I wanted to make the remote connection and automate the change password of any user account in that remote machine so I am using Perl Net::SSH:: Expect module. My connection is happening but I'm not able to perform any command on the remote machine. I am new to Perl language so there might be some mistakes in my code. I have tried searching for this but wasn't able to find something related to it.
Initially, I tried using Net:: OpenSSH and Expect module in combination but wasn't able to achieve the use-case.
#!/usr/bin/perl
use strict;
use warnings;
use Net::OpenSSH;
use Expect;
use Net::SSH::Expect;
my $uName= "user";
my $ssh = Net::SSH::Expect->new (
host => "IPAddress",
password=> "userPassword",
user => $uName,
raw_pty => 1
);
# logon to the SSH server using those credentials.
my $login_output = $ssh->login();
if ($login_output !~ /Welcome/) {
die "Login has failed. Login output was $login_output";
}
#Random line display
print "Connected to $uName\n";
#This is where I was trying the change password use case
$ssh->send("passwd") or die "Cannot execute the passwd command: $!\n";
$ssh->waitfor("Changing password for user.\n
(current) UNIX password: ", 3) or die "prompt 'password' not found after 1 second";
$ssh->send("oldPassword\n");
$ssh->waitfor("\n
Enter new UNIX password: " , 2) or die "prompt 'New password:' not found";
$ssh->send("newPassword");
$ssh->waitfor("\n
Retype new UNIX password: ", 1) or die "prompt 'Confirm new password:' not found";
$ssh->send("newPassword");
#$ssh->send("") or die "Cannot spawn: $!\n";
$ssh->close();
This the output i am getting
Cannot execute the passwd command
New Update
I tried executing a simple command just to check whether any command is getting executed or not. It is but still, my change password use case using send(passwd) is not.
#!/usr/bin/perl
use strict;
use warnings;
#use Net::OpenSSH;
#use Expect;
use Net::SSH::Expect;
#
# You can do SSH authentication with user-password or without it.
#
my $uName= "admin1";
# Making an ssh connection with user-password authentication
# 1) construct the object
my $ssh = Net::SSH::Expect->new (
host => "192.168.56.101",
password=> "Passw0rd1",
user => "admin1",
raw_pty => 1
);
# 2) logon to the SSH server using those credentials.
# test the login output to make sure we had success
my $login_output = $ssh->login();
if ($login_output !~ /Welcome/) {
die "Login has failed. Login output was $login_output";
}
print "Connected to $uName\n";
This is the new simple command i am trying to execute
my $who = $ssh->exec("who");
print ($who);
My old use case with die removed from send()
$ssh->send("passwd");
$ssh->waitfor("Changing password for $uName.\n(current) UNIX password: ", 2) or die "prompt 'password' not found after 2 second";
$ssh->send("Passw0rd1\n");
$ssh->waitfor("\nEnter new UNIX password: " , 2) or die "prompt 'New password:' not found";
$ssh->send("qwerty123");
$ssh->waitfor("\nRetype new UNIX password: ", 1) or die "prompt 'Confirm new password:' not found";
$ssh->send("qwerty123");
$ssh->close();
Now the output is coming like this
admin3#admin3-VirtualBox:~/Desktop$ perl NetSSHExpect.pl
Connected to admin1
admin1 :0 2019-07-19 11:49 (:0)
admin1 pts/1 2019-07-19 12:41 (192.168.56.1)
admin1#admin1-VirtualBox:~$ prompt 'password' not found after 2 second at NetSSHExpect.pl line 36.
admin3#admin3-VirtualBox:~/Desktop$
According to the documentation:
void send($string) - sends $string to the SSH server, returns nothing
Sends the string to the SSH server.
So don't check the return value, just remove the or die .. part after the send():
$ssh->send("passwd"); # <-- no error code is returned here..
Related
I have built a script which should get a file from remote machine to local machine.
