Expect script to ssh into a remote host and change its passwordForce pubkey-auth user to set password at...
What is the energy payback time of solar panels, in hours?
A word that means "blending into a community too much"
How can I make 12 tone and atonal melodies sound interesting?
Can a human be transformed into a Mind Flayer?
Math cases align being colored as a table
Was Self-modifying-code possible just using BASIC?
Does the Nuka-Cola bottler actually generate nuka cola?
Grep Match and extract
C++ logging library
Can we completely replace inheritance using strategy pattern and dependency injection?
I've been given a project I can't complete, what should I do?
Amplitude of a crest and trough in a sound wave?
What are the implications when matrix's lowest eigenvalue is equal to 0?
How can I use the SpendProofV1 to prove I sent Monero to an exchange?
tabular: caption and align problem
Electricity free spaceship
Write a function that checks if a string starts with or contains something
Confused with atmospheric pressure equals plastic balloon’s inner pressure
60s or 70s novel about Empire of Man making 1st contact with 1st discovered alien race
Do you have to have figures when playing D&D?
Ability To Change Root User Password (Vulnerability?)
What is the Leave No Trace way to dispose of coffee grounds?
Why Does Mama Coco Look Old After Going to the Other World?
Arduino wrap or Subclass print() to work with multiple Serial
Expect script to ssh into a remote host and change its password
Force pubkey-auth user to set password at first loginHow to enter/choose session after logout without password in (Linux Mint) Xfce?removing `nullok` from system-auth prevents any root passwordexecute script and enter password from one commandBlock regular users from changing their passwords: only root should be able toReturned to login screen when using ssh-askpass during loginExpect script seems to ignore prompt (RSA fingerprint confirmation)Using expect script to automate password checking for a multitude of routersScript to connect with ssh to remote server with passwordIf I change a user's username and password on a server, should I still be able to remotely SSH in as this user without any other changes?
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}
So recently I have been working on a small script that will login to a remote unix host and change its password, I've never had much experience with expect so its been an upward learning curve.
The script I have so far is this:
#!/usr/bin/expect
#Setting variables based on their location in the original script call
set username [lrange $argv 0 0]
set password [lrange $argv 1 1]
set server [lrange $argv 2 2]
set port [lrange $argv 3 3]
set changeuser [lrange $argv 4 4]
set newpassword [lrange $argv 5 5]
set yesval yes
set prompt "::>"
set timeout 60
spawn ssh -p $port $username@$server
match_max 100000
expect "yes/no" {
send "yesr"
expect "*?assword" { send "$passwordr" }
} "*?assword" { send "$passwordr" }
expect "::>" {
send_user "ssh connection succeededn"
} "*?assword" { send_user "nssh connection failed due to wrong passwordn"; exit 2}
send -- "r"
expect "::>" {send "security login password -username $changeuserr "}
expect "Enter a new password:*" {send "$newpasswordr"}
expect "Enter it again:*" {send "$newpasswordr"}
expect "::>" {send "exitr";send_user "npassword change successful for $changeusern"}
expect "Enter a new password:*" { send "exitr";send_user "npassword change not successful for $changeusern"}
The idea is this will automate a small process, but the script runs down to where it successfully logs into the system and then offers nothing, doesn't continue to the password reset so essentially stops after it ssh's.
UPDATE: Managed to get past the blank line issue by using "send -- "r"" before it runs the password reset command. The script now runs to completion but it clearly enters an incorrect password on the second confirmation. Have added the output below:
::> ssh connection succeeded
::> security login password -username ######
Enter a new password:
Enter it again:
Error: Passwords didn't match.
::>
password change successful for ######
exit
Goodbye
UPDATE 2:
First off thank you guys for your help so far, I switched the script over to debug mode and ran it again, as well as changing how the variables were set.
