ProgrammingThis forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have few legacy machines which are about to be decommissioned. There is no scope of adding them to puppet/ansible etc. There are no ssh keys either as the user management is done via a third party tool and password is rotated weekly.
So, if I want to execute a script from a centralized jump box on these bunch of servers, expect is the only thing I can use to automate my tasks! I am only trying to fetch information from about ~20 servers.
These servers authenticate with a common username, but passwords are different for all.
Code sample-
Code:
#!/bin/bash
serverlist=/path/to/map.txt
#username is common and password from file
user=admin
##login to each Server
#for i in $(cat $serverlist)
while IFS= read line
do
echo $line
set timeout 100
server= echo $line | awk -F ' ' '{print $1}' # first field is servername
password= echo $line | awk -F ' ' '{print $2}' # second field is password
#echo $server
#echo $password
/bin/expect << THIS
exp_internal 1
spawn ssh -q -o StrictHostKeyChecking=no -t "$user@$server"
expect ":"
send -- "$password\r"
expect "$ "
send "sudo -i\r"
expect ":"
send -- "$password\r"
expect "# "
send "hostname --fqdn;uname -a; who -rb; uptime \r"
expect "# "
send "exit \r"
THIS
done < $serverlist
The bash part of the script is very basic as I am merely setting up variables and extracting hostname and password from maps.txt (text file, fields separated by a single space). This part works without issues.
The problem starts with the EXPECT bit; specifically with the heredoc invocation.
Execution -
Code:
$: bash -x test.sh
+ serverlist=/Path/to/map.txt
+ user=admin
test.sh: line 29: warning: here-document at line 15 delimited by end-of-file (wanted `THIS')
test.sh: line 30: syntax error: unexpected end of file
What I have done -
a. exp_internal 1 (adding or removing it does not give additional debugging info)
b. made sure my 'map.txt' is a unix file (verified with 'cat -A' and dos2unix to make sure there are no weird characters)
c. If I disable the expect block, the rest of the script does not have any errors.
Thanks for your attention, @pan64. And so good to see you in the forum.
You are correct. I indeed wrapped them into $(), but must have removed them when I was trying to debug. As the error message is not very helpful, I must have been adjusting this or that.
Confirming that wrapping these values in $() does not take away the errors on the expect block. The errors persist.
That is a great lead. Looks like I should not have indented the HEREDOC
Code:
#!/bin/bash
serverlist=/path/to/map.txt
#username is common and password from file
user=admin
##login to each Server
#for i in $(cat $serverlist)
while IFS= read -r line
do
echo "$line"
server=$(echo "$line" | awk -F ' ' '{print $1}') # first field is servername
password=$(echo "$line" | awk -F ' ' '{print $2}') # second field is password
#echo $server
#echo $password
/bin/expect <<THIS
set timeout 100
exp_internal 1
spawn ssh -q -o StrictHostKeyChecking=no -t "$user@$server"
expect ":"
send -- "$password\r"
expect "~]$ "
send "sudo -i \r"
expect ":"
send -- "$password\r"
expect "# "
send "hostname --fqdn;uname -a; who -rb; uptime \r"
expect "# "
send "exit \r"
THIS
done < "$serverlist"
The script works under normal condition.
The only condition it breaks is when the password contain a '[' character, where it gives this error message -
Code:
spawn ssh -q -o StrictHostKeyChecking=no -t admin@server2.domain.com
parent: waiting for sync byte
parent: telling child to go ahead
parent: now unsynchronized from child
spawn: returns {669298}
expect: does "" (spawn_id exp4) match glob pattern ":"? no
Password:
expect: does "\rPassword: " (spawn_id exp4) match glob pattern ":"? yes
expect: set expect_out(0,string) ":"
expect: set expect_out(spawn_id) "exp4"
expect: set expect_out(buffer) "\rPassword:"
missing close-bracket
while executing
"send -- "AbCd5EF*/r[H\r" # not the real password, but close
expect "~]$ "
send "sudo -i \r"
expect ":"
send -- "AbCd5EF*/r["
I did find out why it breaks.
