Re: [openssl-users] updating list of server account password
What does the ${ip} mean?
//SIGNED//
Andy Magaña
UNIX Systems Administrator
Diligent Contractor, 72nd Air Base Wing
Tinker Air Force Base, Oklahoma
Commercial: (405) 734-0341
-Original Message-
From: mike nicholas [mailto:xmikenichol...@gmail.com]
Sent: Monday, April 06, 2015 10:58 AM
To: MAGANA, ANDREAS S I CTR USAF AFMC 72 ABW/SCOOT
Cc: ESRY JR. DON; openssl-users@openssl.org; Matt Zagrabelny
Subject: Re: updating list of server account password
Try something like this:
my $exp = new Expect;
$exp-log_stdout(1);
$username = XX;
$exp-spawn( ssh -l ${username} ${ip} ) or die cannot spawn $command: $!
\n;
$exp-log_file(./${log_dir}/$ip\_info.log);
print \nspawning ssh connection to $ip on $time\n\n;
$exp-log_file-print( \nspawning ssh connection to $ip on $time\n\n );
$exp-expect(8,
[ 'connecting' = sub { $exp-send(yes \n); exp_continue; } ],
[ 'assword:' = sub { $exp-send($pw\n); exp_continue; } ],
[ '-re', ' ?$' = sub { break; }],
[ 'try again' = sub { die died from bad password.\n; }],
[ 'refused' = sub { die died from connection refused.\n; exp_continue; }
],
[ eof = sub { die died from eof.\n; }],
[ timeout = sub { $exp-hard_close(); }],
);
On Mon, Apr 6, 2015 at 10:52 AM, MAGANA, ANDREAS S I CTR USAF AFMC 72 ABW/SCOOT
andreas.magana@us.af.mil wrote:
//SIGNED//
Andy Magaña
UNIX Systems Administrator
Diligent Contractor, 72nd Air Base Wing
Tinker Air Force Base, Oklahoma
Commercial: (405) 734-0341 tel:%28405%29%20734-0341
-Original Message-
From: mike nicholas [mailto:xmikenichol...@gmail.com]
Sent: Monday, April 06, 2015 10:48 AM
To: MAGANA, ANDREAS S I CTR USAF AFMC 72 ABW/SCOOT
Cc: ESRY JR. DON; openssl-users@openssl.org; Matt Zagrabelny
Subject: Re: updating list of server account password
So the else if will only run if the first if is not true, that doesn't
seem right,.
On Apr 3, 2015 2:52 PM, MAGANA, ANDREAS S I CTR USAF AFMC 72
ABW/SCOOT andreas.magana@us.af.mil wrote:
Hello Mike, Don and Matt,
At the point I am at this list of servers in my script I would
really need someone with more experience to see if I even have the right
scripting.
#!/usr/bin/perl
use strict;
use Expect;
my $timeout = 60;
my @servers = qw(
remotehost03
remotehost04
remotehost05
remotehost06
);
for my $server (@servers) {
# do your thing with $server
change_password($server);
}
sub change_password {
my $system = shift;
my $filename = /var/tmp/expect_script.log;
my $ssh = Expect-new('ssh amagana@' . $system);
$ssh-debug(1);
$ssh-expect ( $timeout,
[ qr/Password:/],
[ qr/Are you sure you want to continue connecting
\(yes\/no\)?/]
);
if ($ssh-match() =~ m/Are you sure you want to continue
connecting \(yes\/no\)?/ ) {
$ssh-send(yes\r);
}
elsif ($ssh-match() =~ m/Password:/ ) {
$ssh-send(mypassword\n);
}
#$ssh-log_file($filename, 'w');
$ssh-expect(60, '$');
$ssh-send(su - root\n);
$ssh-expect(60, 'Password:');
$ssh-send(rootpassword\n);
$ssh-expect(60, '#');
$ssh-send(passwd amagana\n);
$ssh-expect(60, 'New Password:');
$ssh-send(mynewpassword\n);
$ssh-expect(60, 'Re-enter new Password:');
$ssh-send(mynewpassword\n);
$ssh-expect(60, '#');
$ssh-close();
Mike,
If that does not seem right what can I change it to make it right?
