I am new to using expect, and I've searched for an answer to the following question but haven't found it yet. I'm trying to log in to a server and run a command on that server. The command will output text including another command that I want to run and a password that I'll need.
E.g.
#!/usr/bin/expect --
<initialization of variables>
spawn ssh $user#$host
expect -re ".*sswor.*"
send "$password\r"
expect $prompt
send $command
expect magical stuff that I can use to create the next command
send $next_command
send $new_password
<more stuff>
The output of "send $command" above is
-bash-3.00$ <command from send>
Log into the next device by copying and pasting the following line: ssh new-user#new-host
The password to login is: Ex17dsk5
-bash-3.00$
Now what I need is to grab "ssh new-user#new-host" and "Ex17dsk5" and use them in $next_command and $new_password. I think I need to use expect_out(X,string) as I match expressions, but I haven't been able to figure out how to do it all.
Any help is greatly appreciated.
EDIT: ADDITIONAL INFORMATION AFTER RESPONSE BELOW
Thanks for the tip! However, it's still not working, but a lot closer. The code that I'm currently using is:
expect {
-re "Log into the remoteHost by copying and pasting the following line: ssh (.*)?\n?" {set remoteHostlogin "$expect_out(1,string)"; exp_continue}
-re "The password to login to the remoteHost is: (.*)\r\n" {set remoteHostpassword "$expect_out(1,string)"}
}
My thought was that the ? would make it non-greedy. However, it seems to be matching to the last \n in the buffer (see below). And since it matches to the last \n, expect_out(1,string) includes the password information that I'm trying to match with expect. The code produces the following debugging info:
You must ssh to the remoteHost from one of the log servers. Login to either Log Server 1 or Log Server 2 before logging into the remoteHost.
Log into the remoteHost by copying and pasting the following line: ssh 0005B9-cdmaremoteHost-0002F5007546#5.0.31.62
The password to login to the remoteHost is: B4dZsePI
expect: does "\r\nLast login: Tue Apr 3 14:32:48 2012 from log01i\r\r\nUse of CompanyName computing systems is restricted to authorized use only. \r\nThe use of any CompanyName computing system may be monitored and recorded \r\nby CompanyName for administrative and security reasons at any time. Your \r\nuse of these computing systems constitutes consent to this monitoring. \r\nCompanyName reserves the right to take appropriate action against anyone \r\nwho accesses or uses, or attempts to access or use, any CompanyName \r\ncomputing system improperly or without the appropriate authorization.\r\n\r\nYou have new mail.\r\n-bash-3.00$ ./get_remoteHost_login.sh 0002F5007546\r\n \r\n \r\nYou must ssh to the remoteHost from one of the log servers. Login to either Log Server 1 or Log Server 2 before logging into the remoteHost.\r\nLog into the remoteHost by copying and pasting the following line: ssh 0005B9-cdmaremoteHost-0002F5007546#5.0.31.62 \r\nThe password to login to the remoteHost is: B4dZsePI \r\n \r\n \r\n" (spawn_id exp6) match regular expression "Log into the remoteHost by copying and pasting the following line: ssh (.*)?\n?"? Gate "Log into the remoteHost by copying and pasting the following line: ssh *"? gate=yes re=yes
expect: set expect_out(0,string) "Log into the remoteHost by copying and pasting the following line: ssh 0005B9-cdmaremoteHost-0002F5007546#5.0.31.62 \r\nThe password to login to the remoteHost is: B4dZsePI \r\n \r\n \r\n"
expect: set expect_out(1,string) "0005B9-cdmaremoteHost-0002F5007546#5.0.31.62 \r\nThe password to login to the remoteHost is: B4dZsePI \r\n \r\n \r\n"
expect: set expect_out(spawn_id) "exp6"
expect: set expect_out(buffer) "\r\nLast login: Tue Apr 3 14:32:48 2012 from slog01i\r\r\nUse of CompanyName computing systems is restricted to authorized use only. \r\nThe use of any CompanyName computing system may be monitored and recorded \r\nby CompanyName for administrative and security reasons at any time. Your \r\nuse of these computing systems constitutes consent to this monitoring. \r\nCompanyName reserves the right to take appropriate action against anyone \r\nwho accesses or uses, or attempts to access or use, any CompanyName \r\ncomputing system improperly or without the appropriate authorization.\r\n\r\nYou have new mail.\r\n-bash-3.00$ ./get_remoteHost_login.sh 0002F5007546\r\n \r\n \r\nYou must ssh to the remoteHost from one of the log servers. Login to either Log Server 1 or Log Server 2 before logging into the remoteHost.\r\nLog into the remoteHost by copying and pasting the following line: ssh 0005B9-cdmaremoteHost-0002F5007546#5.0.31.62 \r\nThe password to login to the remoteHost is: B4dZsePI \r\n \r\n \r\n"
expect: continuing expect
EDIT
Thanks guys for you help! Below is what I finally settled on for my matching:
:
expect {
-re "Log into the remoteHost by copying and pasting the following line: (ssh .*\[0-9]+\.\[0-9]+\.\[0-9]+\.\[0-9]+)" {set remoteHostlogin "$expect_out(1,string)"; exp_continue}
-re "The password to login to the remoteHost is: (\[0-9a-zA-Z]{8})" {set remoteHostpassword "$expect_out(1,string)"}
}
Give this a shot. Also use exp_internal 1 in your script to enable internal diagnostics to troubleshoot.
