see a prompt ---
--- Time to end ---
$
I see the "--- I see a prompt ---" and "--- Time to end ---" messages
but the send commands between the send_user commands are not sent to the server.
I have rewritten this script changed the logic and run it off different versions of servers (Debian7 & 8) but the result is always the same.
Why are those send commands not being sent?
Added expect -d output
Login Banner
-------------- CUT ------------------
Password:"
--- sending Password1 ---
send: sending "Password1\r" to { exp7 }
expect: continuing expect
expect: does " " (spawn_id exp7) match glob pattern "assword:"? no
">"? no
expect: does " \r\n" (spawn_id exp7) match glob pattern "assword:"? no
">"? no
Password:
expect: does " \r\nPassword: " (spawn_id exp7) match glob pattern "assword:"? yes
expect: set expect_out(0,string) "assword:"
expect: set expect_out(spawn_id) "exp7"
expect: set expect_out(buffer) " \r\nPassword:"
--- sending Pass2 ---
send: sending "Pass2\r" to { exp7 }
expect: continuing expect
expect: does " " (spawn_id exp7) match glob pattern "assword:"? no
">"? no
expect: does " \r\n" (spawn_id exp7) match glob pattern "assword:"? no
">"? no
-------------- CUT ------------------
motd
-------------- CUT ------------------
-\r\nServer1>"
--- I see a prompt ---
send: sending "ter len 0\r" to { exp7 }
send: sending "show inv\r" to { exp7 }
send: sending "show ver\r" to { exp7 }
send: sending "exit\r" to { exp7 }
Server1$
I'm trying to reboot a D-Link router by connecting to it via telnet through expect.
The problem is that I can't execute (through the expect script) any of the commands supported by the router.
First of all, I show you a short telnet session with my router:
telnet 192.168.1.1
Trying 192.168.1.1...
Connected to 192.168.1.1.
Escape character is '^]'.
BCM96338 ADSL Router
Login: admin
Password:
> swversion show
EU_3-12-01-1R00.A2pB026.d20m
> logout
Bye bye. Have a nice day!!!
Connection closed by foreign host.
Now I'm trying to make it automatic with an Expect script but I can't make it work. Here's the script:
#!/usr/bin/expect -f
#exp_internal 1
set timeout 30
#router username
set name admin
#command to execute
set routercmd "swversion show"
#router password
set pass mypassword
#router IP address
set routerip 192.168.1.1
spawn telnet $routerip
# send username & password
expect "Login: "
send "$name\r"
expect "Password: "
send "$pass\r"
expect "> "
send "$routercmd\r"
expect "> "
When I execute the script, it gets stuck at the password prompt:
./reboot_dut.sh
spawn telnet 192.168.1.1
Trying 192.168.1.1...
Connected to 192.168.1.1.
Escape character is '^]'.
BCM96338 ADSL Router
Login: admin
Password:
If I uncomment the #exp_internal 1 line I get:
./reboot_dut.sh
spawn telnet 192.168.1.1
parent: waiting for sync byte
parent: telling child to go ahead
parent: now unsynchronized from child
spawn: returns {6398}
expect: does "" (spawn_id exp7) match glob pattern "Login: "? no
Trying 192.168.1.1...
expect: does "Trying 192.168.1.1..." (spawn_id exp7) match glob pattern "Login: "? no
expect: does "Trying 192.168.1.1...\r\n" (spawn_id exp7) match glob pattern "Login: "? no
Connected to 192.168.1.1.
expect: does "Trying 192.168.1.1...\r\nConnected to 192.168.1.1." (spawn_id exp7) match glob pattern "Login: "? no
expect: does "Trying 192.168.1.1...\r\nConnected to 192.168.1.1.\r\n" (spawn_id exp7) match glob pattern "Login: "? no
Escape character is '^]'.
expect: does "Trying 192.168.1.1...\r\nConnected to 192.168.1.1.\r\nEscape character is '^]'." (spawn_id exp7) match glob pattern "Login: "? no
expect: does "Trying 192.168.1.1...\r\nConnected to 192.168.1.1.\r\nEscape character is '^]'.\r\n" (spawn_id exp7) match glob pattern "Login: "? no
BCM96338 ADSL Router
expect: does "Trying 192.168.1.1...\r\nConnected to 192.168.1.1.\r\nEscape character is '^]'.\r\nBCM96338 ADSL Router\r\n" (spawn_id exp7) match glob pattern "Login: "? no
Login:
expect: does "Trying 192.168.1.1...\r\nConnected to 192.168.1.1.\r\nEscape character is '^]'.\r\nBCM96338 ADSL Router\r\nLogin: " (spawn_id exp7) match glob pattern "Login: "? yes
expect: set expect_out(0,string) "Login: "
expect: set expect_out(spawn_id) "exp7"
expect: set expect_out(buffer) "Trying 192.168.1.1...\r\nConnected to 192.168.1.1.\r\nEscape character is '^]'.\r\nBCM96338 ADSL Router\r\nLogin: "
send: sending "admin\r" to { exp7 }
expect: does "" (spawn_id exp7) match glob pattern "Password: "? no
a
expect: does "a" (spawn_id exp7) match glob pattern "Password: "? no
dmin
Password:
expect: does "admin\r\nPassword: " (spawn_id exp7) match glob pattern "Password: "? yes
expect: set expect_out(0,string) "Password: "
expect: set expect_out(spawn_id) "exp7"
expect: set expect_out(buffer) "admin\r\nPassword: "
send: sending "mypassword\r" to { exp7 }
expect: does "" (spawn_id exp7) match glob pattern "> "? no
expect: timed out
send: sending "swversion show\r" to { exp7 }
expect: does "" (spawn_id exp7) match glob pattern "> "? no
> swversion show
expect: does "\r\n> swversion show\r\n" (spawn_id exp7) match glob pattern "> "? yes
expect: set expect_out(0,string) "> "
expect: set expect_out(spawn_id) "exp7"
expect: set expect_out(buffer) "\r\n> "
SOLUTION: I found the solution to the problem. The router I was trying to reboot was a D-LINK 2640B. A working expect script for this router is:
#!/usr/bin/expect -f
spawn telnet ROUTER_IP
match_max 10000
expect *login:*
sleep 2
send -- "USERNAME\r"
expect *assword:*
sleep 2
send -- "PASSWORD\r"
expect *>*
send -- "\r"
expect *>*
send -- "COMMAND\r"
expect *>*
send -- "\r"
expect *>*
send -- "logout\r"
I'd say you need to match your prompt to ">", as opposed to "> " (i.e. no space after it).
