SSH登录的期望过程
Expect Procedure for SSH Login
我是 Expect 脚本的新手。我正在尝试创建一个过程,该过程将通过 SSH 连接到 routers/switches,如果失败则回退到 telnet。在将代码放入过程之前,我的代码运行良好。我确定我对程序的运作方式有些不了解。当我将它作为一个过程调用时,它确实通过接收 "Connection refused" 的 SSH 连接并像预期的那样回退到 telnet,它只是从不使用密码登录。当我启用调试模式时,我看到它发送了密码,但由于某种原因路由器似乎没有收到它。它只是停留在 Password: 提示符处,直到超时。
proc connectToTerminal { username hostname password } {
# Run ssh, don't display key warning
spawn ssh -o StrictHostKeyChecking=no $username\@$hostname
# Allow this script to handle ssh connection issues, fall back to telnet
expect {
timeout { send_user "\nTimeout Exceeded - Check Host\n"; exit 1 }
eof { send_user "\nSSH Connection To $hostname Failed\n"; exit 1 }
# If we have the correct prompt, continue
"*#" {}
# If it's asking for the password, it can have it
"*assword:" { send "$password\n" }
# Fall back to telnet if connection refused
"Connection refused" {
spawn telnet $hostname
#expect "username:"
#send "$username\n"
expect "*assword:"
send "$password\n"
}
# Fall back to telnet if connection is closed by [ip address]
-re {closed by \d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}} {
spawn telnet $hostname
#expect "username:"
#send "$username\n"
expect "*assword:"
send "$password\n"
}
# Use SSH v1 if the device is only accepting v1
"2 vs. 1" {
spawn ssh -1 -o StrictHostKeyChecking=no $username\@$hostname
expect {
"*assword:" { send "$password\n" }
timeout {
spawn telnet $hostname
#expect "username:"
#send "$username\n"
expect "*assword:"
send "$password\n"
}
}
}
}
}
connectToTerminal $username $hostname $password
下面是我运行脚本
时的调试输出
spawn ssh -o StrictHostKeyChecking=no wmh@172.16.1.195
parent: waiting for sync byte
parent: telling child to go ahead
parent: now unsynchronized from child
spawn: returns {7726}
Gate keeper glob pattern for 'closed by \d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}' is 'closed by *'. Activating booster.
expect: does "" (spawn_id exp6) match glob pattern "*#"? no
"*assword:"? no
"Connection refused"? no
"closed by \d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}"? Gate "closed by *"? gate=no
"2 vs. 1"? no
ssh: connect to host 172.16.1.195 port 22: Connection refused
expect: does "ssh: connect to host 172.16.1.195 port 22: Connection refused\r\r\n" (spawn_id exp6) match glob pattern "*#"? no
"*assword:"? no
"Connection refused"? yes
expect: set expect_out(0,string) "Connection refused"
expect: set expect_out(spawn_id) "exp6"
expect: set expect_out(buffer) "ssh: connect to host 172.16.1.195 port 22: Connection refused"
spawn telnet 172.16.1.195
parent: waiting for sync byte
parent: telling child to go ahead
parent: now unsynchronized from child
spawn: returns {7730}
expect: does "" (spawn_id exp7) match glob pattern "*assword:"? no
Trying 172.16.1.195...
expect: does "Trying 172.16.1.195...\r\n" (spawn_id exp7) match glob pattern "*assword:"? no
Connected to 172.16.1.195.
expect: does "Trying 172.16.1.195...\r\nConnected to 172.16.1.195." (spawn_id exp7) match glob pattern "*assword:"? no
expect: does "Trying 172.16.1.195...\r\nConnected to 172.16.1.195.\r\n" (spawn_id exp7) match glob pattern "*assword:"? no
Escape character is '^]'.