Respectfully,
#!/usr/bin/perl
use strict;
use Expect;
my $timeout = 60;
my $filename = /var/tmp/expect_script.log;
my $ssh = Expect-new('ssh
Re: [openssl-users] updating list of server account password
Perhaps you don't want to post this kind of thing to a global mailing list for
all users of openssl?
--
Senior Architect, Akamai Technologies
IM: richs...@jabber.at Twitter: RichSalz
-Original Message-
From: MAGANA, ANDREAS S I CTR USAF AFMC 72 ABW/SCOOT
[mailto:andreas.magana@us.af.mil]
Sent: Monday, April 06, 2015 11:53 AM
To: mike nicholas
Cc: openssl-users@openssl.org; ESRY JR. DON; Matt Zagrabelny
Subject: Re: [openssl-users] updating list of server account password
//SIGNED//
Andy Magaña
UNIX Systems Administrator
Diligent Contractor, 72nd Air Base Wing
Tinker Air Force Base, Oklahoma
Commercial: (405) 734-0341
-Original Message-
From: mike nicholas [mailto:xmikenichol...@gmail.com]
Sent: Monday, April 06, 2015 10:48 AM
To: MAGANA, ANDREAS S I CTR USAF AFMC 72 ABW/SCOOT
Cc: ESRY JR. DON; openssl-users@openssl.org; Matt Zagrabelny
Subject: Re: updating list of server account password
So the else if will only run if the first if is not true, that doesn't seem
right,.
On Apr 3, 2015 2:52 PM, MAGANA, ANDREAS S I CTR USAF AFMC 72
ABW/SCOOT andreas.magana@us.af.mil wrote:
Hello Mike, Don and Matt,
At the point I am at this list of servers in my script I would really
need
someone with more experience to see if I even have the right scripting.
#!/usr/bin/perl
use strict;
use Expect;
my $timeout = 60;
my @servers = qw(
remotehost03
remotehost04
remotehost05
remotehost06
);
for my $server (@servers) {
# do your thing with $server
change_password($server);
}
sub change_password {
my $system = shift;
my $filename = /var/tmp/expect_script.log;
my $ssh = Expect-new('ssh amagana@' . $system);
$ssh-debug(1);
$ssh-expect ( $timeout,
[ qr/Password:/],
[ qr/Are you sure you want to continue connecting \(yes\/no\)?/]
);
if ($ssh-match() =~ m/Are you sure you want to continue
connecting \(yes\/no\)?/ ) {
$ssh-send(yes\r);
}
elsif ($ssh-match() =~ m/Password:/ ) {
$ssh-send(mypassword\n);
}
#$ssh-log_file($filename, 'w');
$ssh-expect(60, '$');
$ssh-send(su - root\n);
$ssh-expect(60, 'Password:');
$ssh-send(rootpassword\n);
$ssh-expect(60, '#');
$ssh-send(passwd amagana\n);
$ssh-expect(60, 'New Password:');
$ssh-send(mynewpassword\n);
$ssh-expect(60, 'Re-enter new Password:');
$ssh-send(mynewpassword\n);
$ssh-expect(60, '#');
$ssh-close();
Mike,
If that does not seem right what can I change it to make it right?