expect -re "Log into the next device by copying and pasting the following line: (.*)\n" {
set loginstr "$expect_out(1,string)" }
expect -re "The password to login is: (.*)\n" {
set passwordstr "$expect_out(1,string)" }
send "$loginstr\r"
expect "*?assword*"
send "$passwordstr\r"
Related
I am building a C++ application which purpose is, among other thing, to receive SNMP traps. For this I am using SNMP ++ library version V3.3 (https://agentpp.com/download.html C++ APIs SNMP++ 3.4.9).
I was expecting for traps using no authentication to be discarded/dropped if configuration was requesting some form of authentication but it does not seem to be the case.
To confirm this behavior I used the provided receive_trap example available in the consoleExamples directory. I commented every call to
usm->add_usm_user(...)
except for the one with "MD5" as security name :
usm->add_usm_user("MD5",
SNMP_AUTHPROTOCOL_HMACMD5, SNMP_PRIVPROTOCOL_NONE,
"MD5UserAuthPassword", "");
I then sent a trap (matching the "MD5" security name) to the application using net-snmp :
snmptrap -v 3 -e 0x090807060504030200 -u MD5 -Z 1,1 -l noAuthNoPriv localhost:10162 '' 1.3.6.1.4.1.8072.2.3.0.1 1.3.6.1.4.1.8072.2.3.2.1 i 123456
Since the application only registered User Security Model requires an MD5 password I would have though the trap would have been refused/dropped/discarded, but it was not :
Trying to register for traps on port 10162.
Waiting for traps/informs...
press return to stop
reason: -7
msg: SNMP++: Received SNMP Notification (trap or inform)
from: 127.0.0.1/45338
ID: 1.3.6.1.4.1.8072.2.3.0.1
Type:167
Oid: 1.3.6.1.4.1.8072.2.3.2.1
Val: 123456
To make sure there was no "default" UserSecurityModel used instead I then commented the remaining
usm->add_usm_user("MD5",
SNMP_AUTHPROTOCOL_HMACMD5, SNMP_PRIVPROTOCOL_NONE,
"MD5UserAuthPassword", "");
and sent my trap again using the same command. This time nothing happened :
Trying to register for traps on port 10162.
Waiting for traps/informs...
press return to stop
V3 is around 18k lines of RFC so it is completely possible I missed or misunderstood something but I would expect to be able to specify which security level I am expecting and drop everything which does not match. What am I missing ?
EDIT Additional testing with SNMPD
I have done some test with SNMPD and I somehow still get similar result.
I have created a user :
net-snmp-create-v3-user -ro -A STrP#SSWRD -a SHA -X STr0ngP#SSWRD -x AES snmpadmin
Then I am trying with authPriv key :
snmpwalk -v3 -a SHA -A STrP#SSWRD -x AES -X STr0ngP#SSWRD -l authPriv -u snmpadmin localhost
The request is accepted
with authNoPriv :
snmpwalk -v3 -a SHA -A STrP#SSWRD -x AES -l AuthNoPriv -u snmpadmin localhost
The request is accepted
with noAuthNoPriv :
snmpwalk -v3 -a SHA -A STrP#SSWRD -x AES -X STr0ngP#SSWR2D -l noauthnoPriv -u snmpadmin localhost
The request is rejected.