expect: does "Trying 172.16.1.195...\r\nConnected to 172.16.1.195.\r\nEscape character is '^]'." (spawn_id exp7) match glob pattern "*assword:"? no
expect: does "Trying 172.16.1.195...\r\nConnected to 172.16.1.195.\r\nEscape character is '^]'.\r\n" (spawn_id exp7) match glob pattern "*assword:"? no
C
*********************************************************************
* *
* *
* *
* THIS COMPUTER IS FOR PRIVATE USE ONLY *
* ------------------------------------- *
* *
* UNAUTHORIZED access to and/or use of this computer syst
expect: does "Trying 172.16.1.195...\r\nConnected to 172.16.1.195.\r\nEscape character is '^]'.\r\nC\r\n*********************************************************************\r\n* *\r\n* *\r\n* *\r\n* THIS COMPUTER IS FOR PRIVATE USE ONLY *\r\n* ------------------------------------- *\r\n* *\r\n* UNAUTHORIZED access to and/or use of this computer syst" (spawn_id exp7) match glob pattern "*assword:"? no
em *
* is a violation of law and is punishable under provisions of *
* 19 USC 1029 and 18 USC 1030, and applicable statutes. Use *
* of this system constitutes consent to security testing and *
* monitoring. *
* *
* 11-12-13 *
*********************************************************************
User Access Verification
Password:
expect: does "Trying 172.16.1.195...\r\nConnected to 172.16.1.195.\r\nEscape character is '^]'.\r\nC\r\n*********************************************************************\r\n* *\r\n* *\r\n* *\r\n* THIS COMPUTER IS FOR PRIVATE USE ONLY *\r\n* ------------------------------------- *\r\n* *\r\n* UNAUTHORIZED access to and/or use of this computer system *\r\n* is a violation of law and is punishable under provisions of *\r\n* 19 USC 1029 and 18 USC 1030, and applicable statutes. Use *\r\n* of this system constitutes consent to security testing and *\r\n* monitoring. *\r\n* *\r\n* 11-12-13 *\r\n*********************************************************************\r\n\r\n\r\nUser Access Verification\r\n\r\nPassword: " (spawn_id exp7) match glob pattern "*assword:"? yes
expect: set expect_out(0,string) "Trying 172.16.1.195...\r\nConnected to 172.16.1.195.\r\nEscape character is '^]'.\r\nC\r\n*********************************************************************\r\n* *\r\n* *\r\n* *\r\n* THIS COMPUTER IS FOR PRIVATE USE ONLY *\r\n* ------------------------------------- *\r\n* *\r\n* UNAUTHORIZED access to and/or use of this computer system *\r\n* is a violation of law and is punishable under provisions of *\r\n* 19 USC 1029 and 18 USC 1030, and applicable statutes. Use *\r\n* of this system constitutes consent to security testing and *\r\n* monitoring. *\r\n* *\r\n* 11-12-13 *\r\n*********************************************************************\r\n\r\n\r\nUser Access Verification\r\n\r\nPassword:"
expect: set expect_out(spawn_id) "exp7"
expect: set expect_out(buffer) "Trying 172.16.1.195...\r\nConnected to 172.16.1.195.\r\nEscape character is '^]'.\r\nC\r\n*********************************************************************\r\n* *\r\n* *\r\n* *\r\n* THIS COMPUTER IS FOR PRIVATE USE ONLY *\r\n* ------------------------------------- *\r\n* *\r\n* UNAUTHORIZED access to and/or use of this computer system *\r\n* is a violation of law and is punishable under provisions of *\r\n* 19 USC 1029 and 18 USC 1030, and applicable statutes. Use *\r\n* of this system constitutes consent to security testing and *\r\n* monitoring. *\r\n* *\r\n* 11-12-13 *\r\n*********************************************************************\r\n\r\n\r\nUser Access Verification\r\n\r\nPassword:"
send: sending "cisco\n" to { exp7 }
expect: does "" (spawn_id exp0) match glob pattern "*#"? no
"*>"? no
expect: timed out
发送密码后,再添加一个expect语句即可。
set prompt "#"
send "$password \r"
expect "$prompt"
除非我们明确告诉 Expect 等待它,否则它不会期望从会话中得到任何东西。
更新:
我不确定您是否遗漏了 expect 语句或在调用程序中错放了它。如果仍未解决,请更新您的问题。
如果你把expect语句放在另一个proc中,那么spawn_id应该传递给它,这样Expect就可以正确地等待它。否则,如果 spawn_id 为空,将恢复默认行为。即它将期望来自 stdin.
