7 Replies Latest reply: Sep 24, 2012 1:07 PM by Ani RSS

    help require in scripting

    Ani
      Hi All,
      I have prepared one script which will change the user account password non interactively.

      "hosts" :- i am specifying the servers name where i want to change the account passwrd.
      My_loginid : - my login name
      My_loginpassword:- My login passsword
      =================================================
      #!/usr/bin/expect -f
      set timeout -1

      set load_fh [ open "hosts" r ]
      set ip_list [ split [read $load_fh] "\n" ]
      close $load_fh

      foreach ip $ip_list {

      if { $ip != ""} {
      spawn ssh -oStrictHostKeyChecking=no <My_loginid>@$ip
      expect "assword*" {send "<My_loginpassword>\r"}
      expect "$*" {send "su -\r"}
      expect "assword" {send <root_password>\r}
      set username [lindex $argv 0]
      set password [lindex $argv 1]
      expect "#*" {send "echo $username:$password|chpasswd\r"}
      expect "#*" {send "exit\r"}
      }
      }
      $
      =======================================================
      i have tested in between two servers (please find the below o/p) , it is working fine but problem is once i run it, is showing this line "*echo testuser:MZcHaXb8|chpasswd*" , so anyone with me can see the password as o/p. IS there any way to hide it. I am new in scripting so may be you can help me to modify the script.


      $ ./passwd.expect testuser <new_userpasswor>
      spawn ssh -oStrictHostKeyChecking=no xxxxx@prod602
      Warning: Permanently added 'prod602,11.12.13.23' (RSA) to the list of known hosts.
      xxxx@prod6cn02's password:
      Last login: Mon Sep 24 07:32:37 2012 from ooudj1dbll0045.jh3.prod
      $ su -
      Password:
      [root@prod602 ~]# echo testuser:MZcHaXb8|chpasswd
      [root@prod602 ~]# $

      Regards,
      Ani
        • 1. Re: help require in scripting
          Catch_22
          I have not used "expect" for scripting my stuff yet, but apparently you can turn off the screen output:

          <pre>
          log_user 0
          </pre>

          You can still capture the output, but you won't see it on screen. To turn it back to normal:

          <pre>
          log_user 1
          </pre>

          To read more about it, check http://expect.sourceforge.net/FAQ.html. No. 51.
          • 2. Re: help require in scripting
            Nik
            Hi.
            May be it's more easy and secure use ssh key-authorization ?

            On your host you genarate keys:
            ssh-keygen -t rsa

            Press anter on all questions.
            It's generate public-key: $HOME/.ssh/id_rsa.pub

            Add content of this file on required host to $HOME/.ssh/authorized_keys

            After this you can do ssh <user>@host without password request.


            Regards.
            • 3. Re: help require in scripting
              Catch_22
              I have no idea what the OP is actually trying to accomplish, but user equivalence and a password less login might generally be a good idea for security. However, the OP asked about changing the password on remote systems apparently for interactive login.

              I generally use the following to setup user equivalence:

              On the local system:

              <pre>
              mkdir -p ~/.ssh
              chmod 700 ~/.ssh
              rm -f ~/.ssh/id_dsa
              ssh-keygen -t dsa -N "" -f ~/.ssh/id_dsa

              ssh username@remotehost "mkdir -p .ssh; chmod 700 .ssh"
              KEY=`cat ~/.ssh/id_dsa.pub`
              ssh username@remotehost "echo "$KEY" >> .ssh/authorized_keys"
              ssh username@remotehost "chmod 644 .ssh/authorized_keys"
              </pre>

              The next login to username@remotehost should no longer prompt for a password.

              There is also the "ssh-copy-id utility", which can simply the process, but it is not available on all systems.

              By the way, version 1 of the ssh protocol supported only RSA keys. Version 2 of ssh introduced DSA, which is an opensource patent-free implementation.The RSA patent has expired, but as far as I know, cURL and SFTP require DSA.
              • 4. Re: help require in scripting
                Ani
                Hi Dude,
                thank you . log_user 0 worked . but another help require. the requirement got change. I am not sure in "expect" whether it is possible or not.it should work like this :-
                Script will ask the user name, once the user enter the user name it will ask the password . once the user put the password it will change the password to all the nodes iin "host" file (not /etc/host).so is there anyway where in expect language i can pass the id & password in variable not in command line argument.If yes then please let me know the code.

                Regards,
                Ani
                • 5. Re: help require in scripting
                  Catch_22
                  If the answer worked I suggest to assign points for helpful answers and mark the thread as answered. Mixing topics and changing the requirements in a thread is not a good idea. It will be better and more useful for anyone else reading your post if you start a new thread, including the content of your new script.
                  • 6. Re: help require in scripting
                    Ani
                    Sure i will / please let me know how i will assign points here. i am new to this forum.
                    • 7. Re: help require in scripting
                      Ani
                      Hu Dude,
                      how i will assign points to u pls let me know.
                      Ani