Solved

Expect script that utilizes SSH on multiple systems

Posted on 2014-03-12
14
1,483 Views
Last Modified: 2014-03-12
I'm trying to use an expect script that logs into numerous systems and checks for the kernel version.  The script works except for when it gets to a system that it has the wrong password for.  Instead of skipping the system, the script errors out.  I'm not very experienced with expect and could use some assistance.

Thanks



#!/usr/bin/expect

set timeout 10
set prompt "(#|root#|$|jsmith$) $"
set file [open ./filelist r]
set servers [read -nonewline $file]
close $file

stty echo


send_user "\nEnter user id: "
expect_user -re "(.*)\n" {set userid $expect_out(1,string)}
send_user "\nEnter Password: "

stty -echo

expect_user -re "(.*)\n" {set pword $expect_out(1,string)}

stty echo

foreach host [split $servers "\n"] {

spawn ssh -o StrictHostKeyChecking=no $userid@$host


expect {
  "assword:" { send -- "$pword\n"}
  "Permission denied, please try again." {  send -- "$pword\n"}
}
  expect -re "$prompt"
  send -- "uname -r\n"
  expect -re "$prompt"
  send -- "echo All Done\n"
  expect -re "$prompt"
  send -- "exit\n"

}
0
Comment
Question by:drj003
  • 7
  • 6
14 Comments
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 39924693
Instead of sending the password again:

  "Permission denied, please try again." {  send -- "$pword\n"}

you could continue with the next iteration:

  "Permission denied, please try again." {  continue }
0
 
LVL 2

Author Comment

by:drj003
ID: 39924704
Thanks for the reply.

I changed it to

  "Permission denied, please try again." {  continue }

This was the result when it hit a system that it had the wrong password for-



 
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
send: spawn id exp8 not open
    while executing
"send -- "exit\n""
    ("foreach" body line 15)
    invoked from within
"foreach host [split $servers "\n"] {

spawn ssh -o StrictHostKeyChecking=no $userid@$host


expect {
  "assword:" { send -- "$pword\n"}
  "Permission ..."
    (file "./kernelcheck" line 22)




Thanks
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 39924710
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
That's not the same message as posted in the Q. Please adjust.
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 
LVL 2

Author Comment

by:drj003
ID: 39924744
I may be misunderstanding, but that was the output after I changed it to continue with the next iteration, instead of sending the password again.  Should I still adjust?
0
 
LVL 2

Author Comment

by:drj003
ID: 39924759
I want the script to skip any server it has the wrong password for, and move on to the next server in the list.
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 39924773
Try "break" instead of continue.
0
 
LVL 2

Author Comment

by:drj003
ID: 39924824
changing it to break didn't go past the server with the wrong password either.

so the script in it's current state is (output is below the script)-




**********************************************************************
#!/usr/bin/expect

set timeout 10
set prompt "(#|root#|$|jsmith$) $"
set file [open ./filelist r]
set servers [read -nonewline $file]
close $file

stty echo


send_user "\nEnter user id: "
expect_user -re "(.*)\n" {set userid $expect_out(1,string)}
send_user "\nEnter Password: "

stty -echo

expect_user -re "(.*)\n" {set pword $expect_out(1,string)}

stty echo

foreach host [split $servers "\n"] {

spawn ssh -o StrictHostKeyChecking=no $userid@$host


expect {
  "assword:" { send -- "$pword\n"}
  "Permission denied, please try again." { break }
}


expect -re "$prompt"
send -- "uname -r\n"
expect -re "$prompt"
send -- "echo All Done\n"
expect -re "$prompt"
send -- "exit\n"

