|
Home > Archive > Unix Shell > February 2007 > SSH login automation by Expect, get stucked at last step....Help!!!
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
SSH login automation by Expect, get stucked at last step....Help!!!
|
|
| Schubert 2007-02-14, 1:29 am |
| My mission is very simple.
1. Login in a server through ssh.
2. Then run a batch file.
I use Expect to do the automation.
The script is like this:
--------------------------------------------------------------------------
spawn ssh -p 10022 root@<Server IP address>
expect "root@<Server IP address>'s password: "
send "public\r"
expect {
"\[root@<Server Name>:<Server IP address>\]" {
send "run batch filename.txt\r"}
}
--------------------------------------------------------------------------
Here is the screen output I got if I do this manually:
------------------------------------------------------------------------
> ssh -p 10022 root@<Server IP address>
root@<Server IP address>'s password: public <key-in>
<Server Name>
You're logged on from <Another Server IP address>
[root@<Server Name>:<Server IP address>]: run batch filename.txt
<key-
in>
batch file success message shown
-------------------------------------------------------------------------
But when I use Expect script above to automate the manual steps, it
will get stuck running the batch file. It simply shows the
[root@<Server Name>: <Server IP address>] prompt and then stops. Does
anybody know why this happens? Greatly appreciated.
| |
| Alexander Skwar 2007-02-14, 7:20 am |
| Schubert <cxbest2004@yahoo.com>:
> My mission is very simple.
>
> 1. Login in a server through ssh.
> 2. Then run a batch file.
>
>
> I use Expect to do the automation.
Hm - why are you using Expect to do the automation? I'd suggest
to setup public key authentication. If that's setup, you could
do
ssh $host $command
Ie. login to $host and then run $command. No need for expect.
Alexander Skwar
| |
| Schubert 2007-02-14, 7:20 am |
| On Feb 14, 5:24 am, Alexander Skwar <alexan...@skwar.name> wrote:
> Schubert <cxbest2...@yahoo.com>:
>
>
>
>
> Hm - why are you using Expect to do the automation? I'd suggest
> to setup public key authentication. If that's setup, you could
> do
>
> ssh $host $command
>
> Ie. login to $host and then run $command. No need for expect.
>
> Alexander Skwar
Thanks Alexander, but this is just a very small part of the entire
mission. Do you know what the problem is?
| |
| Alexander Skwar 2007-02-14, 7:20 am |
| Schubert <cxbest2004@yahoo.com>:
> Thanks Alexander, but this is just a very small part of the entire
> mission. Do you know what the problem is?
As I understood, the problem is, that you cannot
run $command after you logged in. To solve that,
I suggest to login to SSH using the "normal"
way (ie. public key authentication" and then have
SSH run the command. Problem solved - although
with a different approach then you used.
Alexander Skwar
| |
| Carbon 2007-02-14, 1:20 pm |
| On Wed, 14 Feb 2007 14:06:04 +0100, Alexander Skwar wrote:
> Schubert <cxbest2004@yahoo.com>:
>
>
> As I understood, the problem is, that you cannot run $command after you
> logged in. To solve that, I suggest to login to SSH using the "normal"
> way (ie. public key authentication" and then have SSH run the command.
> Problem solved - although with a different approach then you used.
For the record I'm backing up about a dozen remote partitions using rsync
and public key authentication. If I want to check the size of a remote
partition I just ssh remotehost "df -h". No passwords, no fuss.
| |
| Schubert 2007-02-14, 1:20 pm |
| On Feb 13, 11:32 pm, Icarus Sparry <use...@icarus.freeuk.com> wrote:
> On Tue, 13 Feb 2007 18:25:50 -0800, Schubert wrote:
>
>
>
>
>
>
>
>
>
>
>
>
>
> Your first problem is that the '[' character means two different things to
> expect. The first meaning command substitution, and the second is in
> pattern matching. You have only one layer of protection against these two
> meanings, so you avoid the command substitution, but not the "glob"
> meaning.
>
> In general with tcl it is better to use the {} rather than the "" way of
> quoting.
>
> Expect has a "-exact" flag to its expect command. So you should write this
> as
>
> expect {
> -exact {[root@<ZServer Name>:<Server IP Address>]} {
> send "run batch filename.txt\r" }
>
> }
>
> However doing this will not solve your problem. There are two things you
> can obviously do to help.The problem is almost certainly in the pattern
> match. It may be that the remote server is sending extra characters
> perhaps to make the prompt appear in a different colour.