This is the output from the debug mode, as far as I can see the required passwords are both the same so I am unsure why they are failing.
expect: set expect_out(0,string) "Enter a new password: "
expect: set expect_out(spawn_id) "exp5"
expect: set expect_out(buffer) " security login password -username userrnrnEnter a new password: "
send: sending "Passtest123r" to { exp5 }
expect: does "" (spawn_id exp5) match glob pattern "Enter it again:*"? no
Enter it again:
expect: does "rnEnter it again: " (spawn_id exp5) match glob pattern "Enter it again:*"? yes
expect: set expect_out(0,string) "Enter it again: "
expect: set expect_out(spawn_id) "exp5"
expect: set expect_out(buffer) "rnEnter it again: "
send: sending "Passtest123r" to { exp5 }
expect: does "" (spawn_id exp5) match glob pattern "Error: Passwords didn't match.*"? no
expect: does "rn" (spawn_id exp5) match glob pattern "Error: Passwords didn't match.*"? no
Error: Passwords didn't match.
ssh password expect
asked Mar 20 '18 at 8:36
L MorganL Morgan
113
bumped to the homepage by Community♦ 1 hour ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
So recently I have been working on a small script that will login to a remote unix host and change its password, I've never had much experience with expect so its been an upward learning curve.
The script I have so far is this:
#!/usr/bin/expect
#Setting variables based on their location in the original script call
set username [lrange $argv 0 0]
set password [lrange $argv 1 1]
set server [lrange $argv 2 2]
set port [lrange $argv 3 3]
set changeuser [lrange $argv 4 4]
set newpassword [lrange $argv 5 5]
set yesval yes
set prompt "::>"
set timeout 60
spawn ssh -p $port $username@$server
match_max 100000
expect "yes/no" {
send "yesr"
expect "*?assword" { send "$passwordr" }
} "*?assword" { send "$passwordr" }
expect "::>" {
send_user "ssh connection succeededn"
} "*?assword" { send_user "nssh connection failed due to wrong passwordn"; exit 2}
send -- "r"
expect "::>" {send "security login password -username $changeuserr "}
expect "Enter a new password:*" {send "$newpasswordr"}
expect "Enter it again:*" {send "$newpasswordr"}
expect "::>" {send "exitr";send_user "npassword change successful for $changeusern"}
expect "Enter a new password:*" { send "exitr";send_user "npassword change not successful for $changeusern"}
The idea is this will automate a small process, but the script runs down to where it successfully logs into the system and then offers nothing, doesn't continue to the password reset so essentially stops after it ssh's.
UPDATE: Managed to get past the blank line issue by using "send -- "r"" before it runs the password reset command. The script now runs to completion but it clearly enters an incorrect password on the second confirmation. Have added the output below:
::> ssh connection succeeded
::> security login password -username ######
Enter a new password:
Enter it again:
Error: Passwords didn't match.
::>
password change successful for ######
exit
Goodbye
UPDATE 2:
First off thank you guys for your help so far, I switched the script over to debug mode and ran it again, as well as changing how the variables were set.
This is the output from the debug mode, as far as I can see the required passwords are both the same so I am unsure why they are failing.
expect: set expect_out(0,string) "Enter a new password: "
expect: set expect_out(spawn_id) "exp5"
expect: set expect_out(buffer) " security login password -username userrnrnEnter a new password: "
send: sending "Passtest123r" to { exp5 }
expect: does "" (spawn_id exp5) match glob pattern "Enter it again:*"? no
Enter it again:
expect: does "rnEnter it again: " (spawn_id exp5) match glob pattern "Enter it again:*"? yes
expect: set expect_out(0,string) "Enter it again: "
expect: set expect_out(spawn_id) "exp5"
expect: set expect_out(buffer) "rnEnter it again: "
send: sending "Passtest123r" to { exp5 }
expect: does "" (spawn_id exp5) match glob pattern "Error: Passwords didn't match.*"? no
expect: does "rn" (spawn_id exp5) match glob pattern "Error: Passwords didn't match.*"? no
Error: Passwords didn't match.
ssh password expect
asked Mar 20 '18 at 8:36
L MorganL Morgan
113
bumped to the homepage by Community♦ 1 hour ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
while developing an expect script, turn on debugging so you can see what's coming in and going out: add this to the top of your scriptexp_internal 1or#!/usr/bin/expect -dor run it withexpect -d script.exp
– glenn jackman
Mar 20 '18 at 13:40
Add a shortsleep 1;before each send after receiving the prompt for a password, as the remote may need time to switch echo off etc.