From: https://tcl.tk/man/tcl8.6/TclCmd/Tcl.htm#M11
If a word contains an open bracket (“[”) then Tcl performs command substitution. To do this it invokes the Tcl interpreter recursively to process the characters following the open bracket as a Tcl script. The script may contain any number of commands and must be terminated by a close bracket (“]”). The result of the script (i.e. the result of its last command) is substituted into the word in place of the brackets and all of the characters between them. There may be any number of command substitutions in a single word. Command substitution is not performed on words enclosed in braces.
so how do I tell expect to treat any '[' is $password as only a string and not as a special character ?
here you can find some ideas to easily test your expect script and also probably you can improve it too: https://phoenixnap.com/kb/linux-expect
also you may try:
Code:
while IFS= read -r server password
do
/bin/expect .....
done
tried escaping the "[" in the maps.txt with {} but didnt work.
But tried with a simple \, and now it behaves fine.
What I do not understand is, bash is reading the file, encounters the escape character and thus treats '[' normally. But '[' is not a special character in bash ( [] is or [[]] is !). And then when the strings go from bash to the expect block, should it not complain again about the rogue [ ?
What I do not understand is, bash is reading the file, encounters the escape character and thus treats '[' normally. But '[' is not a special character in bash ( [] is or [[]] is !). And then when the strings go from bash to the expect block, should it not complain again about the rogue [ ?
You have to remember there are two layers of evaluation, bash and then TCL/expect. Perhaps the main part you missed is that bash HERE docs do $variable expansion, so when you have
Code:
password=xyz[
/bin/expect <<THIS
send -- "$password\r"
THIS
That is entirely equivalent from expect's point of view to this:
Code:
/bin/expect <<THIS
send -- "xyz[\r"
THIS
Bash has no problem expanding the variable containing "[", but then expect is seeing the unbalanced [ as just literal text, so it flags an error.
(I'm not that familiar with TCL, but based on the doc page you linked, I believe the problem with using {} to escape is that it only takes effect if the { is the start of the word, but you have the double quote character first.)
As an experience you can add set -xv to your script (let's say before while) and you will see all commands (line by line) as they are evaluated by the shell and as they are really look like when executed. You can't do that with expect/tcl.
As I mentioned in post #9 using variables will eliminate this issue, because they will not be preprocessed at all, their content will remain intact.
tried escaping the "[" in the maps.txt with {} but didnt work.
?
I am using following commands using CYGWIN_NT at windows:
password="$(
server="$(
...
send "\$env(password)\n"
Due to your query I have changed my localhost (windows) password to xyz[ since I am admin
I tried your script at windows using CYGWIN_NT and sshd server listening at 127.0.0.1
Due to your query I made following changes:
01)
Make a backup of /etc/sshd_config before modification if not taken earlier.
File: /etc/sshd_config
Replace:
#PermitRootLogin prohibit-password
...
#PubkeyAuthentication yes
...
#GSSAPIAuthentication no
...
#UsePAM no
With:
#PermitRootLogin prohibit-password
PermitRootLogin no
...
#PubkeyAuthentication yes
PubkeyAuthentication yes
...
#GSSAPIAuthentication no
GSSAPIAuthentication yes
...
#UsePAM no
UsePAM yes
Add:
PasswordAuthentication yes
ChallengeResponseAuthentication no
Make a backup of updated file /etc/sshd_config including approved comment from supervisor(Hill Jason I like this technical person a lot from 2005 to 2013 and I have never seen such a technical person throughout my life ever who awarded me during 2008)
02)
restart the sshd service at windows
/cygdrive/c/WINDOWS/system32/sc.exe stop sshd
/cygdrive/c/WINDOWS/system32/sc.exe start sshd
My test result:
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
Expect called from bash; Unexpected EOF !
