Re: [openssl-users] updating list of server account password
What does the ${ip} mean? //SIGNED// Andy Magaña UNIX Systems Administrator Diligent Contractor, 72nd Air Base Wing Tinker Air Force Base, Oklahoma Commercial: (405) 734-0341 -Original Message- From: mike nicholas [mailto:xmikenichol...@gmail.com] Sent: Monday, April 06, 2015 10:58 AM To: MAGANA, ANDREAS S I CTR USAF AFMC 72 ABW/SCOOT Cc: ESRY JR. DON; openssl-users@openssl.org; Matt Zagrabelny Subject: Re: updating list of server account password Try something like this: my $exp = new Expect; $exp-log_stdout(1); $username = XX; $exp-spawn( ssh -l ${username} ${ip} ) or die cannot spawn $command: $! \n; $exp-log_file(./${log_dir}/$ip\_info.log); print \nspawning ssh connection to $ip on $time\n\n; $exp-log_file-print( \nspawning ssh connection to $ip on $time\n\n ); $exp-expect(8, [ 'connecting' = sub { $exp-send(yes \n); exp_continue; } ], [ 'assword:' = sub { $exp-send($pw\n); exp_continue; } ], [ '-re', ' ?$' = sub { break; }], [ 'try again' = sub { die died from bad password.\n; }], [ 'refused' = sub { die died from connection refused.\n; exp_continue; } ], [ eof = sub { die died from eof.\n; }], [ timeout = sub { $exp-hard_close(); }], ); On Mon, Apr 6, 2015 at 10:52 AM, MAGANA, ANDREAS S I CTR USAF AFMC 72 ABW/SCOOT andreas.magana@us.af.mil wrote: //SIGNED// Andy Magaña UNIX Systems Administrator Diligent Contractor, 72nd Air Base Wing Tinker Air Force Base, Oklahoma Commercial: (405) 734-0341 tel:%28405%29%20734-0341 -Original Message- From: mike nicholas [mailto:xmikenichol...@gmail.com] Sent: Monday, April 06, 2015 10:48 AM To: MAGANA, ANDREAS S I CTR USAF AFMC 72 ABW/SCOOT Cc: ESRY JR. DON; openssl-users@openssl.org; Matt Zagrabelny Subject: Re: updating list of server account password So the else if will only run if the first if is not true, that doesn't seem right,. On Apr 3, 2015 2:52 PM, MAGANA, ANDREAS S I CTR USAF AFMC 72 ABW/SCOOT andreas.magana@us.af.mil wrote: Hello Mike, Don and Matt, At the point I am at this list of servers in my script I would really need someone with more experience to see if I even have the right scripting. #!/usr/bin/perl use strict; use Expect; my $timeout = 60; my @servers = qw( remotehost03 remotehost04 remotehost05 remotehost06 ); for my $server (@servers) { # do your thing with $server change_password($server); } sub change_password { my $system = shift; my $filename = /var/tmp/expect_script.log; my $ssh = Expect-new('ssh amagana@' . $system); $ssh-debug(1); $ssh-expect ( $timeout, [ qr/Password:/], [ qr/Are you sure you want to continue connecting \(yes\/no\)?/] ); if ($ssh-match() =~ m/Are you sure you want to continue connecting \(yes\/no\)?/ ) { $ssh-send(yes\r); } elsif ($ssh-match() =~ m/Password:/ ) { $ssh-send(mypassword\n); } #$ssh-log_file($filename, 'w'); $ssh-expect(60, '$'); $ssh-send(su - root\n); $ssh-expect(60, 'Password:'); $ssh-send(rootpassword\n); $ssh-expect(60, '#'); $ssh-send(passwd amagana\n); $ssh-expect(60, 'New Password:'); $ssh-send(mynewpassword\n); $ssh-expect(60, 'Re-enter new Password:'); $ssh-send(mynewpassword\n); $ssh-expect(60, '#'); $ssh-close(); Mike, If that does not seem right what can I change it to make it right? Respectfully, #!/usr/bin/perl use strict; use Expect; my $timeout = 60; my $filename = /var/tmp/expect_script.log; my $ssh = Expect-new('ssh