>
> The first thing is to run "expect -d yourscript". This will produce lots
> of output where you will see expect asking itself 'does "some output or
> other" match exact pattern "[root@...]" - no'. In this you will see what
> expect has received, and you may be able to alter your pattern to account
> for any extra characters.
>
> The other thing you can do is to find the "autoexpect" script, which comes
> with expect. Run this once, doing the commands you want, and it will write
> the expect script for you.- Hide quoted text -
>
> - Show quoted text -
Hi Lcarus, I have tried your way, but got a very wierd problem, let me
first attach the script (generated by autoexpect) afterwards, then
explain what i have seen:
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
#!/usr/lab/bin/expect -f
set force_conservative 0 ;# set to 1 to force conservative mode even
if
;# script wasn't run conservatively originally
if {$force_conservative} {
set send_slow {1 .1}
proc send {ignore arg} {
sleep .1
exp_send -s -- $arg
}
}
set timeout -1
spawn ssh -p 10022 root@<Server IP address>
match_max 100000
expect -exact "root@<Server IP address>'s password: "
send -- "public\r"
expect -exact "\r
\r
\r
EMS CLI\r
You're logged on from <another server IP address> \r\r
\r
\r
\[root@emscli:<another server IP address>\] "
send -- "run batch filename.txt\r"
expect -exact "run batch filename.txt\r
\[root@emscli:<another server IP address>\] "
send -- "exit\r"
expect eof
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
It runs well until the prompt [root@emscli:<another server IP
address>] appears, however, it is covered with two "run batch
filename.txt" command. In other words, I can see part of the prompt
from the space between the command "run batch filename.txt". Isn't
that wierd??? Then, it stops, no any response even if I press carriage
return. Anybody can figure it out???
| |
| Steven Mocking 2007-02-14, 1:20 pm |
| Schubert wrote:
> On Feb 14, 5:24 am, Alexander Skwar <alexan...@skwar.name> wrote:
>
> Thanks Alexander, but this is just a very small part of the entire
> mission. Do you know what the problem is?
Disclaimer: the gender of the fictional persona is entirely coincidental
Alice: I'm using a gun to shoot my windows open, but I seem to be
shooting holes in the wall instead. I think it's broken.
Bob: Use the window's handle
Alice: You don't understand. How will that make my gun work?
| |
| Schubert 2007-02-14, 1:20 pm |
| On Feb 14, 10:39 am, Steven Mocking
<u...@quicknet.youmightwanttogetridofthis.nl> wrote:
> Schubert wrote:
>
>
>
>
>
>
> Disclaimer: the gender of the fictional persona is entirely coincidental
>
> Alice: I'm using a gun to shoot my windows open, but I seem to be
> shooting holes in the wall instead. I think it's broken.
> Bob: Use the window's handle
> Alice: You don't understand. How will that make my gun work?- Hide quoted text -
>
> - Show quoted text -
Well, Steven, I totally understand what you mean, but there will be
hundreds of machines that require me to do this (ssh in a server and
then run batch) daily. Do you still think that's an easy job if I
don't automate them???
| |
| Schubert 2007-02-14, 1:20 pm |
| On Feb 14, 11:02 am, Icarus Sparry <use...@icarus.freeuk.com> wrote:
> On Wed, 14 Feb 2007 06:48:10 -0800, Schubert wrote:
>
>
>
>
> -------------------------------------------------------------------------=
->> > spawn ssh -p 10022 root@<Server IP address>
>
>
>
>
> --------------------------------------------------------------------------
>
>
> ------------------------------------------------------------------------
>
>
>
>
>
> -------------------------------------------------------------------------
>
>
>
>
> to
two[vbcol=seagreen]
>
of[vbcol=seagreen]
>
> this
>
>
>
ou[vbcol=seagreen]
>
ts[vbcol=seagreen]
at[vbcol=seagreen]
unt[vbcol=seagreen]
>
> comes
> write
>
>
>
> -------------------------------------------------------------------------=
--=AD----------------------------------------------------------------------=
-----=AD-----------------------------------------------------
>
>
>
>
>
>
> -------------------------------------------------------------------------=
--=AD----------------------------------------------------------------------=
-----=AD-----------------------------------------
>
>
> The "stop" is because it is still looking for the pattern. there is nothi=
ng
> in your script that is expecting you to press CR, so this is just buffere=
d=2E
>
> the doubled "run batch..." is not weird, it is the result of echoing the
> command and it thinking that it has matched the command.
