Solved

Expect script that utilizes SSH on multiple systems

Posted on 2014-03-12
14
1,504 Views
Last Modified: 2014-03-12
I'm trying to use an expect script that logs into numerous systems and checks for the kernel version.  The script works except for when it gets to a system that it has the wrong password for.  Instead of skipping the system, the script errors out.  I'm not very experienced with expect and could use some assistance.

Thanks



#!/usr/bin/expect

set timeout 10
set prompt "(#|root#|$|jsmith$) $"
set file [open ./filelist r]
set servers [read -nonewline $file]
close $file

stty echo


send_user "\nEnter user id: "
expect_user -re "(.*)\n" {set userid $expect_out(1,string)}
send_user "\nEnter Password: "

stty -echo

expect_user -re "(.*)\n" {set pword $expect_out(1,string)}

stty echo

foreach host [split $servers "\n"] {

spawn ssh -o StrictHostKeyChecking=no $userid@$host


expect {
  "assword:" { send -- "$pword\n"}
  "Permission denied, please try again." {  send -- "$pword\n"}
}
  expect -re "$prompt"
  send -- "uname -r\n"
  expect -re "$prompt"
  send -- "echo All Done\n"
  expect -re "$prompt"
  send -- "exit\n"

}
0
Comment
Question by:drj003
  • 7
  • 6
14 Comments
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 39924693
Instead of sending the password again:

  "Permission denied, please try again." {  send -- "$pword\n"}

you could continue with the next iteration:

  "Permission denied, please try again." {  continue }
0
 
LVL 2

Author Comment

by:drj003
ID: 39924704
Thanks for the reply.

I changed it to

  "Permission denied, please try again." {  continue }

This was the result when it hit a system that it had the wrong password for-



 
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
send: spawn id exp8 not open
    while executing
"send -- "exit\n""
    ("foreach" body line 15)
    invoked from within
"foreach host [split $servers "\n"] {

spawn ssh -o StrictHostKeyChecking=no $userid@$host


expect {
  "assword:" { send -- "$pword\n"}
  "Permission ..."
    (file "./kernelcheck" line 22)




Thanks
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 39924710
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
That's not the same message as posted in the Q. Please adjust.
0
Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

 
LVL 2

Author Comment

by:drj003
ID: 39924744
I may be misunderstanding, but that was the output after I changed it to continue with the next iteration, instead of sending the password again.  Should I still adjust?
0
 
LVL 2

Author Comment

by:drj003
ID: 39924759
I want the script to skip any server it has the wrong password for, and move on to the next server in the list.
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 39924773
Try "break" instead of continue.
0
 
LVL 2

Author Comment

by:drj003
ID: 39924824
changing it to break didn't go past the server with the wrong password either.

so the script in it's current state is (output is below the script)-




**********************************************************************
#!/usr/bin/expect

set timeout 10
set prompt "(#|root#|$|jsmith$) $"
set file [open ./filelist r]
set servers [read -nonewline $file]
close $file

stty echo


send_user "\nEnter user id: "
expect_user -re "(.*)\n" {set userid $expect_out(1,string)}
send_user "\nEnter Password: "

stty -echo

expect_user -re "(.*)\n" {set pword $expect_out(1,string)}

stty echo

foreach host [split $servers "\n"] {

spawn ssh -o StrictHostKeyChecking=no $userid@$host


expect {
  "assword:" { send -- "$pword\n"}
  "Permission denied, please try again." { break }
}


expect -re "$prompt"
send -- "uname -r\n"
expect -re "$prompt"
send -- "echo All Done\n"
expect -re "$prompt"
send -- "exit\n"