As I understand the authNoPriv must be rejected, but is accepted, this is incorrect from what I have read in the RFC and the cisco snmpv3 resume
Disclaimer I am not expert so take the following with a pinch of salt.
I cannot say for the library you are using but regarding the SNMP v3 flow:
In SNMPv3 exchanges, the USM is responsible for validation only on the SNMP authoritative engine side, the authoritative role depending of the kind of message.
Agent authoritative for : GET / SET / TRAP
Receiver authoritative for : INFORM
The RFC 3414 describes the reception of message in section 3.2 :
If the information about the user indicates that it does not
support the securityLevel requested by the caller, then the
usmStatsUnsupportedSecLevels counter is incremented and an error
indication (unsupportedSecurityLevel) together with the OID and value
of the incremented counter is returned to the calling module.
If the securityLevel specifies that the message is to be
authenticated, then the message is authenticated according to the
user’s authentication protocol. To do so a call is made to the
authentication module that implements the user’s authentication
protocol according to the abstract service primitive
So in the step 6, the securityLevel is the one from the message. This means the TRAP is accepted by the USM layer on the receiver side even if the authentication is not provided.
It is then the task of the user of the TRAP to decide if the message must be interpreted or not.
I've launched a new AWS EC2 instance (m5.large) based on Matillion's latest AMI (Matillion v1.56.9). The instance is coming up fine and I can reach Matillion's login page at https://[internal IP], but I cannot login with the default credentials which are supposed to be "ec2-user" and the instance id ("i-xxxxxx"). Error message is "Invalid username or password".
The EC2 instance has no public IP, that's why I use a private IP.
I can also ssh into the instance.
Can anyone help me find out why login using the default user doesn't work?
I believe the way it's supposed to work is at first boot the ec2-user password in /usr/share/tomcat8/conf/tomcat-users.xml gets set to the sha512sum of the instance ID. As per your comment Tobie that's a good spot but I think the Matillion documentation is just out of date there, from right back when instance IDs really were just 10 characters long!
I guess it uses the instance metadata service v1 to do that, so if IMDS v1 is not available it might not get created correctly.
In any case, as long as you can SSH into your server and the Admin / User Configuration is in Internal mode (which is the default)
you can fix the password manually like this...
Become root with sudo -i
Create the sha512sum of your chosen password like this.
echo -n "schepo" | sha512sum
Make sure you use the -n otherwise it adds a newline and gets the hash wrong. Mine comes out like 55aa...a1cf -
Then stop Tomcat so you can update the password
systemctl stop tomcat8
Fix the relevant line in /usr/share/tomcat8/conf/tomcat-users.xml or add a new one. You have to be really careful to keep the XML valid. Mine ends up like this:
<user username="schepo" password="55aa00778ccb153bc05aa6a8d7ee7c00f008397c5c70ebc8134aa1ba6cf682ac3d35297cbe60b21c00129039e25608056fe4922ebe1f89c7e2c68cf7fbfba1cf" roles="Emerald,API,Admin"/>
Then restart Tomcat
systemctl restart tomcat8
It normally takes about 60 seconds to restart. After that you should be able to login via the UI with your new user and/or password.
I just physically not able to enter the password for some reason.
Allowlisting your IP for incoming connection for 5 minutes...done.
Connecting to database with SQL user [root].Enter password:
After this Lines, it asked me to enter a password.
mysql --host=$MYSQLIP --user=root \
--password --verbose < create_table.sql
I push buttons on the keyboard and nothing. It is the first time I see something Cloud related, so I am not sure.
Ok, I figure it out. The password is invisible. So, you just have to print it blindly and press enter.
I am using new-pssession to connect to machines and am storing any errors in a value specified by the -errorVariable paramater. I want to call this variable later for output but on want to show the the first line, minus the comp name in brackets.
Heres an example of what i get.
New-PSSession : [ABCGFAXYZUT579] Connecting to remote server ABCGFAXYZUT579 failed with the
following error message : WinRM cannot complete the operation. Verify that the
specified computer name is valid, that the computer is accessible over the network, and that a
firewall exception for the WinRM service is enabled and allows access from this
computer. By default, the WinRM firewall exception for public profiles limits access to remote
computers within the same local subnet. For more information, see the
about_Remote_Troubleshooting Help topic.