Respectfully,
#!/usr/bin/perl
use strict;
use Expect;
my $timeout = 60;
my $filename = /var/tmp/expect_script.log;
my $ssh = Expect-new('ssh amagana@remotehost');
$ssh-debug(1);
$ssh-expect ( $timeout,
[ qr/Password:/],
[ qr/Are you sure you want to continue connecting \(yes\/no\)?/]
);
if ($ssh-match() =~ m/Are you sure you want to continue
connecting \(yes\/no\)?/ ) {
$ssh-send(yes\r);
}
elsif ($ssh-match() =~ m/Password:/ ) {
$ssh-send(mypassword\n);
}
#$ssh-log_file($filename, 'w');
$ssh-expect(60, '$');
$ssh-send(su - root\n);
$ssh-expect(60, 'Password:');
$ssh-send(rootpassword\n);
$ssh-expect(60, '#');
$ssh-send(passwd amagana\n);
$ssh-expect(60, 'New Password:');
$ssh-send(mynewpassword\n);
$ssh-expect(60, 'Re-enter new Password:');
$ssh-send(mynewpassword\n);
$ssh-expect(60, '#');
$ssh-close();
//SIGNED//
Andy Magaña
UNIX Systems Administrator
Diligent Contractor, 72nd Air Base Wing
Tinker Air Force Base, Oklahoma
Commercial: (405) 734-0341
-Original Message-
From: mike nicholas [mailto:xmikenichol...@gmail.com]
Sent: Wednesday, April 01, 2015 9:46 AM
To: MAGANA, ANDREAS S I CTR USAF AFMC 72 ABW/SCOOT
Cc: ESRY JR., DON; Matt Zagrabelny; expectperl-
disc...@lists.sourceforge.net
Subject: Re: [Expectperl-discuss] expect.pm not updating password
Try something like this:
my $exp = new Expect;
$exp-log_stdout(1);
$username = XX;
$exp-spawn( ssh -l ${username} ${ip} ) or die cannot spawn
$command: $! \n;
$exp-log_file(./${log_dir}/$ip\_info.log);
print \nspawning ssh connection to $ip on $time\n\n;
$exp-log_file-print( \nspawning ssh connection to $ip on
$time\n\n );
$exp-expect(8
Re: [openssl-users] updating list of server account password
//SIGNED//
Andy Magaña
UNIX Systems Administrator
Diligent Contractor, 72nd Air Base Wing
Tinker Air Force Base, Oklahoma
Commercial: (405) 734-0341
-Original Message-
From: mike nicholas [mailto:xmikenichol...@gmail.com]
Sent: Monday, April 06, 2015 10:48 AM
To: MAGANA, ANDREAS S I CTR USAF AFMC 72 ABW/SCOOT
Cc: ESRY JR. DON; openssl-users@openssl.org; Matt Zagrabelny
Subject: Re: updating list of server account password
So the else if will only run if the first if is not true, that doesn't seem
right,.
On Apr 3, 2015 2:52 PM, MAGANA, ANDREAS S I CTR USAF AFMC 72 ABW/SCOOT
andreas.magana@us.af.mil wrote:
Hello Mike, Don and Matt,
At the point I am at this list of servers in my script I would really
need someone with more experience to see if I even have the right scripting.
#!/usr/bin/perl
use strict;
use Expect;
my $timeout = 60;
my @servers = qw(
remotehost03
remotehost04
remotehost05
remotehost06
);
for my $server (@servers) {
# do your thing with $server
change_password($server);
}
sub change_password {
my $system = shift;
my $filename = /var/tmp/expect_script.log;
my $ssh = Expect-new('ssh amagana@' . $system);
$ssh-debug(1);
$ssh-expect ( $timeout,
[ qr/Password:/],
[ qr/Are you sure you want to continue connecting \(yes\/no\)?/]
);
if ($ssh-match() =~ m/Are you sure you want to continue connecting
\(yes\/no\)?/ ) {
$ssh-send(yes\r);
}
elsif ($ssh-match() =~ m/Password:/ ) {
$ssh-send(mypassword\n);
}
#$ssh-log_file($filename, 'w');
$ssh-expect(60, '$');
$ssh-send(su - root\n);
$ssh-expect(60, 'Password:');
$ssh-send(rootpassword\n);
$ssh-expect(60, '#');
$ssh-send(passwd amagana\n);
$ssh-expect(60, 'New Password:');
$ssh-send(mynewpassword\n);
$ssh-expect(60, 'Re-enter new Password:');
$ssh-send(mynewpassword\n);
$ssh-expect(60, '#');
$ssh-close();
Mike,
If that does not seem right what can I change it to make it right?
