Solved

Expect script that utilizes SSH on multiple systems

Posted on 2014-03-12
14
1,428 Views
Last Modified: 2014-03-12
I'm trying to use an expect script that logs into numerous systems and checks for the kernel version.  The script works except for when it gets to a system that it has the wrong password for.  Instead of skipping the system, the script errors out.  I'm not very experienced with expect and could use some assistance.

Thanks



#!/usr/bin/expect

set timeout 10
set prompt "(#|root#|$|jsmith$) $"
set file [open ./filelist r]
set servers [read -nonewline $file]
close $file

stty echo


send_user "\nEnter user id: "
expect_user -re "(.*)\n" {set userid $expect_out(1,string)}
send_user "\nEnter Password: "

stty -echo

expect_user -re "(.*)\n" {set pword $expect_out(1,string)}

stty echo

foreach host [split $servers "\n"] {

spawn ssh -o StrictHostKeyChecking=no $userid@$host


expect {
  "assword:" { send -- "$pword\n"}
  "Permission denied, please try again." {  send -- "$pword\n"}
}
  expect -re "$prompt"
  send -- "uname -r\n"
  expect -re "$prompt"
  send -- "echo All Done\n"
  expect -re "$prompt"
  send -- "exit\n"

}
0
Comment
Question by:drj003
  • 7
  • 6
14 Comments
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 39924693
Instead of sending the password again:

  "Permission denied, please try again." {  send -- "$pword\n"}

you could continue with the next iteration:

  "Permission denied, please try again." {  continue }
0
 
LVL 2

Author Comment

by:drj003
ID: 39924704
Thanks for the reply.

I changed it to

  "Permission denied, please try again." {  continue }

This was the result when it hit a system that it had the wrong password for-



 
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
send: spawn id exp8 not open
    while executing
"send -- "exit\n""
    ("foreach" body line 15)
    invoked from within
"foreach host [split $servers "\n"] {

spawn ssh -o StrictHostKeyChecking=no $userid@$host


expect {
  "assword:" { send -- "$pword\n"}
  "Permission ..."
    (file "./kernelcheck" line 22)




Thanks
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 39924710
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
That's not the same message as posted in the Q. Please adjust.
0
 
LVL 2

Author Comment

by:drj003
ID: 39924744
I may be misunderstanding, but that was the output after I changed it to continue with the next iteration, instead of sending the password again.  Should I still adjust?
0
 
LVL 2

Author Comment

by:drj003
ID: 39924759
I want the script to skip any server it has the wrong password for, and move on to the next server in the list.
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 39924773
Try "break" instead of continue.
0
 
LVL 2

Author Comment

by:drj003
ID: 39924824
changing it to break didn't go past the server with the wrong password either.

so the script in it's current state is (output is below the script)-




**********************************************************************
#!/usr/bin/expect

set timeout 10
set prompt "(#|root#|$|jsmith$) $"
set file [open ./filelist r]
set servers [read -nonewline $file]
close $file

stty echo


send_user "\nEnter user id: "
expect_user -re "(.*)\n" {set userid $expect_out(1,string)}
send_user "\nEnter Password: "

stty -echo

expect_user -re "(.*)\n" {set pword $expect_out(1,string)}

stty echo

foreach host [split $servers "\n"] {

spawn ssh -o StrictHostKeyChecking=no $userid@$host


expect {
  "assword:" { send -- "$pword\n"}
  "Permission denied, please try again." { break }
}


expect -re "$prompt"
send -- "uname -r\n"
expect -re "$prompt"
send -- "echo All Done\n"
expect -re "$prompt"
send -- "exit\n"

