[openssl-users] updating list of server account password
MAGANA, ANDREAS S I CTR USAF AFMC 72 ABW/SCOOT
andreas.magana.ctr at us.af.mil
Mon Apr 6 15:43:21 UTC 2015
Thank you Don and Matt and Mike,
Your help got me here and I learned so much and there is much more to learn but I enjoy it. My script has a list of four Solaris 10 servers. Launching the perl expect.pm script from a Red Hat server it went to each box and changed my password with no problems. Thank you again. Here is the example script I used.
#!/usr/bin/perl
use strict;
use Expect;
my $timeout = 60;
my @servers = qw(
Solaris-host03
Solaris-host04
Solaris-host05
Solaris-host06
);
for my $server (@servers) {
# do your thing with $server
change_password($server);
}
sub change_password {
my $system = shift;
my $filename = "/var/tmp/expect_script.log";
my $ssh = Expect->new('ssh amagana@' . $system);
#my $ssh = Expect->new('ssh amagana at tstorweb01');
$ssh->debug(1);
$ssh->expect ( $timeout,
[ qr/Password:/],
[ qr/Are you sure you want to continue connecting \(yes\/no\)?/]
);
if ($ssh->match() =~ m/Are you sure you want to continue connecting \(yes\/no\)?/ ) {
$ssh->send("yes\r");
}
elsif ($ssh->match() =~ m/Password:/ ) {
$ssh->send("mycurrentpassword\n");
}
$filename = "/var/tmp/expect_script_". $system ".log";
$ssh->expect(60, '$');
$ssh->send("su - root\n");
$ssh->expect(60, 'Password:');
$ssh->send("rootpassword\n");
$ssh->expect(60, '#');
$ssh->send("passwd amagana\n");
$ssh->expect(60, 'New Password:');
$ssh->send("mynewpassword\n");
$ssh->expect(60, 'Re-enter new Password:');
$ssh->send("mynewpassword\n");
$ssh->expect(60, '#');
$ssh->close();
}
//SIGNED//
Andy Magaña
UNIX Systems Administrator
Diligent Contractor, 72nd Air Base Wing
Tinker Air Force Base, Oklahoma
Commercial: (405) 734-0341
-----Original Message-----
From: ESRY JR., DON [mailto:de3253 at att.com]
Sent: Friday, April 03, 2015 3:19 PM
To: MAGANA, ANDREAS S I CTR USAF AFMC 72 ABW/SCOOT; openssl-users at openssl.org
Cc: Matt Zagrabelny; mike nicholas
Subject: RE: updating list of server account password
It looks to me like it will work.
There is NO WAY that I would run a password changing script without logging everything I did.
I would suggest again that you log the results. You have that line commented out. And with the 'w' you will overwrite the log everytime you run that sub so it will only have the last server you run it on. I suggest that you take out the 'w'. With the 'w' everytime you call that sub it will wipe out the file. This means that when you one it for remotehost6 it will wipe out everything from remotehost5
So I recommend that you replace:
#$ssh->log_file($filename, 'w');
With
$ssh->log_file($filename);
I also recommend that you put in a couple of exits; 1 to close the root shell and the other to close your login shell.
If you prefer a safer test, try running the hostname command rather than the passwd command.
$ssh->expect(60, '$');
$ssh->send("su - root\n");
$ssh->expect(60, 'Password:');
$ssh->send("rootpassword\n");
$ssh->expect(60, '#');
$ssh->send("hostname\n"); # you might want to leave this in anyway to make reading the log easier $ssh->expect(60, '#'); $ssh->send("uptime\n"); #$ssh->send("passwd amagana\n"); #$ssh->expect(60, 'New Password:'); #$ssh->send("mynewpassword\n"); #$ssh->expect(60, 'Re-enter new Password:'); #$ssh->send("mynewpassword\n"); $ssh->expect(60, '#'); $ssh->send("exit\n"); $ssh->expect(60, '$'); $ssh->send("exit\n"); $ssh->close();
-----Original Message-----
From: MAGANA, ANDREAS S I CTR USAF AFMC 72 ABW/SCOOT [mailto:andreas.magana.ctr at us.af.mil]
Sent: Friday, April 03, 2015 3:53 PM
To: openssl-users at openssl.org
Cc: ESRY JR., DON; Matt Zagrabelny; mike nicholas
Subject: updating list of server account password
Hello Mike, Don and Matt,
At the point I am at this list of servers in my script I would really need someone with more experience to see if I even have the right scripting.
