Perl Expect Module to give passwords for remote sudo commands

vikas027 · 05-31-2011, 08:03 AM

Hi All,

I have written a script to run commands on remote servers, it is working fine.

But when I am running "sudo commands" on the remote servers, it asks for me password after prompting for ssh password. I am unable to automate this password prompt (which is just after ssh password prompt).

This is the function I am using to provide passwords

Code:

pass ()
{
cd  $DIR/"$dt1"_"$dt"
/usr/bin/perl << 'EOF'
use strict;
use Expect;

my $timeout = '320';
my $pass = `cat password`;
my $cmd = `cat cmd`;

my $exp = Expect->spawn("$cmd")
or die "Cannot spawn ssh: $!\n";

$exp->expect($timeout,
 ["assword:",sub {$exp->send("$pass\n");}]
 );

$exp->soft_close()
EOF
cd $DIR
}

I want the same function to be used , when it expects for sudo passwords for any of the below lines:

Code:

[sudo] password for vikas:
or
Password:

This is my "cmd" file passed in pass () function.

Code:

ssh -t -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no 192.168.1.100 "bash rcmds"

This is my script output

Quote:

[vikas@box1 ~]$ ./rscript.sh
++ rm -rf /home/vikas/May_31
++ mkdir -p /home/vikas/May_31
++ set +x

Checking if Hosts are reachable .........

++ ping -c 2 random
ping: unknown host random
++ '[' 2 -eq 0 ']'
++ echo -e -n '\n\n random is UNREACHABLE...\n\n\t\t Please CHECK ...!!\n\n'

random is UNREACHABLE...

Please CHECK ...!!

++ echo random
++ set +x
++ ping -c 2 192.168.1.100
++ '[' 0 -eq 0 ']'
++ echo 192.168.1.100
++ set +x
Please enter password for vikas : Vicky#098
++ host=192.168.1.100
++ '[' 192.168.1.100 == CBICDG-J04 ']'
++ echo 'scp -p -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no /home/vikas/May_31/rcmds 192.168.1.100:'
++ pass
++ cd /home/vikas/May_31
++ /usr/bin/perl
Warning: Permanently added '192.168.1.100' (RSA) to the list of known hosts.
reverse mapping checking getaddrinfo for kick.168.192.in-addr.arpa failed - POSSIBLE BREAK-IN ATTEMPT!
vikas@192.168.1.100's password:
rcmds 100% 189 0.2KB/s 00:00
++ cd /home/vikas
++ echo 'ssh -t -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no 192.168.1.100 "bash rcmds"'
++ pass
++ cd /home/vikas/May_31
++ /usr/bin/perl
Warning: Permanently added '192.168.1.100' (RSA) to the list of known hosts.
reverse mapping checking getaddrinfo for kick.168.192.in-addr.arpa failed - POSSIBLE BREAK-IN ATTEMPT!
vikas@192.168.1.100's password: <--- This is working fine
[sudo] password for vikas: <--- I am stucked in giving this password

Any suggestions, how to automate the password prompt required for sudo commands.

Thanks in advance.

estabroo · 05-31-2011, 05:05 PM

I think perl's expect handles regex in the patterns so you could use a pattern like below to match both of them

Code:

$exp->expect($timeout,
 ['-re',"assword.*?:",sub {$exp->send("$pass\n");}]
 );

vikas027 · 06-01-2011, 06:04 AM

Quote:

Originally Posted by estabroo

I think perl's expect handles regex in the patterns so you could use a pattern like below to match both of them

Code:

$exp->expect($timeout,
 ['-re',"assword.*?:",sub {$exp->send("$pass\n");}]
 );

Hi estabroo,
This too not working for me.
Same error.

vikas027 · 06-01-2011, 02:20 PM

Hi All/Estabroo

I was not able to provide two password entries simultaneously, but I did a work around. I first added ssh-keys and then ran sudo command through ssh , and then supplied password from my pass function. This indeed worked well for me

BUT, still my question remains the same, how to provide input automatically when there is more than one input is required.

For E.g. ssh-keygen -t dsa requires user to press enter key (taking all defaults) 4-5 times.

Anyway to automate this through perl-Expect ?

bigearsbilly · 06-01-2011, 05:01 PM

edit the sudoers file to disable passwords for some commands.

vikas027 · 06-01-2011, 05:09 PM

Quote:

Originally Posted by bigearsbilly

edit the sudoers file to disable passwords for some commands.

That is the easiest way to do so, but sadly my customer prohibits that.

bigearsbilly · 06-01-2011, 05:13 PM

you have a silly customer.
:-)

perhaps the admin at the other end is a bit rubbish?
I'm glad it isn't my job.

can you not convince them this is impractical?

bigearsbilly · 06-01-2011, 05:19 PM

have you tried using autoexpect

it usually comes with expect.

That's usually where I start.

vikas027 · 06-02-2011, 04:12 AM

Quote:

Originally Posted by bigearsbilly

have you tried using autoexpect

it usually comes with expect.

That's usually where I start.

I do not have any option apart from perl-Expect.