Re: [openssl-users] updating list of server account password
Perhaps you don't want to post this kind of thing to a global mailing list for all users of openssl? -- Senior Architect, Akamai Technologies IM: richs...@jabber.at Twitter: RichSalz -Original Message- From: MAGANA, ANDREAS S I CTR USAF AFMC 72 ABW/SCOOT [mailto:andreas.magana@us.af.mil] Sent: Monday, April 06, 2015 11:53 AM To: mike nicholas Cc: openssl-users@openssl.org; ESRY JR. DON; Matt Zagrabelny Subject: Re: [openssl-users] updating list of server account password //SIGNED// Andy Magaña UNIX Systems Administrator Diligent Contractor, 72nd Air Base Wing Tinker Air Force Base, Oklahoma Commercial: (405) 734-0341 -Original Message- From: mike nicholas [mailto:xmikenichol...@gmail.com] Sent: Monday, April 06, 2015 10:48 AM To: MAGANA, ANDREAS S I CTR USAF AFMC 72 ABW/SCOOT Cc: ESRY JR. DON; openssl-users@openssl.org; Matt Zagrabelny Subject: Re: updating list of server account password So the else if will only run if the first if is not true, that doesn't seem right,. On Apr 3, 2015 2:52 PM, MAGANA, ANDREAS S I CTR USAF AFMC 72 ABW/SCOOT andreas.magana@us.af.mil wrote: Hello Mike, Don and Matt, At the point I am at this list of servers in my script I would really need someone with more experience to see if I even have the right scripting. #!/usr/bin/perl use strict; use Expect; my $timeout = 60; my @servers = qw( remotehost03 remotehost04 remotehost05 remotehost06 ); for my $server (@servers) { # do your thing with $server change_password($server); } sub change_password { my $system = shift; my $filename = /var/tmp/expect_script.log; my $ssh = Expect-new('ssh amagana@' . $system); $ssh-debug(1); $ssh-expect ( $timeout, [ qr/Password:/], [ qr/Are you sure you want to continue connecting \(yes\/no\)?/] ); if ($ssh-match() =~ m/Are you sure you want to continue connecting \(yes\/no\)?/ ) { $ssh-send(yes\r); } elsif ($ssh-match() =~ m/Password:/ ) { $ssh-send(mypassword\n); } #$ssh-log_file($filename, 'w'); $ssh-expect(60, '$'); $ssh-send(su - root\n); $ssh-expect(60, 'Password:'); $ssh-send(rootpassword\n); $ssh-expect(60, '#'); $ssh-send(passwd amagana\n); $ssh-expect(60, 'New Password:'); $ssh-send(mynewpassword\n); $ssh-expect(60, 'Re-enter new Password:'); $ssh-send(mynewpassword\n); $ssh-expect(60, '#'); $ssh-close(); Mike, If that does not seem right what can I change it to make it right? Respectfully, #!/usr/bin/perl use strict; use Expect; my $timeout = 60; my $filename = /var/tmp/expect_script.log; my $ssh = Expect-new('ssh amagana@remotehost'); $ssh-debug(1); $ssh-expect ( $timeout, [ qr/Password:/], [ qr/Are you sure you want to continue connecting \(yes\/no\)?/] ); if ($ssh-match() =~ m/Are you sure you want to continue connecting \(yes\/no\)?/ ) { $ssh-send(yes\r); } elsif ($ssh-match() =~ m/Password:/ ) { $ssh-send(mypassword\n); } #$ssh-log_file($filename, 'w'); $ssh-expect(60, '$'); $ssh-send(su - root\n); $ssh-expect(60, 'Password:'); $ssh-send(rootpassword\n); $ssh-expect(60, '#'); $ssh-send(passwd amagana\n); $ssh-expect(60, 'New Password:'); $ssh-send(mynewpassword\n); $ssh-expect(60, 'Re-enter new Password:'); $ssh-send(mynewpassword\n); $ssh-expect(60, '#'); $ssh-close(); //SIGNED// Andy Magaña UNIX Systems Administrator Diligent Contractor, 72nd Air Base Wing Tinker Air Force Base, Oklahoma Commercial: (405) 734-0341 -Original Message- From: mike nicholas [mailto:xmikenichol...