#!/usr/bin/perl
use strict;
use Expect;
my $timeout = 60;
my @servers = qw(
remotehost03
remotehost04
remotehost05
remotehost06
);
for my $server (@servers) {
# do your thing with $server
change_password($server);
}
sub change_password {
my $system = shift;
my $filename = "/var/tmp/expect_script.log"; my $ssh = Expect->new('ssh amagana@' . $system);
$ssh->debug(1);
$ssh->expect ( $timeout,
[ qr/Password:/],
[ qr/Are you sure you want to continue connecting \(yes\/no\)?/]
);
if ($ssh->match() =~ m/Are you sure you want to continue connecting \(yes\/no\)?/ ) { $ssh->send("yes\r"); }
elsif ($ssh->match() =~ m/Password:/ ) { $ssh->send("mypassword\n"); }
#$ssh->log_file($filename, 'w');
$ssh->expect(60, '$');
$ssh->send("su - root\n");
$ssh->expect(60, 'Password:');
$ssh->send("rootpassword\n");
$ssh->expect(60, '#');
$ssh->send("passwd amagana\n");
$ssh->expect(60, 'New Password:');
$ssh->send("mynewpassword\n");
$ssh->expect(60, 'Re-enter new Password:'); $ssh->send("mynewpassword\n"); $ssh->expect(60, '#'); $ssh->close();
Respectfully,
#!/usr/bin/perl
use strict;
use Expect;
my $timeout = 60;
my $filename = "/var/tmp/expect_script.log"; my $ssh = Expect->new('ssh amagana at remotehost');
$ssh->debug(1);
$ssh->expect ( $timeout,
[ qr/Password:/],
[ qr/Are you sure you want to continue connecting \(yes\/no\)?/]
);
if ($ssh->match() =~ m/Are you sure you want to continue connecting \(yes\/no\)?/ ) { $ssh->send("yes\r"); }
elsif ($ssh->match() =~ m/Password:/ ) { $ssh->send("mypassword\n"); }
#$ssh->log_file($filename, 'w');
$ssh->expect(60, '$');
$ssh->send("su - root\n");
$ssh->expect(60, 'Password:');
$ssh->send("rootpassword\n");
$ssh->expect(60, '#');
$ssh->send("passwd amagana\n");
$ssh->expect(60, 'New Password:');
$ssh->send("mynewpassword\n");
$ssh->expect(60, 'Re-enter new Password:'); $ssh->send("mynewpassword\n"); $ssh->expect(60, '#'); $ssh->close();
//SIGNED//
Andy Magaña
UNIX Systems Administrator
Diligent Contractor, 72nd Air Base Wing
Tinker Air Force Base, Oklahoma
Commercial: (405) 734-0341
-----Original Message-----
From: mike nicholas [mailto:xmikenicholasx at gmail.com]
Sent: Wednesday, April 01, 2015 9:46 AM
To: MAGANA, ANDREAS S I CTR USAF AFMC 72 ABW/SCOOT
Cc: ESRY JR., DON; Matt Zagrabelny; expectperl-discuss at lists.sourceforge.net
Subject: Re: [Expectperl-discuss] expect.pm not updating password
Try something like this:
my $exp = new Expect;
$exp->log_stdout(1);
$username = "XXXXXX";
$exp->spawn( "ssh -l ${username} ${ip} " ) or die "cannot spawn $command: $! \n";
$exp->log_file("./${log_dir}/$ip\_info.log");
print "\nspawning ssh connection to $ip on $time\n\n";
$exp->log_file->print( "\nspawning ssh connection to $ip on $time\n\n" );
$exp->expect(8,
[ 'connecting' => sub { $exp->send("yes \n"); exp_continue; } ],
[ 'assword:' => sub { $exp->send("$pw\n"); exp_continue; } ],
[ '-re', '> ?$' => sub { break; }],
[ 'try again' => sub { die " died from bad password.\n"; }],
[ 'refused' => sub { die " died from connection refused.\n"; exp_continue; } ],
[ eof => sub { die " died from eof.\n"; }],
[ timeout => sub { $exp->hard_close(); }],
);
On Wed, Apr 1, 2015 at 9:24 AM, MAGANA, ANDREAS S I CTR USAF AFMC 72 ABW/SCOOT <andreas.magana.ctr at us.af.mil> wrote:
Now that I have a working script and thanks very much to you Matt and Don,
I am trying to put in my script an if else because sometimes my script will encounter this :
Are you sure you want to continue connecting (yes/no)?')