Respectfully,
#!/usr/bin/perl
use strict;
use Expect;
my $timeout = 60;
my $filename = /var/tmp/expect_script.log;
my $ssh = Expect-new('ssh amagana@remotehost');
$ssh-debug(1);
$ssh-expect ( $timeout,
[ qr/Password:/],
[ qr/Are you sure you want to continue connecting \(yes\/no\)?/]
);
if ($ssh-match() =~ m/Are you sure you want to continue connecting
\(yes\/no\)?/ ) {
$ssh-send(yes\r);
}
elsif ($ssh-match() =~ m/Password:/ ) {
$ssh-send(mypassword\n);
}
#$ssh-log_file($filename, 'w');
$ssh-expect(60, '$');
$ssh-send(su - root\n);
$ssh-expect(60, 'Password:');
$ssh-send(rootpassword\n);
$ssh-expect(60, '#');
$ssh-send(passwd amagana\n);
$ssh-expect(60, 'New Password:');
$ssh-send(mynewpassword\n);
$ssh-expect(60, 'Re-enter new Password:');
$ssh-send(mynewpassword\n);
$ssh-expect(60, '#');
$ssh-close();
//SIGNED//
Andy Magaña
UNIX Systems Administrator
Diligent Contractor, 72nd Air Base Wing
Tinker Air Force Base, Oklahoma
Commercial: (405) 734-0341
-Original Message-
From: mike nicholas [mailto:xmikenichol...@gmail.com]
Sent: Wednesday, April 01, 2015 9:46 AM
To: MAGANA, ANDREAS S I CTR USAF AFMC 72 ABW/SCOOT
Cc: ESRY JR., DON; Matt Zagrabelny;
expectperl-disc...@lists.sourceforge.net
Subject: Re: [Expectperl-discuss] expect.pm not updating password
Try something like this:
my $exp = new Expect;
$exp-log_stdout(1);
$username = XX;
$exp-spawn( ssh -l ${username} ${ip} ) or die cannot spawn
$command: $! \n;
$exp-log_file(./${log_dir}/$ip\_info.log);
print \nspawning ssh connection
[openssl-users] updating list of server account password
Thank you Don and Matt and Mike,
Your help got me here and I learned so much and there is much more to learn but
I enjoy it. My script has a list of four Solaris 10 servers. Launching the perl
expect.pm script from a Red Hat server it went to each box and changed my
password with no problems. Thank you again. Here is the example script I used.
#!/usr/bin/perl
use strict;
use Expect;
my $timeout = 60;
my @servers = qw(
Solaris-host03
Solaris-host04
Solaris-host05
Solaris-host06
);
for my $server (@servers) {
# do your thing with $server
change_password($server);
}
sub change_password {
my $system = shift;
my $filename = /var/tmp/expect_script.log;
my $ssh = Expect-new('ssh amagana@' . $system);
#my $ssh = Expect-new('ssh amagana@tstorweb01');
$ssh-debug(1);
$ssh-expect ( $timeout,
[ qr/Password:/],
[ qr/Are you sure you want to continue connecting \(yes\/no\)?/]
);
if ($ssh-match() =~ m/Are you sure you want to continue connecting
\(yes\/no\)?/ ) {
$ssh-send(yes\r);
}
elsif ($ssh-match() =~ m/Password:/ ) {
$ssh-send(mycurrentpassword\n);
}
$filename = /var/tmp/expect_script_. $system .log;
$ssh-expect(60, '$');
$ssh-send(su - root\n);
$ssh-expect(60, 'Password:');
$ssh-send(rootpassword\n);
$ssh-expect(60, '#');
$ssh-send(passwd amagana\n);
$ssh-expect(60, 'New Password:');
$ssh-send(mynewpassword\n);
$ssh-expect(60, 'Re-enter new Password:');
$ssh-send(mynewpassword\n);
$ssh-expect(60, '#');
$ssh-close();
}
//SIGNED//
Andy Magaña
UNIX Systems Administrator
Diligent Contractor, 72nd Air Base Wing
Tinker Air Force Base, Oklahoma
Commercial: (405) 734-0341
-Original Message-
From: ESRY JR., DON [mailto:de3...@att.com]
Sent: Friday, April 03, 2015 3:19 PM
To: MAGANA, ANDREAS S I CTR USAF AFMC 72 ABW/SCOOT; openssl-users@openssl.org
Cc: Matt Zagrabelny; mike nicholas
Subject: RE: updating list of server account password
It looks to me like it will work.
There is NO WAY that I would run a password changing script without logging
everything I did.
I would suggest again that you log the results. You have that line commented
out. And with the 'w' you will overwrite the log everytime you run that sub so
it will only have the last server you run it on. I suggest that you take out
the 'w'. With the 'w' everytime you call that sub it will wipe out the file.
This means that when you one it for remotehost6 it will wipe out everything
from remotehost5
So I recommend that you replace:
#$ssh-log_file($filename, 'w');
With
$ssh-log_file($filename);
I also recommend that you put in a couple of exits; 1 to close the root shell
and the other to close your login shell.
