ProgrammingThis forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have created an expect script which used for running health check shell script(UX_health_monitor.sh) saved in remote Linux servers. This expect script is able to run remotely saved health check shell script from my jump Linux server and this same expect script is able to do scp of remotely generated health report to my jump server.
But this expect script is not able to send me email.
But at the end of execution of this expect script I am getting below error message:
spawn ssh -o StrictHostKeychecking=no batman@ ssh: Could not resolve hostname : Name or service not known
spawn 'echo "Find the Attached Daily Health Check Report of Backup Servers" | mail -s "Backup Servers Daily Health Check Report `date +%d%b%Y`" cj@delta.com -A /tmp/health_mon/Daily_Health_Report*_`date +%d%b%Y`.txt'
couldn't execute "'echo "Find the Attached Daily Health Check Report of Backup Servers" | mail -s "Backup Servers Daily Health Check Report `date +%d%b%Y`" cj@delta.com -A /tmp/health_mon/Daily_Health_Report*_`date +%d%b%Y`.txt'": no such file or directory
while executing
"spawn '$MAIL'"
(file "./expect_health_report" line 78)
[root@abc]#
Below is the code of my expect script:
Code:
#!/usr/bin/expect -f
# Set timout for script
set timeout 5
# Defining Login user and password
set user "batman"
set password "robin"
# Get the list of hosts, one per line
set fh [open "hosts.txt"]
set hosts [split [read $fh] "\n"]
close $fh
# commands to run, one per line
set HCR {/root/health_mon/UX_health_monitor.sh 1> /tmp/Daily_Health_Report_`hostname`_`date +%d%b%Y`.txt 2> /dev/null}
set MAIL {echo "Find the Attached Daily Health Check Report of Backup Servers" | mail -s "Backup Servers Daily Health Check Report `date +%d%b%Y`" cj@delta.com -A /tmp/health_mon/Daily_Health_Report*_`date +%d%b%Y`.txt}
# Generated health report file path and Jump server path is defined for scp.
set SCP_FILE "/tmp/Daily_Health_Report_`hostname`_`date +%d%b%Y`.txt"
set SCP_REMOTE "$user@abc:/tmp/health_mon"
# Let the script play..
# Login to the remote Linux hosts
foreach host $hosts {
spawn ssh -o StrictHostKeychecking=no $user@$host
expect {
timeout { continue; }
eof { continue; }
"password:"
}
send "$password\r"
# Become sudo
expect "$"
send "sudo su -\r"
expect "password:"
send "$password\r"
# Run the health Check command
expect "# " { send "$HCR\r" }
# Gather the generated Health Check report from Remote Linux hosts and send it to central jump Linux Server.
expect "#"
send "scp -o StrictHostKeyChecking=no $SCP_FILE $SCP_REMOTE\r"
expect "password:"
send "$password\r"
expect "100%"
sleep 1
# Exit from Remote Linux hosts
expect "# "
send "exit\r"
expect "$"
send "exit\r"
expect eof
}
# Send Report on email.
sleep 2
spawn '$MAIL'
expect eof
There are also two very deadly bugs with your code. The first one is using passwords instead of keys. By itself it would be dependent on the strength of the password, but when combined with the second bug it guarantees 100% success of any Man-in-the-Middle attacks. The second one is that you have set StrictHostKeychecking to "no". Again, that guarantees 100% success of any Man-in-the-Middle attacks between your machines. Wherever you copied that script from, you should report them for security violations and promulgating unsound practices.
OpenSSH can't protect you if it is configured in an unsafe manner like you have in your current script.
Before progressing, please change StrictHostKeychecking back to "yes" or at least to "accept-new". Then please set up key-based authentication between your client machine and your SSH server so that you can turn off password authentication.
There is a third unsafe practice in your script, that is the passing of the root password for the remote machine just to run a single script. Remove the stanza entitled "Become sudo". Instead say:
That way you do not need to have the password nor is there a way to escape from the script since no parameters may be passed. In fact, it might be possible then to do away with expect entirely and just SSH with the shell. Less complicated.
Thanks for highlighting security vulnearbilty in my script surely I will resolve this as you suggested. But issue with my script is it is not able to send email I have put this below code for sending email by expect:
Code:
sleep 2
spawn '$MAIL'
expect eof
Let me know if there is alternate way for sending email through expect script my motive is post generating of health check report expect should exit from remote machine and from jump server it send email to me with the attached report which is gathered from scp from remote machine.
As of now I am able to gather health check report from scp that means code is running fine till that below parameters:
Code:
#!/usr/bin/expect -f
# Set timout for script
set timeout 5
# Defining Login user and password
set user "batman"
set password "robin"
# Get the list of hosts, one per line
set fh [open "hosts.txt"]
set hosts [split [read $fh] "\n"]
close $fh
# commands to run, one per line
set HCR {/root/health_mon/UX_health_monitor.sh 1> /tmp/Daily_Health_Report_`hostname`_`date +%d%b%Y`.txt 2> /dev/null}
set MAIL {echo "Find the Attached Daily Health Check Report of Backup Servers" | mail -s "Backup Servers Daily Health Check Report `date +%d%b%Y`" cj@delta.com -A /tmp/health_mon/Daily_Health_Report*_`date +%d%b%Y`.txt}
# Generated health report file path and Jump server path is defined for scp.
set SCP_FILE "/tmp/Daily_Health_Report_`hostname`_`date +%d%b%Y`.txt"
set SCP_REMOTE "$user@abc:/tmp/health_mon"
# Let the script play..
# Login to the remote Linux hosts
foreach host $hosts {
spawn ssh -o StrictHostKeychecking=no $user@$host
expect {
timeout { continue; }
eof { continue; }
"password:"
}
send "$password\r"
# Become sudo
expect "$"
send "sudo su -\r"
expect "password:"
send "$password\r"
# Run the health Check command
expect "# " { send "$HCR\r" }
# Gather the generated Health Check report from Remote Linux hosts and send it to central jump Linux Server.
expect "#"
send "scp -o StrictHostKeyChecking=no $SCP_FILE $SCP_REMOTE\r"
expect "password:"
send "$password\r"
expect "100%"
sleep 1
# Exit from Remote Linux hosts
expect "# "
send "exit\r"
expect "$"
send "exit\r"
expect eof
}
Distribution: Debian /Jessie/Stretch/Sid, Linux Mint DE
Posts: 5,195
Rep:
Did you resolve the first problem then? Any feedback to the forum how you solved it and what error it was?
You say
Quote:
Code:
sleep 2
spawn '$MAIL'
expect eof
How is it failing? Error message?
It did give an error message. Have you read it? What should it mean?
And no, this is not the way to send mail. Use the tcl exec command to execute an external command. Capture the output of exec and perform a check on the result. You don't have to connect, enter passwords, wait for reply etc, so it is no use to use an expect command.
What upsets me is that your first line in your OP is:
Quote:
I have created an expect script which used for running health check shell
You did not create it. You copied it and you don't have a clue what you are doing. Copying as such is not a problem, we all do. But it is annoying if you claim you created it.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.