what I did create are some variables is this correct and may I see an example if statement so that the script can make a decision and keep going?
use Expect;
my $knownhost = $ssh->expect(60, 'Are you sure you want to continue connecting (yes/no)?');
my $answer = $ssh->send("yes\n");
my $filename = "/var/tmp/expect_script.log";
//SIGNED//
Andy Magaña
UNIX Systems Administrator
Diligent Contractor, 72nd Air Base Wing
Tinker Air Force Base, Oklahoma
Commercial: (405) 734-0341 <tel:%28405%29%20734-0341>
-----Original Message-----
From: ESRY JR., DON [mailto:de3253 at att.com]
Sent: Tuesday, March 31, 2015 4:16 PM
To: Matt Zagrabelny; MAGANA, ANDREAS S I CTR USAF AFMC 72 ABW/SCOOT
Cc: expectperl-discuss at lists.sourceforge.net
Subject: RE: [Expectperl-discuss] expect.pm not updating password
I think you will want a log file to identify where the script failed.
I recommend that you take out the 'w' from the $ssh->log_file($filename, 'w'); so it will append to the file rather than over writing it for each server.
And then put in some sort of header for each server, something like:
my $header = "\n\n======= $system =======\n"; $ssh->print_log_file($header);
Or if you prefer a separate file for each server, then my $filename = "/var/tmp/expect_script_". $system ".log";
little stuff like this can be very frustrating.
-----Original Message-----
From: Matt Zagrabelny [mailto:mzagrabe at d.umn.edu]
Sent: Tuesday, March 31, 2015 4:56 PM
To: MAGANA, ANDREAS S I CTR USAF AFMC 72 ABW/SCOOT
Cc: expectperl-discuss at lists.sourceforge.net
Subject: Re: [Expectperl-discuss] expect.pm not updating password
On Tue, Mar 31, 2015 at 3:37 PM, MAGANA, ANDREAS S I CTR USAF AFMC 72 ABW/SCOOT <andreas.magana.ctr at us.af.mil> wrote:
> Thank you Matt,
>
> I just don't know how to put it in a working way I learn by examples I
> am a novice on perl and the modules.
Maybe spend a day or two writing some basic perl programs so you feel more comfortable with this stuff. I'm sure there are truckloads of perl tutorials out there.
I added some context below. You'll need to clean up the leading '>' characters.
-m
>
> #!/usr/bin/perl
> use strict;
>
> use Expect;
>
> # my @servers = qw(
> # server1.example.net
> # server2.example.net
> # server3.example.net
> # server4.example.net
> # server5.example.net
> # );
> #
> # for my $server (@servers) {
> # # do your thing with $server
change_password($server);
> # }
>
sub change_password {
my $system = shift;
my $filename = "/var/tmp/expect_script.log";
my $ssh = Expect->new('ssh amagana@' . $system);
> $ssh->debug(1);
> $ssh->log_file($filename, 'w');
> $ssh->expect(60, 'Password:');
> $ssh->send("mycurrentpassword\n");
> $ssh->expect(60, '$');
> $ssh->send("su - root\n");
> $ssh->expect(60, 'Password:');
> $ssh->send("myrootpassword\n");
> $ssh->expect(60, '#');
> $ssh->send("passwd amagana\n");
> $ssh->expect(60, 'New Password:');
> $ssh->send("mynewpassword\n");
> $ssh->expect(60, 'Re-enter new Password:');
> $ssh->send("mynewpassword\n"); $ssh->expect(60, '#');
> $ssh->send("exit\n"); $ssh->close();
}
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Expectperl-discuss mailing list
Expectperl-discuss at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/expectperl-discuss
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Expectperl-discuss mailing list
Expectperl-discuss at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/expectperl-discuss
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3357 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150406/432ccd18/attachment.bin>
More information about the openssl-users
mailing list