ssh / expect issues

[AHinMaine]

Odd problem. I'm trying to script user creation and expect is flat out not working with the su command.

I'm not hard coding the root pw, first of all. I have it set to prompt me. But it never even gets that far. The instant the su is sent, it says "Sorry" and then errors out. The log on the remote server says:

Apr  1 15:41:13 bsd su: in prompt_echo_off(): tcgetattr(): Operation not supported 
Apr  1 15:41:13 bsd su: BAD SU aharriso to root on tty

So I tried it manually from the cli, issuing:

ssh server /bin/sh

which gives the exact same error.
--
Andy

http://www.nachoz.com

 

[vgersh99]

where's marsd when you need one...... vlad
+----------------------------+
| #include<disclaimer.h> |
+----------------------------+

 

[Annihilannic]

What OS's?

I created an expect script only yesterday using autoexpect (and then hacking the generated script) which uses su under ssh without any issues... Annihilannic.

 

[AHinMaine]

cool, I've never tried autoexpect. I created a script for it and edited it pretty easily, but I'm still faced with the issue of different o/s's. One of the reasons I was trying to do the ssh with /bin/sh is so that there would be a consistent shell. In the above example, I was going from a freebsd 4.7 machine, to freebsd 5. I'll also be connecting to bsd/os 4.x servers. Each has varying prompts, so I was trying to make something generic enough to work with all of them. --
Andy

http://www.nachoz.com

 

[Annihilannic]

As detailed in the comments at the top of the script generated by autoexpect you can replace any text that may differ from system to system with wildcards. I adjusted mine to only match the command prompt, e.g.:

[tt]expect -exact &quot;
# &quot;
send -- &quot;the next command&quot;[/tt]

Thankfully all of the systems I was connecting to consistently use &quot;# &quot; as the root command prompt. You may want to look into using a regular expression that matches each of the various prompts on those systems (using expect -re). Annihilannic.

 

[AHinMaine]

I actually got it to do what I wanted pretty well. Logs into a server, pauses for you to type in the root pw, then creates the user and whatnot.

Created it with autoexpect, then edited the heck out of it. Here's my unfinished product. It's bsd specific and the user info is hard coded still, but it might help someone else in the future who finds this thread.

#!/usr/local/bin/expect -f
#
# This Expect script was generated by autoexpect on Wed Apr  2 08:10:58 2003
# Expect and autoexpect were both written by Don Libes, NIST.
#
# Note that autoexpect does not guarantee a working script.  It
# necessarily has to guess about certain things.  Two reasons a script
# might fail are:
#
# 1) timing - A surprising number of programs (rn, ksh, zsh, telnet,
# etc.) and devices discard or ignore keystrokes that arrive "too
# quickly" after prompts.  If you find your new script hanging up at
# one spot, try adding a short sleep just before the previous send.
# Setting "force_conservative" to 1 (see below) makes Expect do this
# automatically - pausing briefly before sending each character.  This
# pacifies every program I know of.  The -c flag makes the script do
# this in the first place.  The -C flag allows you to define a
# character to toggle this mode off and on.

set force_conservative 0  ;# set to 1 to force conservative mode even if
                          ;# script wasn't run conservatively originally
if {$force_conservative} {
        set send_slow {1 .1}
        proc send {ignore arg} {
                sleep .1
                exp_send -s -- $arg
        }
}

#
# 2) differing output - Some programs produce different output each time
# they run.  The "date" command is an obvious example.  Another is
# ftp, if it produces throughput statistics at the end of a file
# transfer.  If this causes a problem, delete these patterns or replace
# them with wildcards.  An alternative is to use the -p flag (for
# "prompt") which makes Expect only look for the last line of output
# (i.e., the prompt).  The -P flag allows you to define a character to
# toggle this mode off and on.
#
# Read the man page for more info.
#
# -Don


proc bsd_cmd {} {
        send -- "su -m -a passwd\r"
        expect -exact "su\r\r
        interact -nobuffer "\r" return
        send -- "addgroup -g 82 testgroup\r"
        send -- "chpass -a \"testuser:OKgJbgsTch.sk:5005:5005::0:0:NagiosUser:/var/tmp/testuser:/bin/tcsh\"\r"
}

proc freebsd_cmd {} {
        send -- "su\r"
        interact -nobuffer "\r" return
        send -- "pw group add -n testgroup -g 82\r"
        send -- "chpass -a \"testuser:OKgJbgsTch.sk:5005:5005::0:0:NagiosUser:/var/tmp/testuser:/bin/tcsh\"\r"
}

#
#determine which o/s
#
proc flavor {} {
        expect {
                -re "\nFreeBSD" { 
                        sleep 2
                        freebsd_cmd 
                        }
                -re "\nBSD" { 
                        sleep 2
                        bsd_cmd 
                        }
        }
}

proc print_help {} {
        send_user "help text\n\n\n"
}

#
# begin
#

set timeout -1
spawn ssh bsd.nachoz.com
match_max 100000

#
# if it finds a password prompt, allow user to type it
# if no password prompt, keep on moving
#
expect {
        -re "assword" {
                interact -nobuffer "\r" return
                flavor
                }
        -re "\n" {
                flavor
                }
}


send -- "mkdir -p /var/tmp/testuser/.ssh ; chown -R nagios /var/tmp/testuser ; cd /var/tmp/testuser/.ssh ; scp nagios@vpn.gwi:~nagios/.ssh/id_rsa.pub authorized_keys2\r"
expect -exact "\r
Password:"
send -- "xxxxxxxxxx\r"
expect ":"
sleep 2
send -- "exit\r"
send -- "exit\r"
expect eof

--
Andy

http://www.nachoz.com