@gmail.com] Sent: Wednesday, April 01, 2015 9:46 AM To: MAGANA, ANDREAS S I CTR USAF AFMC 72 ABW/SCOOT Cc: ESRY JR., DON; Matt Zagrabelny; expectperl- disc...@lists.sourceforge.net Subject: Re: [Expectperl-discuss] expect.pm not updating password Try something like this: my $exp = new Expect; $exp-log_stdout(1); $username = XX; $exp-spawn( ssh -l ${username} ${ip} ) or die cannot spawn $command: $! \n; $exp-log_file(./${log_dir}/$ip\_info.log); print \nspawning ssh connection to $ip on $time\n\n; $exp-log_file-print( \nspawning ssh connection to $ip on $time\n\n ); $exp-expect(8
Re: [openssl-users] updating list of server account password
//SIGNED// Andy Magaña UNIX Systems Administrator Diligent Contractor, 72nd Air Base Wing Tinker Air Force Base, Oklahoma Commercial: (405) 734-0341 -Original Message- From: mike nicholas [mailto:xmikenichol...@gmail.com] Sent: Monday, April 06, 2015 10:48 AM To: MAGANA, ANDREAS S I CTR USAF AFMC 72 ABW/SCOOT Cc: ESRY JR. DON; openssl-users@openssl.org; Matt Zagrabelny Subject: Re: updating list of server account password So the else if will only run if the first if is not true, that doesn't seem right,. On Apr 3, 2015 2:52 PM, MAGANA, ANDREAS S I CTR USAF AFMC 72 ABW/SCOOT andreas.magana@us.af.mil wrote: Hello Mike, Don and Matt, At the point I am at this list of servers in my script I would really need someone with more experience to see if I even have the right scripting. #!/usr/bin/perl use strict; use Expect; my $timeout = 60; my @servers = qw( remotehost03 remotehost04 remotehost05 remotehost06 ); for my $server (@servers) { # do your thing with $server change_password($server); } sub change_password { my $system = shift; my $filename = /var/tmp/expect_script.log; my $ssh = Expect-new('ssh amagana@' . $system); $ssh-debug(1); $ssh-expect ( $timeout, [ qr/Password:/], [ qr/Are you sure you want to continue connecting \(yes\/no\)?/] ); if ($ssh-match() =~ m/Are you sure you want to continue connecting \(yes\/no\)?/ ) { $ssh-send(yes\r); } elsif ($ssh-match() =~ m/Password:/ ) { $ssh-send(mypassword\n); } #$ssh-log_file($filename, 'w'); $ssh-expect(60, '$'); $ssh-send(su - root\n); $ssh-expect(60, 'Password:'); $ssh-send(rootpassword\n); $ssh-expect(60, '#'); $ssh-send(passwd amagana\n); $ssh-expect(60, 'New Password:'); $ssh-send(mynewpassword\n); $ssh-expect(60, 'Re-enter new Password:'); $ssh-send(mynewpassword\n); $ssh-expect(60, '#'); $ssh-close(); Mike, If that does not seem right what can I change it to make it right? Respectfully, #!/usr/bin/perl use strict; use Expect; my $timeout = 60; my $filename = /var/tmp/expect_script.log; my $ssh = Expect-new('ssh amagana@remotehost'); $ssh-debug(1); $ssh-expect ( $timeout, [ qr/Password:/], [ qr/Are you sure you want to continue connecting \(yes\/no\)?/] ); if ($ssh-match() =~ m/Are you sure you want to continue connecting \(yes\/no\)?