At line:1 char:1
+ New-PSSession -ComputerName ABCGFAXYZUT579 -ErrorVariable errors912 ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-
PSSession], PSRemotingTransportException
+ FullyQualifiedErrorId : WinRMOperationTimeout,PSSessionOpenFailed
I have tried passing the variable to select-string to get only what i need but everything i have tried still gives me this
[ABCGFAXYZUT579] Connecting to remote server ABCGFAXYZUT579 failed with the following error
message : WinRM cannot complete the operation. Verify that the specified computer name
is valid, that the computer is accessible over the network, and that a firewall exception for
the WinRM service is enabled and allows access from this computer. By default, the
WinRM firewall exception for public profiles limits access to remote computers within the same
local subnet. For more information, see the about_Remote_Troubleshooting Help topic.
I have also tried splitting it into seperate lines like this
($errors912 -split '\r?\n' -ne '') and piping to select-string but i still get the above returned.
is there an easy way to get everything after the first white space and before the first period? leaving this?
Connecting to remote server ABCGFAXYZUT579 failed with the following error
message : WinRM cannot complete the operation.
$NewSession = New-PSSession -ComputerName ABCGFAXYZUT579 -ErrorVariable errors912 -ErrorAction SilentlyContinue
if ( $errors912.Count -gt 0 ) {
[string]$errors912 -replace "^(\[.*?\] )|(?<=\.).*"
}
Connecting to remote server ABCGFAXYZUT579 failed with the following error message : The WinRM client cannot process the request.
The $errors912.Count -gt 0 condition is equivalent to $null -eq $NewSession.
Please go to some on-line regex tester/debugger e.g. https://regex101.com/ for the regex explanation.
I've just had a bit of fun trying to connect to a new VM I'd created, I've found loads of posts from people with the same problem, the answer details the points I've found
(1) For me it worked with
<VMName>\Username
Password
e.g.
Windows8VM\MyUserName
SomePassword#1
(2) Some people have just needed to use a leading '\', i.e.
\Username
Password
Your credentials did not work Azure VM
(3) You can now reset the username/password from the app portal. There are powershell scripts which will also allow you to do this but that shouldn't be necessary anymore.
(4) You can also try redeploying the VM, you can do this from the app portal
(5) This blog says that "Password cannot contain the username or part of username", but that must be out of date as I tried that once I got it working and it worked fine
https://blogs.msdn.microsoft.com/narahari/2011/08/29/your-credentials-did-not-work-error-when-connecting-to-windows-azure-vms/
(6) You may find links such as the below which mention Get-AzureVM, that seems to be for classic VMs, there seem to be equivalents for the resource manager VMs such as Get-AzureRMVM
https://blogs.msdn.microsoft.com/mast/2014/03/06/enable-rdp-or-reset-password-with-the-vm-agent/
For complete novices to powershell, if you do want to go down that road here's the basics you may need. In the end I don't believe I needed this, just point 1
unInstall-Module AzureRM
Install-Module AzureRM -allowclobber
Import-Module AzureRM
Login-AzureRmAccount (this will open a window which takes you through the usual logon process)
Add-AzureAccount (not sure why you need both, but I couldn’t log on without this)
Select-AzureSubscription -SubscriptionId <the guid for your subscription>
Set-AzureRmVMAccessExtension -ResourceGroupName "<your RG name>" -VMName "Windows8VM" -Name "myVMAccess" -Location "northeurope" -username <username> -password <password>
(7) You can connect to a VM in a scale set as by default the Load Balancer will have Nat Rules mapping from port onwards 50000, i.e. just remote desktop to the IP address:port. You can also do it from a VM that isn't in the scale set. Go to the scale set's overview, click on the "virtual network/subnet", that'll give you the internal IP address. Remote desktop from the other one
Ran into similar issues. It seems to need domain by default. Here is what worked for me:
localhost\username
Other option can be vmname\username
Some more guides to help:
https://learn.microsoft.com/en-us/azure/virtual-machines/windows/quick-create-portal#connect-to-virtual-machine
https://learn.microsoft.com/en-us/azure/virtual-machines/windows/connect-logon
In April 2022 "Password cannot contain the username or part of username" was the issue.
During the creation of VM in Azure, everything was alright but wasn't able to connect via RDP.
Same in Nov 2022, you will be allowed to create a password that contains the user name but during login it will display the credential error. Removing the user name from the password fixed it.