I have the simplest script ever:
#!/usr/bin/expect
expect "hello"
send -- "ll \r"
When I run it, I manually type "hello" word and that ll command never runs ...
Afterwards I put exp_internal 1 and then this comes up
[root#localhost tmp]# ./file1.exp
expect: does "" (spawn_id exp0) match glob pattern "hello"? no
hello
expect: does "hello\n" (spawn_id exp0) match glob pattern "hello"? yes
expect: set expect_out(0,string) "hello"
expect: set expect_out(spawn_id) "exp0"
expect: set expect_out(buffer) "hello"
}end: sending "ll \r" to { exp0 ll
[root#localhost tmp]#
Can anyone explains me why the command is not being ran as command ?
What I'm trying to do is write an expect script that backs up all databases on a server, then create an encrypted zip file (I couldn't get my tar/openssl command to run properly in expect) containing the sql file.
This is just an exercise to learn about expect, not a real backup solution.
I'm obviously lacking some understanding here. What I want to do is:
Back up all databases to a file (done)
Run the zip command to create an encrypted zip file (done... sorta)
Respond to "Enter password: "
Then response to the confirmation "Verify password: "
#!/usr/bin/expect -f
exp_internal 1
set backupdir "/mnt/db-backups/"
set now [clock seconds]
set date [clock format $now -format {%Y-%m-%d}]
set filename $date
append filename "_dbbackups.sql"
exec mysqldump -u root --all-databases --events > $backupdir$filename
spawn zip -e $backupdir$filename.enc.zip $backupdir$filename
expect {
"Enter password: " { send "monkey"
exp_continue
}
"Verify password: " {send "monkey"
exp_continue
}
}
And the output is
$expect encrypt.sh
spawn zip -e /mnt/db-backups/2013-12-11_dbbackups.sql.enc.zip /mnt/db-backups/2013-12-11_dbbackups.sql
parent: waiting for sync byte
parent: telling child to go ahead
parent: now unsynchronized from child
spawn: returns {15733}
expect: does "" (spawn_id exp6) match glob pattern "Enter password: "? no
"Verify password: "? no
Enter password:
expect: does "Enter password: " (spawn_id exp6) match glob pattern "Enter password: "? yes
expect: set expect_out(0,string) "Enter password: "
expect: set expect_out(spawn_id) "exp6"
expect: set expect_out(buffer) "Enter password: "
send: sending "monkey" to { exp6 }
expect: continuing expect
expect: does "" (spawn_id exp6) match glob pattern "Enter password: "? no
"Verify password: "? no
monkey
expect: does "monkey" (spawn_id exp6) match glob pattern "Enter password: "? no
"Verify password: "? no
-- then I exited --
It's a pretty simple script... but I'm sucking at it.
The problem is simple:
You have to press return. So just change the command
send "monkey"
to
send "monkey\r"
(both of them)
DRY:
spawn zip -e $backupdir$filename.enc.zip $backupdir$filename
expect {
"* password: " {
send "monkey\r"
exp_continue
}
eof
}
[...] write an expect script [...]
Not how I'd do it.
zip -P password [...]
Knowing nothing about your Zip version ("zip -v"), it's hard to say
if you simply didn't look at the documentation ("zip -h2", "man zip").
Putting a password into a script is a sufficient security hazard that
"-P" was left undocumented until Zip 3.0 (when the developers got tired
of answering the how-do-I questions). But putting a password into a
script once can hardly be worse than putting a password into a script
twice.
Expect is a really ugly and troublesome solution for this.
For the mysqldump part, add your database connection information and the password in ~/.my.cnf following this format:
[client]
database=dbname
user=dbuser
password=dbpass
host=dbhost
If you work with multiple databases, then you'll have to create one file per database, for example ~/.my.cnf.dbname, and call mysqldump like this:
mysqldump --defaults-file=~/.my.cnf.$dbname $dbname | gzip >"$target"
Make sure to do chmod 600 on this file to make it as secure as possible.
And when you encrypt with openssl, you can put the password on the command line like this:
... | openssl des3 -pass pass:monkey >"$target"
You can put this after gzip in the earlier command. Of course, use a different cipher instead of des3 if you want more security. Also, instead of passing the password on the command line, you might want to use file:pathname option instead to get the password from the first line of the file instead.