}


**********************************************************************



The output from the above script-

*********************************************************************






root#./kernelcheck

Enter user id: root

Enter Password: spawn ssh -o StrictHostKeyChecking=no root@rv-poc-josh-01
root@rv-poc-josh-01's password:
Last login: Wed Mar 12 16:42:14 2014 from 10.3.102.199
[root@rv-poc-josh-01 ~]# uname -r
2.6.39-400.17.2.el6uek.x86_64
[root@rv-poc-josh-01 ~]# echo All Done
All Done
[root@rv-poc-josh-01 ~]# spawn ssh -o StrictHostKeyChecking=no root@rv-poc-josh-02
root@rv-poc-josh-02's password:
Last login: Wed Mar 12 16:42:17 2014 from 10.3.102.199
[root@rv-poc-josh-02 ~]# uname -r
2.6.39-400.17.2.el6uek.x86_64
[root@rv-poc-josh-02 ~]# echo All Done
All Done
[root@rv-poc-josh-02 ~]# spawn ssh -o StrictHostKeyChecking=no root@rv-poc-josh-03
root@rv-poc-josh-03's password:
Permission denied, please try again.
root@rv-poc-josh-03's password:
Permission denied, please try again.
root@rv-poc-josh-03's password:
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
send: spawn id exp8 not open
    while executing
"send -- "exit\n""
    ("foreach" body line 17)
    invoked from within
"foreach host [split $servers "\n"] {

spawn ssh -o StrictHostKeyChecking=no $userid@$host


expect {
  "assword:" { send -- "$pword\n"}
  "Permission ..."
    (file "./kernelcheck" line 22)
***********************************************************************
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 39924918
Could it be that the server with the wrong password is the last one in the list?

Under normal circumstances expect should iterate anyway once a non-matching prompt is encountered (and the timeout has passed).
0
 
LVL 2

Author Comment

by:drj003
ID: 39924932
It's the 3rd server out of 4.
0
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 500 total points
ID: 39924972
What exactly happens when you try to log in via ssh from the command line to the server in question, issuing the wrong password, of course?
Please try from command line, an expect log can have many overlays.

I see from your log that your version of ssh asks 3 times for the password and expect answers 3 times (which is quite correct).
Then ssh sends the "Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password)." message.
After that you should receive a "disconnect" from the target server and expect should iterate, thus making "continue" unnecessary,
If there is no "disconnect" we must catch the last message to react accordingly, maybe with "continue".

expect {
  "assword:" { send -- "$pword\n"}
  "Permission denied (publickey" { continue }
}

My OpenSSH servers seem to react differently than yours, because your script works for me, even with a wrong password. I just needed to modify "prompt" and the "filelist", of course.
0
 
LVL 29

Expert Comment

by:serialband
ID: 39925287
This is an aside from your direct issue.

You might just want to use ssh keys on your accounts so that you don't have to write this script to prompt you for a password for each connection.  If you use ssh keys, you'd only need to start ssh-agent and enter your passphrase one time after you add your key with ssh-add, then ssh will take care of the rest.
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 39925395
OK, I finally found a server which seems to react the same way as yours.
Here is my solution:

...
spawn ssh -o StrictHostKeyChecking=no $userid@$host
expect_after eof {
catch {close -i $spawn_id}
wait -nowait -i $spawn_id
continue ;
}


expect {
  "assword:" { send -- "$pword\n"}
}


expect -re "$prompt"
send -- "uname -r\n"
expect -re "$prompt"
send -- "echo All Done\n"
expect -re "$prompt"
send -- "exit\n"
expect eof
}
0
 
LVL 2

Author Closing Comment

by:drj003
ID: 39925408
When you said it automatically disconnects, it lead me remove

send -- "exit\n" from the script and it worked.

Thanks
0
 
LVL 2

Author Comment

by:drj003
ID: 39925410
Oh, I didn't see your last post before I responded.  I'll try that too.

Thanks again.
0

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Introduction We as admins face situation where we need to redirect websites to another. This may be required as a part of an upgrade keeping the old URL but website should be served from new URL. This document would brief you on different ways ca…
Google Drive is extremely cheap offsite storage, and it's even possible to get extra storage for free for two years.  You can use the free account 15GB, and if you have an Android device..when you install Google Drive for the first time it will give…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question