}


**********************************************************************



The output from the above script-

*********************************************************************






root#./kernelcheck

Enter user id: root

Enter Password: spawn ssh -o StrictHostKeyChecking=no root@rv-poc-josh-01
root@rv-poc-josh-01's password:
Last login: Wed Mar 12 16:42:14 2014 from 10.3.102.199
[root@rv-poc-josh-01 ~]# uname -r
2.6.39-400.17.2.el6uek.x86_64
[root@rv-poc-josh-01 ~]# echo All Done
All Done
[root@rv-poc-josh-01 ~]# spawn ssh -o StrictHostKeyChecking=no root@rv-poc-josh-02
root@rv-poc-josh-02's password:
Last login: Wed Mar 12 16:42:17 2014 from 10.3.102.199
[root@rv-poc-josh-02 ~]# uname -r
2.6.39-400.17.2.el6uek.x86_64
[root@rv-poc-josh-02 ~]# echo All Done
All Done
[root@rv-poc-josh-02 ~]# spawn ssh -o StrictHostKeyChecking=no root@rv-poc-josh-03
root@rv-poc-josh-03's password:
Permission denied, please try again.
root@rv-poc-josh-03's password:
Permission denied, please try again.
root@rv-poc-josh-03's password:
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
send: spawn id exp8 not open
    while executing
"send -- "exit\n""
    ("foreach" body line 17)
    invoked from within
"foreach host [split $servers "\n"] {

spawn ssh -o StrictHostKeyChecking=no $userid@$host


expect {
  "assword:" { send -- "$pword\n"}
  "Permission ..."
    (file "./kernelcheck" line 22)
***********************************************************************
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 39924918
Could it be that the server with the wrong password is the last one in the list?

Under normal circumstances expect should iterate anyway once a non-matching prompt is encountered (and the timeout has passed).
0
 
LVL 2

Author Comment

by:drj003
ID: 39924932
It's the 3rd server out of 4.
0
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 500 total points
ID: 39924972
What exactly happens when you try to log in via ssh from the command line to the server in question, issuing the wrong password, of course?
Please try from command line, an expect log can have many overlays.

I see from your log that your version of ssh asks 3 times for the password and expect answers 3 times (which is quite correct).
Then ssh sends the "Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password)." message.
After that you should receive a "disconnect" from the target server and expect should iterate, thus making "continue" unnecessary,
If there is no "disconnect" we must catch the last message to react accordingly, maybe with "continue".

expect {
  "assword:" { send -- "$pword\n"}
  "Permission denied (publickey" { continue }
}

My OpenSSH servers seem to react differently than yours, because your script works for me, even with a wrong password. I just needed to modify "prompt" and the "filelist", of course.
0
 
LVL 28

Expert Comment

by:serialband
ID: 39925287
This is an aside from your direct issue.

You might just want to use ssh keys on your accounts so that you don't have to write this script to prompt you for a password for each connection.  If you use ssh keys, you'd only need to start ssh-agent and enter your passphrase one time after you add your key with ssh-add, then ssh will take care of the rest.
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 39925395
OK, I finally found a server which seems to react the same way as yours.
Here is my solution:

...
spawn ssh -o StrictHostKeyChecking=no $userid@$host
expect_after eof {
catch {close -i $spawn_id}
wait -nowait -i $spawn_id
continue ;
}


expect {
  "assword:" { send -- "$pword\n"}
}


expect -re "$prompt"
send -- "uname -r\n"
expect -re "$prompt"
send -- "echo All Done\n"
expect -re "$prompt"
send -- "exit\n"
expect eof
}
0
 
LVL 2

Author Closing Comment

by:drj003
ID: 39925408
When you said it automatically disconnects, it lead me remove

send -- "exit\n" from the script and it worked.

Thanks
0
 
LVL 2

Author Comment

by:drj003
ID: 39925410
Oh, I didn't see your last post before I responded.  I'll try that too.

Thanks again.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
wifi not working on Raspberry Pi 3? 2 53
Bash Script to Analyze Oracle Schemas 11 103
Linux Copy Command - All Files inc Directory 1 42
Coding C# in Linux 8 63
Little introduction about CP: CP is a command on linux that use to copy files and folder from one location to another location. Example usage of CP as follow: cp /myfoder /pathto/destination/folder/ cp abc.tar.gz /pathto/destination/folder/ab…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question