从你的调试输出中可以明显看出
expect: does "" (spawn_id exp0) match glob pattern "*#"? no
其中 exp0 就是 stdin。在该过程中,在生成 telnet 之后,您可以将 spawn_id 保存到另一个变量中,并将其 return 保存到可以使用它的调用程序中。
我是 Expect 脚本的新手。我正在尝试创建一个过程,该过程将通过 SSH 连接到 routers/switches,如果失败则回退到 telnet。在将代码放入过程之前,我的代码运行良好。我确定我对程序的运作方式有些不了解。当我将它作为一个过程调用时,它确实通过接收 "Connection refused" 的 SSH 连接并像预期的那样回退到 telnet,它只是从不使用密码登录。当我启用调试模式时,我看到它发送了密码,但由于某种原因路由器似乎没有收到它。它只是停留在 Password: 提示符处,直到超时。
proc connectToTerminal { username hostname password } {
# Run ssh, don't display key warning
spawn ssh -o StrictHostKeyChecking=no $username\@$hostname
# Allow this script to handle ssh connection issues, fall back to telnet
expect {
timeout { send_user "\nTimeout Exceeded - Check Host\n"; exit 1 }
eof { send_user "\nSSH Connection To $hostname Failed\n"; exit 1 }
# If we have the correct prompt, continue
"*#" {}
# If it's asking for the password, it can have it
"*assword:" { send "$password\n" }
# Fall back to telnet if connection refused
"Connection refused" {
spawn telnet $hostname
#expect "username:"
#send "$username\n"
expect "*assword:"
send "$password\n"
}
# Fall back to telnet if connection is closed by [ip address]
-re {closed by \d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}} {
spawn telnet $hostname
#expect "username:"
#send "$username\n"
expect "*assword:"
send "$password\n"
}
# Use SSH v1 if the device is only accepting v1
"2 vs. 1" {
spawn ssh -1 -o StrictHostKeyChecking=no $username\@$hostname
expect {
"*assword:" { send "$password\n" }
timeout {
spawn telnet $hostname
#expect "username:"
#send "$username\n"
expect "*assword:"
send "$password\n"
}
}
}
}
}
connectToTerminal $username $hostname $password
下面是我运行脚本
时的调试输出spawn ssh -o StrictHostKeyChecking=no wmh@172.16.1.195
parent: waiting for sync byte
parent: telling child to go ahead
parent: now unsynchronized from child
spawn: returns {7726}
Gate keeper glob pattern for 'closed by \d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}' is 'closed by *'. Activating booster.
expect: does "" (spawn_id exp6) match glob pattern "*#"? no
"*assword:"? no
"Connection refused"? no
"closed by \d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}"? Gate "closed by *"? gate=no
"2 vs. 1"? no
ssh: connect to host 172.16.1.195 port 22: Connection refused
expect: does "ssh: connect to host 172.16.1.195 port 22: Connection refused\r\r\n" (spawn_id exp6) match glob pattern "*#"? no
"*assword:"? no
"Connection refused"? yes
expect: set expect_out(0,string) "Connection refused"
expect: set expect_out(spawn_id) "exp6"
expect: set expect_out(buffer) "ssh: connect to host 172.16.1.195 port 22: Connection refused"
spawn telnet 172.16.1.195
parent: waiting for sync byte
parent: telling child to go ahead
parent: now unsynchronized from child
spawn: returns {7730}
expect: does "" (spawn_id exp7) match glob pattern "*assword:"? no
Trying 172.16.1.195...
expect: does "Trying 172.16.1.195...\r\n" (spawn_id exp7) match glob pattern "*assword:"? no
Connected to 172.16.1.195.
expect: does "Trying 172.16.1.195...\r\nConnected to 172.16.1.195." (spawn_id exp7) match glob pattern "*assword:"? no
expect: does "Trying 172.16.1.195...\r\nConnected to 172.16.1.195.\r\n" (spawn_id exp7) match glob pattern "*assword:"? no
Escape character is '^]'.