>
> Try changing the
>
> expect -exact "run batch filename.txt\r
> \[root@emscli:<another server IP address>\] "
>
> to
>
> expect -exact "\[root@emscli:<another server IP address>\] "
>
> if this works then try this
>
> #!/usr/lab/bin/expect -f
> set force_conservative 0 ;# set to 1 to force conservative mode even if
> ;# script wasn't run conservatively originally
> if {$force_conservative} {
> set send_slow {1 .1}
> proc send {ignore arg} {
> sleep .1
> exp_send -s -- $arg
> }
>
> }
>
> proc prompt {} {
> global spawn_id
> expect -exact "\[root@emscli:<another server IP address>\] "
>
> }
>
> set timeout -1
> spawn ssh -p 10022 root@<Server IP address>
> match_max 100
> expect -exact "root@<Server IP address>'s password: "
> send -- "public\r"
> prompt
> send -- "run batch filename.txt\r"
> prompt
> send -- "exit\r"
> expect eof
>
> or send me the output of running 'expect -d', this email address is valid=
..- Hide quoted text -
>
> - Show quoted text -- Hide quoted text -
>
> - Show quoted text -
I still got the same problem when I execute the adapted script. I have
sent an email to you, Lcarus. Thank you.
| |
| Chris F.A. Johnson 2007-02-14, 7:21 pm |
| On 2007-02-14, Schubert wrote:
> On Feb 14, 10:39 am, Steven Mocking
>
> Well, Steven, I totally understand what you mean, but there will be
> hundreds of machines that require me to do this (ssh in a server and
> then run batch) daily. Do you still think that's an easy job if I
> don't automate them???
Of course you automate them. Just don't use expect. Use host key
authentication and a shell script.
--
Chris F.A. Johnson, author <http://cfaj.freeshell.org/shell>
Shell Scripting Recipes: A Problem-Solution Approach (2005, Apress)
===== My code in this post, if any, assumes the POSIX locale
===== and is released under the GNU General Public Licence
| |
| Schubert 2007-02-14, 7:21 pm |
| On Feb 14, 2:37 pm, "Chris F.A. Johnson" <cfajohn...@gmail.com> wrote:
> On 2007-02-14, Schubert wrote:
>
>
>
>
> Of course you automate them. Just don't use expect. Use host key
> authentication and a shell script.
>
> --
> Chris F.A. Johnson, author <http://cfaj.freeshell.org/shell>
> Shell Scripting Recipes: A Problem-Solution Approach (2005, Apress)
> ===== My code in this post, if any, assumes the POSIX locale
> ===== and is released under the GNU General Public Licence
Thanks Chris, could you please send me the links related to use host
key authentication automation and the examples of shell script?
| |
| Chris F.A. Johnson 2007-02-14, 7:21 pm |
| On 2007-02-14, Schubert wrote:
> On Feb 14, 2:37 pm, "Chris F.A. Johnson" <cfajohn...@gmail.com> wrote:
>
> Thanks Chris, could you please send me the links related to use host
> key authentication automation
man ssh-keygen
> and the examples of shell script?
Put the commands into a file (replace "command args" with the
command you want to execute on the remote machine):
ssh example.com command args
ssh example.net command args
ssh qwerty.example.net command args
Then "chmod +x FILE", and execute the FILE.
--
Chris F.A. Johnson, author <http://cfaj.freeshell.org/shell>
Shell Scripting Recipes: A Problem-Solution Approach (2005, Apress)
===== My code in this post, if any, assumes the POSIX locale
===== and is released under the GNU General Public Licence
| |
| Alexander Skwar 2007-02-15, 1:19 pm |
| Schubert <cxbest2004@yahoo.com>:
> Well, Steven, I totally understand what you mean, but there will be
> hundreds of machines that require me to do this (ssh in a server and
> then run batch) daily. Do you still think that's an easy job if I
> don't automate them???
Who's talking about NOT automating the task? Certainly not
me.
When you run "ssh $host $command", ssh will logon to $host
and run $command on that machine. How's that NOT automated?
Alexander Skwar
| |
| Alexander Skwar 2007-02-15, 1:19 pm |
| Schubert <cxbest2004@yahoo.com>:
> On Feb 14, 2:37 pm, "Chris F.A. Johnson" <cfajohn...@gmail.com> wrote:
>
> Thanks Chris, could you please send me the links related to use host
> key authentication automation
- Create SSH key with no password
- Copy that Key to ~/.ssh/authorized_keys (if you're using OpenSSH) on
the target machine
-> Done
> and the examples of shell script?
Your shell script is what you want to run the $host.
Example "shell script": "hostname". No, I'm not kidding.
