I am trying to write an expect script that trys to telnet, if telnet fails, trys to ssh to a remote network devices.
The script works fine until the following is received :
spawn telnet 10.3.2.24
Trying 10.3.2.24...
telnet: connect to address 10.3.2.24: Connection refused
10.3.2.24 is not reachable!!
spawn ssh -l myname 10.3.2.24
The authenticity of host '10.3.2.24 (10.3.2.24)' can't be established.
RSA key fingerprint is b1:z6:22:85:3a:a6:z0:ae:6d:b3:9d:f6:77:85:01:aa.
Are you sure you want to continue connecting (yes/no)?
Ive added
expect {continue connecting*} {send "yes\r"}
at different places within the telnet host not reachable section, but cant
get expect to respond.
Ive added the entire script below for those who may want to look at it.
#! /usr/local/bin/expect --
#
# Setup Log file that will contain all steps of the process.
#============================================================
puts "[exec clear]"
set nam "[ clock format [ clock seconds ] -format "%m%d%H%M" ].log"
log_file -a $nam
#
# Open Seedfile and setup log containing failed connections.
#=============================================================
set ifil [open "seedfileofips" r]
set ofil [open "[ clock format [ clock seconds ] -format "%m%d%H%M" ].err" w]
###
# Main Body. While reading the seedfile, telnet to site
# or ssh to site
#=============================================================
while { [gets $ifil host] >=0 } {
send_user "Standby ... Validating ... $host \n"
puts "[exec clear]"
set taclnam "myname"
set tacpswd "mypassword"
set timeout 30
spawn telnet $host
I haven't read your Expect script because it's been far too long since I last wrote anything in Tcl.
Anyway, I think there is no real need for any sophisticated Expect prompting logic here
since the warning you encounter from your SSH client about an unknown host identity
can be easily circumvented.
If your SSH client connects to a remote SSH server whose host identity it cannot verify,
either because it is the first connect to this host, or maybe the remote host's SSH server was started with different host keys meanwhile (maybe its admin updated SSH and neglected restoring its host key) it will warn you as long as StrictHostKeyChecking isn't set to "no" (per default it is set to "ask", see man ssh_config).
If it is the first connect and you have verified that the presented fingerprint of the remote host key is correct (or you trust it anyway) you simply need to confirm this warning with yes.
Your SSH client will then create a file $HOME/.ssh/known_hosts (if it hasn't existed yet)
and append the public host key offered from the remote SSH server to it.
From then on it will never again ask you as long as the host key on the remote server or the entry in your local known_hosts file for that host will not change.
In that respect it even wouldn't help if you provided an extra yes response in your Expect prompt logic.
However, there are even other ways how you can connect if you don't care for strict host key checking at all (which maybe isn't advisable in a potentially hostile environment)
You could run the SSH command with the following options:
This will (even if the host key changed, or there is a real man-in-the-middle attack!) don't care about the validity of the host key's fingerprint and automatically "add" any offered host key to the bit bucket /dev/null.
The quiet option -q will suppress any warning text of this action,
and BatchMode will not prompt for any passwords or passphrases.
So you should run this command with distributed RSA keys which have either no passphrase attached to them, or have started an ssh-agent a priori which had added the necessary RSA key for this connection.
Please, consult man ssh and man ssh_config for details.
I have write a script which contains
ssh -p 12345 dcplatform@10.125.42.50
ssh 127.0.0.1 -p 5555 "$CMD"
ssh root@$GUEST_IP "$CMD"
before I use public key, it works well, now I want to change to "expect", BUT I don't want to change above code and "parameter position"
I can post a... (1 Reply)
Hi,
I am using Solaris OS,
I want to handle an occasional expression in expect script while logging into a remote server with ssh.
In normal scenario the expected expression is as below,
spawn ssh $user@$ip
expect "assword:"
send "$password\r"
but in a condition when the remote server... (2 Replies)
(Crossposting note: I have already posted this article on comp.lang.tcl 6 days ago and on the tek-tips dot com forum 3 days ago. This is posted here again, because I didn't get any response on my original articles there).
I use the following script on Solaris to log into a remote host:
... (3 Replies)
Hi
I would like to know how to handle my script that expects an input when calling the script and the user doesn't enter anything, I need to re-direct to my helpfile.
Bascically here is my script:
#!/bin/bash
csvdir="/var/local/dsx/csv/general"
csvfile="$csvdir/$csvfile"... (3 Replies)
Hi experts
I know the expect script can match the terminal output to run the the following cmd
I write a script with expect named "test", I want to run ten "test" with background running,
for ((i=1;i<=10;i++)
do
./test -n $i
done
I find all the output of test will print on one... (0 Replies)
I am using Net::SSH::Expect to connect to the device(iLO) with SSH. After the $ssh->login() I'm able to view the prompt, but not able to send any coommands.
With the putty I can connect to the device and execute the commands without any issues.
Here is the sample script
my $ssh =... (0 Replies)
Hi.
I'm trying to automate access to an Amazon Web Services machine instance. What this means is that my script is trying to use ssh to connect to a new server every time. I know the RSA fingerprint of my new server through an out-of-band channel.
I would like to capture the RSA fingerprint... (0 Replies)
Hi All,
I have to make an alert that'll wait for ssh response from the server for certain seconds, if no response is there in between it'll raise an alarm.
Havn't found any option for this yet, pls. help if anyone knows abt this. Any suggestion is welcome. :)
Best Regards,
VG (3 Replies)
hello
I installed expect on my solaris box.
now I want to execute this command on several servers as root (all of them have the same root password):
for i in 1 2 3; do ssh root@"srv"$i" ls /; done;
I want of course to skip these 2 steps:
The authenticity of host 'srv3 (172.21.26.25)'... (4 Replies)