If you prefer a safer test, try running the hostname command rather than the
passwd command.
$ssh-expect(60, '$');
$ssh-send(su - root\n);
$ssh-expect(60, 'Password:');
$ssh-send(rootpassword\n);
$ssh-expect(60, '#');
$ssh-send(hostname\n); # you might want to leave this in anyway to make
reading the log easier $ssh-expect(60, '#'); $ssh-send(uptime\n);
#$ssh-send(passwd amagana\n); #$ssh-expect(60, 'New Password:');
#$ssh-send(mynewpassword\n); #$ssh-expect(60, 'Re-enter new Password:');
#$ssh-send(mynewpassword\n); $ssh-expect(60, '#'); $ssh-send(exit\n);
$ssh-expect(60, '$'); $ssh-send(exit\n); $ssh-close();
-Original Message-
From: MAGANA, ANDREAS S I CTR USAF AFMC 72 ABW/SCOOT
[mailto:andreas.magana@us.af.mil]
Sent: Friday, April 03, 2015 3:53 PM
To: openssl-users@openssl.org
Cc: ESRY JR., DON; Matt Zagrabelny; mike nicholas
Subject: updating list of server account password
Hello Mike, Don and Matt,
At the point I am at this list of servers in my script I would really need
someone with more experience to see if I even have the right scripting.
#!/usr/bin/perl
use strict;
use Expect;
my $timeout = 60;
my @servers = qw(
remotehost03
remotehost04
remotehost05
remotehost06
);
for my $server (@servers) {
# do your thing with $server
change_password($server);
}
sub change_password {
my $system = shift;
my $filename = /var/tmp/expect_script.log; my $ssh = Expect-new('ssh
amagana@' . $system);
$ssh-debug(1);
$ssh-expect ( $timeout,
[ qr/Password:/],
[ qr/Are you sure you want to continue connecting \(yes\/no\)?/]
);
if ($ssh-match() =~ m/Are you sure you want to continue connecting
\(yes\/no\)?/ ) { $ssh-send(yes\r); }
elsif ($ssh-match() =~ m/Password:/ ) { $ssh-send(mypassword\n); }
#$ssh-log_file($filename, 'w');
$ssh-expect(60, '$');
$ssh-send(su - root\n);
$ssh-expect(60, 'Password:');
$ssh-send(rootpassword\n);
$ssh-expect(60, '#');
$ssh-send(passwd amagana\n);
$ssh-expect(60, 'New Password:');
$ssh-send(mynewpassword\n);
$ssh-expect(60, 'Re-enter new Password:'); $ssh-send(mynewpassword\n);
$ssh-expect(60, '#'); $ssh-close();
Respectfully,
#!/usr/bin/perl
use strict;
use Expect;
my $timeout = 60;
my $filename =
[openssl-users] updating list of server account password
Hello Mike, Don and Matt,
At the point I am at this list of servers in my script I would really need
someone with more experience to see if I even have the right scripting.