Alexander Skwar
| |
| Joe Emenaker 2007-02-17, 7:19 am |
| On Feb 14, 4:03 am, "Schubert" <cxbest2...@yahoo.com> wrote:
>
>
>
> Thanks Alexander, but this is just a very small part of the entire
> mission. Do you know what the problem is?
I think Alexander's point is (and many of us were thinking the same
thing), is why you aren't using SSH's public-key login capability...
IF...
* You use ssh-keygen to generate id_dsa/id_dsa.pub or id_rsa/
id_rsa.pub files in your $HOME/.ssh directory... and...
* The lines from the id_rsa.pub or id_dsa.pub files appear in the
$HOME/.ssh/authorized_hosts2 file on the remote machine... and...
* The remote machine's $HOME/.ssh/authorized_hosts2 file is owned by
the account owner and chmod'ed to 600...
THEN
* ssh shouldn't even ask you for a password when you try "ssh
remoteuser@remote.host.com"
Once you've gotten this to work once, you'll never go back. In fact, I
wrote a nifty little script that copies my public keys from my current
account to the authorized_hosts2 file of any other account I use. So,
it's really easy to set up now...
| |
| Kenny McCormack 2007-02-17, 1:17 pm |
| In article <1171703187.661874.44530@v45g2000cwv.googlegroups.com>,
Joe Emenaker <joe.emenaker@gmail.com> wrote:
>On Feb 14, 4:03 am, "Schubert" <cxbest2...@yahoo.com> wrote:
>
>I think Alexander's point is (and many of us were thinking the same
>thing), is why you aren't using SSH's public-key login capability...
Well, this is the nugget of every single question posted here (and,
basically, every other "support" board). Do you solve OP's problem as
posted, or do you try to reverse-engineer what he's really trying to do?
And the answer to this question boils down to:
1) It is insulting and rude to reverse-engineer.
2) It is usually "correct" to do so.
Personally, I think it is better to just take the problem as given,
assume that he has good reasons for doing it the way he is (as he says,
this is only part of a much bigger system, and I think we should take
his word for it that it can't be changed - i.e., it makes no sense to
tell him to re-engineer his whole system at this point).
Another point-of-view on this is that we all understand that, before
posting our questions to a board, we are supposed to reduce the problem
down to the barest essentials (trim away all the project-specific aspects
of it). This is all covered in the 'how to ask smart questions'
document that is frequently URL'd here. It is also common sense.
However, this has the effect that, in doing so, you make it too easy for
the "helpers" to say, "Well just do this instead", because they don't
see why you are doing it the way you are doing it (because you've elided
the details of your problem context that would allow them to see why you
are doing it the way you are doing it!)
| |
| Schubert 2007-02-19, 1:16 pm |
| On Feb 17, 10:20 am, gaze...@xmission.xmission.com (Kenny McCormack)
wrote:
> In article <1171703187.661874.44...@v45g2000cwv.googlegroups.com>,
>
> Joe Emenaker <joe.emena...@gmail.com> wrote:
>
>
>
>
>
> Well, this is the nugget of every single question posted here (and,
> basically, every other "support" board). Do you solve OP's problem as
> posted, or do you try to reverse-engineer what he's really trying to do?
>
> And the answer to this question boils down to:
> 1) It is insulting and rude to reverse-engineer.
> 2) It is usually "correct" to do so.
>
> Personally, I think it is better to just take the problem as given,
> assume that he has good reasons for doing it the way he is (as he says,
> this is only part of a much bigger system, and I think we should take
> his word for it that it can't be changed - i.e., it makes no sense to
> tell him to re-engineer his whole system at this point).
>
> Another point-of-view on this is that we all understand that, before
> posting our questions to a board, we are supposed to reduce the problem
> down to the barest essentials (trim away all the project-specific aspects
> of it). This is all covered in the 'how to ask smart questions'
> document that is frequently URL'd here. It is also common sense.
> However, this has the effect that, in doing so, you make it too easy for
> the "helpers" to say, "Well just do this instead", because they don't
> see why you are doing it the way you are doing it (because you've elided
> the details of your problem context that would allow them to see why you
> are doing it the way you are doing it!)
Thank you very much for you guy's reply. The point is when I logged
into the ssh server, I cannot execute unix command like "ls", "cp"
etc., so I am not able to reach the directory like /.ssh on the
server, which means I cannot do change mode. But, I can execute
command like "run", "show". I have already created the key pair, and
want to scp the public key to the ssh server, but I failed to do so.
An error message like below shows:
WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY
blah, blah, blah ....
How should I do?
|
|
|
|
|