/ ) { $ssh-send(yes\r); } elsif ($ssh-match() =~ m/Password:/ ) { $ssh-send(mypassword\n); } #$ssh-log_file($filename, 'w'); $ssh-expect(60, '$'); $ssh-send(su - root\n); $ssh-expect(60, 'Password:'); $ssh-send(rootpassword\n); $ssh-expect(60, '#'); $ssh-send(passwd amagana\n); $ssh-expect(60, 'New Password:'); $ssh-send(mynewpassword\n); $ssh-expect(60, 'Re-enter new Password:'); $ssh-send(mynewpassword\n); $ssh-expect(60, '#'); $ssh-close(); //SIGNED// Andy Magaña UNIX Systems Administrator Diligent Contractor, 72nd Air Base Wing Tinker Air Force Base, Oklahoma Commercial: (405) 734-0341 -Original Message- From: mike nicholas [mailto:xmikenichol...@gmail.com] Sent: Wednesday, April 01, 2015 9:46 AM To: MAGANA, ANDREAS S I CTR USAF AFMC 72 ABW/SCOOT Cc: ESRY JR., DON; Matt Zagrabelny; expectperl-disc...@lists.sourceforge.net Subject: Re: [Expectperl-discuss] expect.pm not updating password Try something like this: my $exp = new Expect; $exp-log_stdout(1); $username = XX; $exp-spawn( ssh -l ${username} ${ip} ) or die cannot spawn $command: $! \n; $exp-log_file(./${log_dir}/$ip\_info.log); print \nspawning ssh connection
[openssl-users] updating list of server account password
Thank you Don and Matt and Mike, Your help got me here and I learned so much and there is much more to learn but I enjoy it. My script has a list of four Solaris 10 servers. Launching the perl expect.pm script from a Red Hat server it went to each box and changed my password with no problems. Thank you again. Here is the example script I used. #!/usr/bin/perl use strict; use Expect; my $timeout = 60; my @servers = qw( Solaris-host03 Solaris-host04 Solaris-host05 Solaris-host06 ); for my $server (@servers) { # do your thing with $server change_password($server); } sub change_password { my $system = shift; my $filename = /var/tmp/expect_script.log; my $ssh = Expect-new('ssh amagana@' . $system); #my $ssh = Expect-new('ssh amagana@tstorweb01'); $ssh-debug(1); $ssh-expect ( $timeout, [ qr/Password:/], [ qr/Are you sure you want to continue connecting \(yes\/no\)?/] ); if ($ssh-match() =~ m/Are you sure you want to continue connecting \(yes\/no\)?/ ) { $ssh-send(yes\r); } elsif ($ssh-match() =~ m/Password:/ ) { $ssh-send(mycurrentpassword\n); } $filename = /var/tmp/expect_script_. $system .log; $ssh-expect(60, '$'); $ssh-send(su - root\n); $ssh-expect(60, 'Password:'); $ssh-send(rootpassword\n); $ssh-expect(60, '#'); $ssh-send(passwd amagana\n); $ssh-expect(60, 'New Password:'); $ssh-send(mynewpassword\n); $ssh-expect(60, 'Re-enter new Password:'); $ssh-send(mynewpassword\n); $ssh-expect(60, '#'); $ssh-close(); } //SIGNED// Andy Magaña UNIX Systems Administrator Diligent Contractor, 72nd Air Base Wing Tinker Air Force Base, Oklahoma Commercial: (405) 734-0341 -Original Message- From: ESRY JR., DON [mailto:de3...@att.com] Sent: Friday, April 03, 2015 3:19 PM To: MAGANA, ANDREAS S I CTR USAF AFMC 72 ABW/SCOOT; openssl-users@openssl.org Cc: Matt Zagrabelny; mike nicholas Subject: RE: updating list of server account password It looks to me like it will work. There is NO WAY that I would run a password changing script without logging everything I did. I would suggest again that you log the results. You have that line commented out. And with the 'w' you will overwrite the log everytime you run that sub so it will only have the last server you run it on. I suggest that you take out the 'w'. With the 'w' everytime you call that sub it will wipe out the file. This means that when you one it for remotehost6 it will wipe out everything from remotehost5 So I recommend that you replace: #$ssh-log_file($filename, 'w'); With $ssh-log_file($filename); I also recommend that you put in a couple of exits; 1 to close the root shell and the other to close your login shell. If you prefer a safer test, try running the hostname command rather than the passwd command. $ssh-expect(60, '$'); $ssh-send(su - root\n); $ssh-expect(60, 'Password:'); $ssh-send(rootpassword\n); $ssh-expect(60, '#'); $ssh-send(hostname\n); # you might want to leave this in anyway to make reading the log easier $ssh-expect(60, '#'); $ssh-send(uptime\n); #$ssh-send(passwd amagana\n); #$ssh-expect(60, 'New Password:'); #$ssh-send(mynewpassword\n); #$ssh-expect(60, 'Re-enter new Password:'); #$ssh-send(mynewpassword\n); $ssh-expect(60, '#'); $ssh-send(exit\n); $ssh-expect(60, '$'); $ssh-send(exit\n); $ssh-close(); -Original Message- From: MAGANA, ANDREAS S I CTR USAF AFMC 72 ABW/SCOOT [mailto:andreas.magana@us.af.mil] Sent: Friday, April 03, 2015 3:53 PM To: openssl-users@openssl.org Cc: ESRY JR., DON; Matt Zagrabelny; mike nicholas Subject: updating list of server account password Hello Mike, Don and Matt, At the point I am at this list of servers in my script I would really need someone with more experience to see if I even have the right scripting. #!/usr/bin/perl use strict; use Expect; my $timeout = 60; my @servers = qw( remotehost03 remotehost04 remotehost05 remotehost06 ); for my $server (@servers) { # do your thing with $server change_password($server); } sub change_password { my $system = shift; my $filename = /var/tmp/expect_script.log; my $ssh = Expect-new('ssh amagana@' . $system); $ssh-debug(1); $ssh-expect ( $timeout, [ qr/Password:/], [ qr/Are you sure you want to continue connecting \(yes\/no\)?/] ); if ($ssh-match() =~ m/Are you sure you want to continue connecting \(yes\/no\)?/ ) { $ssh-send(yes\r); } elsif ($ssh-match() =~ m/Password:/ ) { $ssh-send(mypassword\n); } #$ssh-log_file($filename, 'w'); $ssh-expect(60, '$'); $ssh-send(su - root\n); $ssh-expect(60, 'Password:'); $ssh-send(rootpassword\n); $ssh-expect(60, '#'); $ssh-send(passwd amagana\n); $ssh-expect(60, 'New Password:'); $ssh-send(mynewpassword\n); $ssh-expect(60, 'Re-enter new Password:'); $ssh-send(mynewpassword\n); $ssh-expect(60, '#'); $ssh-close(); Respectfully, #!/usr/bin/perl use strict; use Expect; my $timeout = 60; my $filename =
[openssl-users] updating list of server account password
Hello Mike, Don and Matt, At the point I am at this list of servers in my script I would really need someone with more experience to see if I even have the right scripting. #!/usr/bin/perl use strict; use Expect; my $timeout = 60; my @servers = qw( remotehost03 remotehost04 remotehost05 remotehost06 ); for my $server (@servers) { # do your thing with $server change_password($server); } sub change_password { my $system = shift; my $filename = /var/tmp/expect_script.log; my $ssh = Expect-new('ssh amagana@' . $system); $ssh-debug(1); $ssh-expect ( $timeout, [ qr/Password:/], [ qr/Are you sure you want to continue connecting \(yes\/no\)?/] ); if ($ssh-match() =~ m/Are you sure you want to continue connecting \(yes\/no\)?/ ) { $ssh-send(yes\r); } elsif ($ssh-match() =~ m/Password:/ ) { $ssh-send(mypassword\n); } #$ssh-log_file($filename, 'w'); $ssh-expect(60, '$'); $ssh-send(su - root\n); $ssh-expect(60, 'Password:'); $ssh-send(rootpassword\n); $ssh-expect(60, '#'); $ssh-send(passwd amagana\n); $ssh-expect(60, 'New Password:'); $ssh-send(mynewpassword\n); $ssh-expect(60, 'Re-enter new Password:'); $ssh-send(mynewpassword\n); $ssh-expect(60, '#'); $ssh-close(); Respectfully, #!