#!/usr/bin/perl
use strict;
use Expect;
my $timeout = 60;
my @servers = qw(
remotehost03
remotehost04
remotehost05
remotehost06
);
for my $server (@servers) {
# do your thing with $server
change_password($server);
}
sub change_password {
my $system = shift;
my $filename = /var/tmp/expect_script.log;
my $ssh = Expect-new('ssh amagana@' . $system);
$ssh-debug(1);
$ssh-expect ( $timeout,
[ qr/Password:/],
[ qr/Are you sure you want to continue connecting \(yes\/no\)?/]
);
if ($ssh-match() =~ m/Are you sure you want to continue connecting
\(yes\/no\)?/ ) {
$ssh-send(yes\r);
}
elsif ($ssh-match() =~ m/Password:/ ) {
$ssh-send(mypassword\n);
}
#$ssh-log_file($filename, 'w');
$ssh-expect(60, '$');
$ssh-send(su - root\n);
$ssh-expect(60, 'Password:');
$ssh-send(rootpassword\n);
$ssh-expect(60, '#');
$ssh-send(passwd amagana\n);
$ssh-expect(60, 'New Password:');
$ssh-send(mynewpassword\n);
$ssh-expect(60, 'Re-enter new Password:');
$ssh-send(mynewpassword\n);
$ssh-expect(60, '#');
$ssh-close();
Respectfully,
#!/usr/bin/perl
use strict;
use Expect;
my $timeout = 60;
my $filename = /var/tmp/expect_script.log;
my $ssh = Expect-new('ssh amagana@remotehost');
$ssh-debug(1);
$ssh-expect ( $timeout,
[ qr/Password:/],
[ qr/Are you sure you want to continue connecting \(yes\/no\)?/]
);
if ($ssh-match() =~ m/Are you sure you want to continue connecting
\(yes\/no\)?/ ) {
$ssh-send(yes\r);
}
elsif ($ssh-match() =~ m/Password:/ ) {
$ssh-send(mypassword\n);
}
#$ssh-log_file($filename, 'w');
$ssh-expect(60, '$');
$ssh-send(su - root\n);
$ssh-expect(60, 'Password:');
$ssh-send(rootpassword\n);
$ssh-expect(60, '#');
$ssh-send(passwd amagana\n);
$ssh-expect(60, 'New Password:');
$ssh-send(mynewpassword\n);
$ssh-expect(60, 'Re-enter new Password:');
$ssh-send(mynewpassword\n);
$ssh-expect(60, '#');
$ssh-close();
//SIGNED//
Andy Magaña
UNIX Systems Administrator
Diligent Contractor, 72nd Air Base Wing
Tinker Air Force Base, Oklahoma
Commercial: (405) 734-0341
-Original Message-
From: mike nicholas [mailto:xmikenichol...@gmail.com]
Sent: Wednesday, April 01, 2015 9:46 AM
To: MAGANA, ANDREAS S I CTR USAF AFMC 72 ABW/SCOOT
Cc: ESRY JR., DON; Matt Zagrabelny; expectperl-disc...@lists.sourceforge.net
Subject: Re: [Expectperl-discuss] expect.pm not updating password
Try something like this:
my $exp = new Expect;
$exp-log_stdout(1);
$username = XX;
$exp-spawn( ssh -l ${username} ${ip} ) or die cannot spawn $command: $!
\n;
$exp-log_file(./${log_dir}/$ip\_info.log);
print \nspawning ssh connection to $ip on $time\n\n;
$exp-log_file-print( \nspawning ssh connection to $ip on $time\n\n );
$exp-expect(8,
[ 'connecting' = sub { $exp-send(yes \n); exp_continue; } ],
[ 'assword:' = sub { $exp-send($pw\n); exp_continue; } ],
[ '-re', ' ?$' = sub { break; }],
[ 'try again' = sub { die died from bad password.\n; }],
[ 'refused' = sub { die died from connection refused.\n; exp_continue; }
],
[ eof = sub { die died from eof.\n; }],
[ timeout = sub { $exp-hard_close(); }],
);
On Wed, Apr 1, 2015 at 9:24 AM, MAGANA, ANDREAS S I CTR USAF AFMC 72 ABW/SCOOT
andreas.magana@us.af.mil wrote:
Now that I have a working script and thanks very much to you Matt and
Don,
I am trying to put in my script an if else because sometimes my script
will encounter this :
Are you sure you want to continue connecting (yes/no)?')
what I did create are some variables is this correct and may I see an
example if statement so that the script can make a decision and keep going?
use Expect;
my $knownhost = $ssh-expect(60, 'Are you sure you want to continue
connecting (yes/no)?');
my $answer = $ssh-send(yes\n);
my $filename = /var/tmp/expect_script.log;
//SIGNED//
Andy Magaña
UNIX Systems Administrator
Diligent Contractor, 72nd Air Base Wing
Tinker Air Force Base, Oklahoma
Commercial: (405) 734-0341 tel:%28405%29%20734-0341
-Original Message-
From: ESRY JR., DON [mailto:de3...@att.com]
Sent: Tuesday, March 31, 2015 4:16 PM
To: Matt Zagrabelny; MAGANA, ANDREAS S I CTR USAF AFMC 72 ABW/SCOOT
Cc: expectperl-disc...@lists.sourceforge.net
Subject: RE: [Expectperl-discuss] expect.pm not updating password
I think you will want a