– meuh
Mar 20 '18 at 18:41
add a comment |
So recently I have been working on a small script that will login to a remote unix host and change its password, I've never had much experience with expect so its been an upward learning curve.
The script I have so far is this:
#!/usr/bin/expect
#Setting variables based on their location in the original script call
set username [lrange $argv 0 0]
set password [lrange $argv 1 1]
set server [lrange $argv 2 2]
set port [lrange $argv 3 3]
set changeuser [lrange $argv 4 4]
set newpassword [lrange $argv 5 5]
set yesval yes
set prompt "::>"
set timeout 60
spawn ssh -p $port $username@$server
match_max 100000
expect "yes/no" {
send "yesr"
expect "*?assword" { send "$passwordr" }
} "*?assword" { send "$passwordr" }
expect "::>" {
send_user "ssh connection succeededn"
} "*?assword" { send_user "nssh connection failed due to wrong passwordn"; exit 2}
send -- "r"
expect "::>" {send "security login password -username $changeuserr "}
expect "Enter a new password:*" {send "$newpasswordr"}
expect "Enter it again:*" {send "$newpasswordr"}
expect "::>" {send "exitr";send_user "npassword change successful for $changeusern"}
expect "Enter a new password:*" { send "exitr";send_user "npassword change not successful for $changeusern"}
The idea is this will automate a small process, but the script runs down to where it successfully logs into the system and then offers nothing, doesn't continue to the password reset so essentially stops after it ssh's.
UPDATE: Managed to get past the blank line issue by using "send -- "r"" before it runs the password reset command. The script now runs to completion but it clearly enters an incorrect password on the second confirmation. Have added the output below:
::> ssh connection succeeded
::> security login password -username ######
Enter a new password:
Enter it again:
Error: Passwords didn't match.
::>
password change successful for ######
exit
Goodbye
UPDATE 2:
First off thank you guys for your help so far, I switched the script over to debug mode and ran it again, as well as changing how the variables were set.
This is the output from the debug mode, as far as I can see the required passwords are both the same so I am unsure why they are failing.
expect: set expect_out(0,string) "Enter a new password: "
expect: set expect_out(spawn_id) "exp5"
expect: set expect_out(buffer) " security login password -username userrnrnEnter a new password: "
send: sending "Passtest123r" to { exp5 }
expect: does "" (spawn_id exp5) match glob pattern "Enter it again:*"? no
Enter it again:
expect: does "rnEnter it again: " (spawn_id exp5) match glob pattern "Enter it again:*"? yes
expect: set expect_out(0,string) "Enter it again: "
expect: set expect_out(spawn_id) "exp5"
expect: set expect_out(buffer) "rnEnter it again: "
send: sending "Passtest123r" to { exp5 }
expect: does "" (spawn_id exp5) match glob pattern "Error: Passwords didn't match.*"? no
expect: does "rn" (spawn_id exp5) match glob pattern "Error: Passwords didn't match.*"? no
Error: Passwords didn't match.
ssh password expect
asked Mar 20 '18 at 8:36
L MorganL Morgan
113
So recently I have been working on a small script that will login to a remote unix host and change its password, I've never had much experience with expect so its been an upward learning curve.