#!/usr/bin/perl
use strict;
use warnings;
use Net::OpenSSH;
use Data::Dumper;
my $local_dir = "/LOCAL/DIR/LOCATION/"
print "[LOCAL DIR]-> $local_dir\n";
my $remote_dir = "/REMOTE/DIR/LOCATION/";
print "[REMOTE DIR]-> $remote_dir\n";
my ($host, $user, $password) = ("remote.machine.ip.address", "userid", "password");
my $ssh = Net::OpenSSH->new($host,
user => $user,
password => $passwd,
master_opts => [-o => "StrictHostKeyChecking=no"]
);
$ssh->error and die "Couldn't establish SSH connection: ". $ssh->error;
my #file = $ssh->capture("cd $remote_dir && ls -1tr | grep Report | tail -1");
print "[FILE]:\n".Dumper(\#file);
$ssh->scp_get({glob => 1}, "$remote_dir$file[0]", $local_dir)
or die "scp failed: " . $ssh->error;
undef $ssh;
In the above code its able to print the Dumper value for #file but unable to get the file in local system.
Here is the error it throws at the end:
[FILE]:
$VAR1 = [
'Report_Managable_20200705.csv
'
];
scp: /REMOTE/DIR/LOCATION/Report_Managable_20200705.csv
protocol error: expected control record
scp failed: scp failed: child exited with code 1 at file_get_test.pl line 22.
Can anybody help me to fix this issue. TIA.
The list returned by $ssh->capture() has new lines at the end of each item. Try use chomp #file to remove the newlines.
I'm working on moving a Perl script that pushed commands to routers. We have turned off telnet, so I'm working on getting SSH to work. After looking at a number of SSH libraries in Perl, I've opted to use Net::OpenSSH. I have no problem logging in and passing commands to the routers, but the problem I'm having is with entering config mode and subsequently passing a command.
The problem is that with each command entered, the underlying system appears to logout then reenter with the next subsequent command. For example with a Juniper router I'm trying to do the following:
edit private
set interfaces xe-1/3/2 description "AVAIL: SOMETHING GOES HERE"
commit
exit
quit
Tailing the syslog from the router I'm seeing something like this...
(...)
UI_LOGIN_EVENT: User 'tools' login, class 'j-remote-user' [65151], ssh-connection 'xxx.xxx.xxx.xxx 42247 xxx.xxx.xxx.xxx 22', client-mode 'cli'
UI_CMDLINE_READ_LINE: User 'tools', command 'edit private '
UI_DBASE_LOGIN_EVENT: User 'tools' entering configuration mode
UI_DBASE_LOGOUT_EVENT: User 'tools' exiting configuration mode
UI_LOGOUT_EVENT: User 'tools' logout
UI_AUTH_EVENT: Authenticated user 'remote' at permission level 'j-remote-user'
UI_LOGIN_EVENT: User 'tools' login, class 'j-remote-user' [65153], ssh-connection 'xxx.xxx.xxx.xxx 42247 xxx.xxx.xxx.xxx 22', client-mode 'cli'
UI_CMDLINE_READ_LINE: User 'tools', command 'set interfaces '
UI_LOGOUT_EVENT: User 'tools' logout
(...)
As you notice I'm getting a LOGOUT_EVENT after each command entered. Of course exiting config mode immediately after entering it causes the set interfaces command to fail as it's no longer in config mode.
The Perl code I'm using is as follows...
#!/usr/bin/perl -w
use strict;
use lib qw(
/usr/local/admin/protect/perl
/usr/local/admin/protect/perl/share/perl/5.10.1
);
use Net::OpenSSH;
my $hostname = "XXXXX";
my $username = "tools";
my $password = "XXXXX";
my $timeout = 60;
my $cmd1 = "edit private";
my $cmd2 = 'set interfaces xe-1/3/2 description "AVAIL: SOMETHING GOES HERE"';
my $cmd3 = "commit";
my $cmd4 = "exit";
my $ssh = Net::OpenSSH->new($hostname, user => $username, password => $password, timeout => $timeout,
master_opts => [-o => "StrictHostKeyChecking=no"]);
$ssh->error and die "Unable to connect to remote host: " . $ssh->error;
my #lines = eval { $ssh->capture($cmd1) };
foreach (#lines) {
print $_;
};
#lines = eval { $ssh->capture($cmd2) };
foreach (#lines) {
print $_;
};
#lines = eval { $ssh->capture($cmd3) };
foreach (#lines) {
print $_;
};
#lines = eval { $ssh->capture($cmd4) };
foreach (#lines) {
print $_;
};
$ssh->system("quit");
The sequence of events is the same as when telnet was used. The only real change was in using SSH objects verses Telnet objects. I'm stumped. Any ideas you could provide would be quite helpful.