/usr/bin/perl use strict; use Expect; my $timeout = 60; my $filename = /var/tmp/expect_script.log; my $ssh = Expect-new('ssh amagana@remotehost'); $ssh-debug(1); $ssh-expect ( $timeout, [ qr/Password:/], [ qr/Are you sure you want to continue connecting \(yes\/no\)?/] ); if ($ssh-match() =~ m/Are you sure you want to continue connecting \(yes\/no\)?/ ) { $ssh-send(yes\r); } elsif ($ssh-match() =~ m/Password:/ ) { $ssh-send(mypassword\n); } #$ssh-log_file($filename, 'w'); $ssh-expect(60, '$'); $ssh-send(su - root\n); $ssh-expect(60, 'Password:'); $ssh-send(rootpassword\n); $ssh-expect(60, '#'); $ssh-send(passwd amagana\n); $ssh-expect(60, 'New Password:'); $ssh-send(mynewpassword\n); $ssh-expect(60, 'Re-enter new Password:'); $ssh-send(mynewpassword\n); $ssh-expect(60, '#'); $ssh-close(); //SIGNED// Andy Magaña UNIX Systems Administrator Diligent Contractor, 72nd Air Base Wing Tinker Air Force Base, Oklahoma Commercial: (405) 734-0341 -Original Message- From: mike nicholas [mailto:xmikenichol...@gmail.com] Sent: Wednesday, April 01, 2015 9:46 AM To: MAGANA, ANDREAS S I CTR USAF AFMC 72 ABW/SCOOT Cc: ESRY JR., DON; Matt Zagrabelny; expectperl-disc...@lists.sourceforge.net Subject: Re: [Expectperl-discuss] expect.pm not updating password Try something like this: my $exp = new Expect; $exp-log_stdout(1); $username = XX; $exp-spawn( ssh -l ${username} ${ip} ) or die cannot spawn $command: $! \n; $exp-log_file(./${log_dir}/$ip\_info.log); print \nspawning ssh connection to $ip on $time\n\n; $exp-log_file-print( \nspawning ssh connection to $ip on $time\n\n ); $exp-expect(8, [ 'connecting' = sub { $exp-send(yes \n); exp_continue; } ], [ 'assword:' = sub { $exp-send($pw\n); exp_continue; } ], [ '-re', ' ?$' = sub { break; }], [ 'try again' = sub { die died from bad password.\n; }], [ 'refused' = sub { die died from connection refused.\n; exp_continue; } ], [ eof = sub { die died from eof.\n; }], [ timeout = sub { $exp-hard_close(); }], ); On Wed, Apr 1, 2015 at 9:24 AM, MAGANA, ANDREAS S I CTR USAF AFMC 72 ABW/SCOOT andreas.magana@us.af.mil wrote: Now that I have a working script and thanks very much to you Matt and Don, I am trying to put in my script an if else because sometimes my script will encounter this : Are you sure you want to continue connecting (yes/no)?') what I did create are some variables is this correct and may I see an example if statement so that the script can make a decision and keep going? use Expect; my $knownhost = $ssh-expect(60, 'Are you sure you want to continue connecting (yes/no)?'); my $answer = $ssh-send(yes\n); my $filename = /var/tmp/expect_script.log; //SIGNED// Andy Magaña UNIX Systems Administrator Diligent Contractor, 72nd Air Base Wing Tinker Air Force Base, Oklahoma Commercial: (405) 734-0341 tel:%28405%29%20734-0341 -Original Message- From: ESRY JR., DON [mailto:de3...@att.com] Sent: Tuesday, March 31, 2015 4:16 PM To: Matt Zagrabelny; MAGANA, ANDREAS S I CTR USAF AFMC 72 ABW/SCOOT Cc: expectperl-disc...@lists.sourceforge.net Subject: RE: [Expectperl-discuss] expect.pm not updating password I think you will want a