The script I have so far is this:
#!/usr/bin/expect
#Setting variables based on their location in the original script call
set username [lrange $argv 0 0]
set password [lrange $argv 1 1]
set server [lrange $argv 2 2]
set port [lrange $argv 3 3]
set changeuser [lrange $argv 4 4]
set newpassword [lrange $argv 5 5]
set yesval yes
set prompt "::>"
set timeout 60
spawn ssh -p $port $username@$server
match_max 100000
expect "yes/no" {
send "yesr"
expect "*?assword" { send "$passwordr" }
} "*?assword" { send "$passwordr" }
expect "::>" {
send_user "ssh connection succeededn"
} "*?assword" { send_user "nssh connection failed due to wrong passwordn"; exit 2}
send -- "r"
expect "::>" {send "security login password -username $changeuserr "}
expect "Enter a new password:*" {send "$newpasswordr"}
expect "Enter it again:*" {send "$newpasswordr"}
expect "::>" {send "exitr";send_user "npassword change successful for $changeusern"}
expect "Enter a new password:*" { send "exitr";send_user "npassword change not successful for $changeusern"}
The idea is this will automate a small process, but the script runs down to where it successfully logs into the system and then offers nothing, doesn't continue to the password reset so essentially stops after it ssh's.
UPDATE: Managed to get past the blank line issue by using "send -- "r"" before it runs the password reset command. The script now runs to completion but it clearly enters an incorrect password on the second confirmation. Have added the output below:
::> ssh connection succeeded
::> security login password -username ######
Enter a new password:
Enter it again:
Error: Passwords didn't match.
::>
password change successful for ######
exit
Goodbye
UPDATE 2:
First off thank you guys for your help so far, I switched the script over to debug mode and ran it again, as well as changing how the variables were set.
This is the output from the debug mode, as far as I can see the required passwords are both the same so I am unsure why they are failing.
expect: set expect_out(0,string) "Enter a new password: "
expect: set expect_out(spawn_id) "exp5"
expect: set expect_out(buffer) " security login password -username userrnrnEnter a new password: "
send: sending "Passtest123r" to { exp5 }
expect: does "" (spawn_id exp5) match glob pattern "Enter it again:*"? no
Enter it again:
expect: does "rnEnter it again: " (spawn_id exp5) match glob pattern "Enter it again:*"? yes
expect: set expect_out(0,string) "Enter it again: "
expect: set expect_out(spawn_id) "exp5"
expect: set expect_out(buffer) "rnEnter it again: "
send: sending "Passtest123r" to { exp5 }
expect: does "" (spawn_id exp5) match glob pattern "Error: Passwords didn't match.*"? no
expect: does "rn" (spawn_id exp5) match glob pattern "Error: Passwords didn't match.*"? no
Error: Passwords didn't match.
ssh password expect
ssh password expect
asked Mar 20 '18 at 8:36
L MorganL Morgan
113
asked Mar 20 '18 at 8:36
L MorganL Morgan
113
edited Mar 20 '18 at 14:47
L Morgan
asked Mar 20 '18 at 8:36
L MorganL Morgan
113
asked Mar 20 '18 at 8:36
L MorganL Morgan
113
asked Mar 20 '18 at 8:36
L MorganL Morgan
113
113
bumped to the homepage by Community♦ 1 hour ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
bumped to the homepage by Community♦ 1 hour ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
while developing an expect script, turn on debugging so you can see what's coming in and going out: add this to the top of your scriptexp_internal 1or#!/usr/bin/expect -dor run it withexpect -d script.exp
– glenn jackman
Mar 20 '18 at 13:40
Add a shortsleep 1;before each send after receiving the prompt for a password, as the remote may need time to switch echo off etc.
– meuh
Mar 20 '18 at 18:41
add a comment |
while developing an expect script, turn on debugging so you can see what's coming in and going out: add this to the top of your scriptexp_internal 1or#!/usr/bin/expect -dor run it withexpect -d script.exp
– glenn jackman
Mar 20 '18 at 13:40
Add a shortsleep 1;before each send after receiving the prompt for a password, as the remote may need time to switch echo off etc.