}


**********************************************************************



The output from the above script-

*********************************************************************






root#./kernelcheck

Enter user id: root

Enter Password: spawn ssh -o StrictHostKeyChecking=no root@rv-poc-josh-01
root@rv-poc-josh-01's password:
Last login: Wed Mar 12 16:42:14 2014 from 10.3.102.199
[root@rv-poc-josh-01 ~]# uname -r
2.6.39-400.17.2.el6uek.x86_64
[root@rv-poc-josh-01 ~]# echo All Done
All Done
[root@rv-poc-josh-01 ~]# spawn ssh -o StrictHostKeyChecking=no root@rv-poc-josh-02
root@rv-poc-josh-02's password:
Last login: Wed Mar 12 16:42:17 2014 from 10.3.102.199
[root@rv-poc-josh-02 ~]# uname -r
2.6.39-400.17.2.el6uek.x86_64
[root@rv-poc-josh-02 ~]# echo All Done
All Done
[root@rv-poc-josh-02 ~]# spawn ssh -o StrictHostKeyChecking=no root@rv-poc-josh-03
root@rv-poc-josh-03's password:
Permission denied, please try again.
root@rv-poc-josh-03's password:
Permission denied, please try again.
root@rv-poc-josh-03's password:
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
send: spawn id exp8 not open
    while executing
"send -- "exit\n""
    ("foreach" body line 17)
    invoked from within
"foreach host [split $servers "\n"] {

spawn ssh -o StrictHostKeyChecking=no $userid@$host


expect {
  "assword:" { send -- "$pword\n"}
  "Permission ..."
    (file "./kernelcheck" line 22)
***********************************************************************
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 68

Expert Comment

by:woolmilkporc
ID: 39924918
Could it be that the server with the wrong password is the last one in the list?

Under normal circumstances expect should iterate anyway once a non-matching prompt is encountered (and the timeout has passed).
0
 
LVL 2

Author Comment

by:drj003
ID: 39924932
It's the 3rd server out of 4.
0
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 500 total points
ID: 39924972
What exactly happens when you try to log in via ssh from the command line to the server in question, issuing the wrong password, of course?
Please try from command line, an expect log can have many overlays.

I see from your log that your version of ssh asks 3 times for the password and expect answers 3 times (which is quite correct).
Then ssh sends the "Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password)." message.
After that you should receive a "disconnect" from the target server and expect should iterate, thus making "continue" unnecessary,
If there is no "disconnect" we must catch the last message to react accordingly, maybe with "continue".

expect {
  "assword:" { send -- "$pword\n"}
  "Permission denied (publickey" { continue }
}

My OpenSSH servers seem to react differently than yours, because your script works for me, even with a wrong password. I just needed to modify "prompt" and the "filelist", of course.
0
 
LVL 27

Expert Comment

by:serialband
ID: 39925287
This is an aside from your direct issue.

You might just want to use ssh keys on your accounts so that you don't have to write this script to prompt you for a password for each connection.  If you use ssh keys, you'd only need to start ssh-agent and enter your passphrase one time after you add your key with ssh-add, then ssh will take care of the rest.
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 39925395
OK, I finally found a server which seems to react the same way as yours.
Here is my solution:

...
spawn ssh -o StrictHostKeyChecking=no $userid@$host
expect_after eof {
catch {close -i $spawn_id}
wait -nowait -i $spawn_id
continue ;
}


expect {
  "assword:" { send -- "$pword\n"}
}


expect -re "$prompt"
send -- "uname -r\n"
expect -re "$prompt"
send -- "echo All Done\n"
expect -re "$prompt"
send -- "exit\n"
expect eof
}
0
 
LVL 2

Author Closing Comment

by:drj003
ID: 39925408
When you said it automatically disconnects, it lead me remove

send -- "exit\n" from the script and it worked.

Thanks
0
 
LVL 2

Author Comment

by:drj003
ID: 39925410
Oh, I didn't see your last post before I responded.  I'll try that too.

Thanks again.
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Squid Authentication 7 35
bash script question (chmod) 10 41
a free alternative to cpanel? 1 39
LINUX CENTOS + APACHE 9 37
If you have a server on collocation with the super-fast CPU, that doesn't mean that you get it running at full power. Here is a preamble. When doing inventory of Linux servers, that I'm administering, I've found that some of them are running on l…
Using 'screen' for session sharing, The Simple Edition Step 1: user starts session with command: screen Step 2: other user (logged in with same user account) connects with command: screen -x Done. Both users are connected to the same CLI sessio…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now