expect: does "Trying 172.16.1.195...\r\nConnected to 172.16.1.195.\r\nEscape character is '^]'." (spawn_id exp7) match glob pattern "*assword:"? no
expect: does "Trying 172.16.1.195...\r\nConnected to 172.16.1.195.\r\nEscape character is '^]'.\r\n" (spawn_id exp7) match glob pattern "*assword:"? no
C
*********************************************************************
* *
* *
* *
* THIS COMPUTER IS FOR PRIVATE USE ONLY *
* ------------------------------------- *
* *
* UNAUTHORIZED access to and/or use of this computer syst
expect: does "Trying 172.16.1.195...\r\nConnected to 172.16.1.195.\r\nEscape character is '^]'.\r\nC\r\n*********************************************************************\r\n* *\r\n* *\r\n* *\r\n* THIS COMPUTER IS FOR PRIVATE USE ONLY *\r\n* ------------------------------------- *\r\n* *\r\n* UNAUTHORIZED access to and/or use of this computer syst" (spawn_id exp7) match glob pattern "*assword:"? no
em *
* is a violation of law and is punishable under provisions of *
* 19 USC 1029 and 18 USC 1030, and applicable statutes. Use *
* of this system constitutes consent to security testing and *
* monitoring. *
* *
* 11-12-13 *
*********************************************************************
User Access Verification
Password:
expect: does "Trying 172.16.1.195...\r\nConnected to 172.16.1.195.\r\nEscape character is '^]'.\r\nC\r\n*********************************************************************\r\n* *\r\n* *\r\n* *\r\n* THIS COMPUTER IS FOR PRIVATE USE ONLY *\r\n* ------------------------------------- *\r\n* *\r\n* UNAUTHORIZED access to and/or use of this computer system *\r\n* is a violation of law and is punishable under provisions of *\r\n* 19 USC 1029 and 18 USC 1030, and applicable statutes. Use *\r\n* of this system constitutes consent to security testing and *\r\n* monitoring. *\r\n* *\r\n* 11-12-13 *\r\n*********************************************************************\r\n\r\n\r\nUser Access Verification\r\n\r\nPassword: " (spawn_id exp7) match glob pattern "*assword:"? yes
expect: set expect_out(0,string) "Trying 172.16.1.195...\r\nConnected to 172.16.1.195.\r\nEscape character is '^]'.\r\nC\r\n*********************************************************************\r\n* *\r\n* *\r\n* *\r\n* THIS COMPUTER IS FOR PRIVATE USE ONLY *\r\n* ------------------------------------- *\r\n* *\r\n* UNAUTHORIZED access to and/or use of this computer system *\r\n* is a violation of law and is punishable under provisions of *\r\n* 19 USC 1029 and 18 USC 1030, and applicable statutes. Use *\r\n* of this system constitutes consent to security testing and *\r\n* monitoring. *\r\n* *\r\n* 11-12-13 *\r\n*********************************************************************\r\n\r\n\r\nUser Access Verification\r\n\r\nPassword:"
expect: set expect_out(spawn_id) "exp7"
expect: set expect_out(buffer) "Trying 172.16.1.195...\r\nConnected to 172.16.1.195.\r\nEscape character is '^]'.\r\nC\r\n*********************************************************************\r\n* *\r\n* *\r\n* *\r\n* THIS COMPUTER IS FOR PRIVATE USE ONLY *\r\n* ------------------------------------- *\r\n* *\r\n* UNAUTHORIZED access to and/or use of this computer system *\r\n* is a violation of law and is punishable under provisions of *\r\n* 19 USC 1029 and 18 USC 1030, and applicable statutes. Use *\r\n* of this system constitutes consent to security testing and *\r\n* monitoring. *\r\n* *\r\n* 11-12-13 *\r\n*********************************************************************\r\n\r\n\r\nUser Access Verification\r\n\r\nPassword:"
send: sending "cisco\n" to { exp7 }
expect: does "" (spawn_id exp0) match glob pattern "*#"? no
"*>"? no
expect: timed out
发送密码后,再添加一个expect语句即可。
set prompt "#"
send "$password \r"
expect "$prompt"
除非我们明确告诉 Expect 等待它,否则它不会期望从会话中得到任何东西。
更新:
我不确定您是否遗漏了 expect 语句或在调用程序中错放了它。如果仍未解决,请更新您的问题。
如果你把expect语句放在另一个proc中,那么spawn_id应该传递给它,这样Expect就可以正确地等待它。否则,如果 spawn_id 为空,将恢复默认行为。即它将期望来自 stdin.
从你的调试输出中可以明显看出
expect: does "" (spawn_id exp0) match glob pattern "*#"? no
其中 exp0 就是 stdin。在该过程中,在生成 telnet 之后,您可以将 spawn_id 保存到另一个变量中,并将其 return 保存到可以使用它的调用程序中。