– meuh
Mar 20 '18 at 18:41
while developing an expect script, turn on debugging so you can see what's coming in and going out: add this to the top of your script
exp_internal 1 or #!/usr/bin/expect -d or run it with expect -d script.exp– glenn jackman
Mar 20 '18 at 13:40
while developing an expect script, turn on debugging so you can see what's coming in and going out: add this to the top of your script
exp_internal 1 or #!/usr/bin/expect -d or run it with expect -d script.exp– glenn jackman
Mar 20 '18 at 13:40
Add a short
sleep 1; before each send after receiving the prompt for a password, as the remote may need time to switch echo off etc.– meuh
Mar 20 '18 at 18:41
Add a short
sleep 1; before each send after receiving the prompt for a password, as the remote may need time to switch echo off etc.– meuh
Mar 20 '18 at 18:41
add a comment |
1 Answer
1
active
oldest
votes
Not an answer, but a comment that needs formatting: The way you're getting the script's arguments is subtly wrong. lrange returns a list, and when you stringify a list some special characters are going to get escaped. This would affect the password you send. Do this instead:
set username [lindex $argv 0]
set password [lindex $argv 1]
set server [lindex $argv 2]
set port [lindex $argv 3]
set changeuser [lindex $argv 4]
set newpassword [lindex $argv 5]
or
lassign $argv username password server port changeuser newpassword
Since you send the same possibly wrong password twice, I don't see why you're getting that error. Adding debugging may reveal the issue.
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f432257%2fexpect-script-to-ssh-into-a-remote-host-and-change-its-password%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Not an answer, but a comment that needs formatting: The way you're getting the script's arguments is subtly wrong. lrange returns a list, and when you stringify a list some special characters are going to get escaped. This would affect the password you send. Do this instead:
set username [lindex $argv 0]
set password [lindex $argv 1]
set server [lindex $argv 2]
set port [lindex $argv 3]
set changeuser [lindex $argv 4]
set newpassword [lindex $argv 5]
or
lassign $argv username password server port changeuser newpassword
Since you send the same possibly wrong password twice, I don't see why you're getting that error. Adding debugging may reveal the issue.
add a comment |
Not an answer, but a comment that needs formatting: The way you're getting the script's arguments is subtly wrong. lrange returns a list, and when you stringify a list some special characters are going to get escaped. This would affect the password you send. Do this instead:
set username [lindex $argv 0]
set password [lindex $argv 1]
set server [lindex $argv 2]
set port [lindex $argv 3]
set changeuser [lindex $argv 4]
set newpassword [lindex $argv 5]
or
lassign $argv username password server port changeuser newpassword
Since you send the same possibly wrong password twice, I don't see why you're getting that error. Adding debugging may reveal the issue.
add a comment |
Not an answer, but a comment that needs formatting: The way you're getting the script's arguments is subtly wrong. lrange returns a list, and when you stringify a list some special characters are going to get escaped. This would affect the password you send. Do this instead:
set username [lindex $argv 0]
set password [lindex $argv 1]
set server [lindex $argv 2]
set port [lindex $argv 3]
set changeuser [lindex $argv 4]
set newpassword [lindex $argv 5]
or
lassign $argv username password server port changeuser newpassword
Since you send the same possibly wrong password twice, I don't see why you're getting that error. Adding debugging may reveal the issue.
Not an answer, but a comment that needs formatting: The way you're getting the script's arguments is subtly wrong. lrange returns a list, and when you stringify a list some special characters are going to get escaped. This would affect the password you send. Do this instead:
set username [lindex $argv 0]
set password [lindex $argv 1]
set server [lindex $argv 2]
set port [lindex $argv 3]
set changeuser [lindex $argv 4]
set newpassword [lindex $argv 5]
or
lassign $argv username password server port changeuser newpassword
Since you send the same possibly wrong password twice, I don't see why you're getting that error. Adding debugging may reveal the issue.
answered Mar 20 '18 at 13:52
community wiki
glenn jackman
add a comment |
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f432257%2fexpect-script-to-ssh-into-a-remote-host-and-change-its-password%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
while developing an expect script, turn on debugging so you can see what's coming in and going out: add this to the top of your script
exp_internal 1or#!/usr/bin/expect -dor run it withexpect -d script.exp– glenn jackman
Mar 20 '18 at 13:40
Add a short
sleep 1;before each send after receiving the prompt for a password, as the remote may need time to switch echo off etc.– meuh
Mar 20 '18 at 18:41