[SOLVED, sort of]
The suggestion let Net::Telnet do the driving was the correct one. The following code works...
#!/usr/bin/perl -w
use strict;
use Net::OpenSSH;
use Net::Telnet;
use Data::Dumper;
my $promptEnd = '/\w+[\$\%\#\>]\s{0,1}$/o';
my $cmd1 = "show system uptime | no-more";
my $cmd2 = "show version brief | no-more";
my $hostname = "xxx.xxx";
my $username = "xxxxxxx";
my $password = "xxxxxxx";
my $timeout = 60;
my $ssh = Net::OpenSSH->new(
$hostname,
user => $username,
password => $password,
timeout => $timeout,
master_opts => [ -o => "StrictHostKeyChecking=no" ]
);
$ssh->error and die "Unable to connect to remote host: " . $ssh->error;
my ( $fh, $pid ) = $ssh->open2pty( { stderr_to_stdout => 1 } );
my %params = (
fhopen => $fh,
timeout => $timeout,
errmode => 'return',
);
$conn = Net::Telnet->new(%params);
$conn->waitfor($promptEnd);
#lines = $conn->cmd($cmd1);
foreach (#lines) {
print $_;
}
#lines = $conn->cmd($cmd2);
foreach (#lines) {
print $_;
}
$conn->cmd("quit");
The problem I'm having is that I can't seem to separate the code into subroutines. Once the $conn object is returned from a subroutine, the underlying ssh connection drops. I need to separate this logic in order to not have to rewrite many, many programs and lines of code that relay on this pusher routine. However that problem I'll direct to another question.
[Edit, fully solved]
Just an update in case anyone needs to do something similar.
While the above worked very well when run under a single subroutine, I found that any time I passed the handle to another subroutine, the telnet handle remained open, but the ssh connection dropped.
To solve this I found that if I passed the ssh handle to another subroutine, then later attached the open2pty, and attached Net::Telnet, then I could pass the Net::Telnet handle between subroutines without the underlying ssh connection dropping. This also worked for Net::Telnet::Cisco as well. I have this code working well with Cisco, Juniper, and Brocade routers.
You should also consider adding a few more parameters to the Net::Telnet->new() because it is interacting with ssh rather than a TELNET server.
-telnetmode => 0
-output_record_separator => "\r",
-cmd_remove_mode => 1,
Because there is no TELNET server on remote side, -telnetmode => 0 turns off TELNET negotiation.
The end-of-line is most likely just a carriage-return (i.e. -output_record_separator => "\r") rather than the TCP or TELNET combination of carriage-return linefeed ("\r\n").
Always strip the echoed back input -cmd_remove_mode => 1
There are several possibilities:
Some routers accept having the sequence of commands sent up front via stdin:
my $out = $ssh->capture({stdin_data => join("\r\n", #cmds, '')})
In other cases you will have to use something like Expect to send a command, wait for the prompt to appear again, send another command, etc.
If you were using Net::Telnet before, the Net::OpenSSH docs explain how to integrate both (though I have to admit that combination is not very tested).
Also, some routers provide some way to escape to a full Unix-like shell. I.e., preppending the commands with a bang:
$ssh->capture("!ls");
I am using expect in perl to get interface information from my router. When I run the command on the remote router its missing about 10-15 lines that should be there. Not sure why its stopping, any ideas?
#!/usr/bin/perl -w
#use strict;
use warnings;
use Net::SSH::Expect;
my $ssh = Net::SSH::Expect->new (
host => "10.10.10.10",
user => 'user',
password => 'pass'
);
my $login_output = $ssh->login();
if ($login_output !~ /router#/) {
die "Login has failed. Login output was $login_output";
}
#$ssh->run_ssh() or die "SSH process couldn't start: $!";
$ssh->send("show int g2/1");
my $line;
while (defined ($line = $ssh->read_line()) ) {
print $line."\n";
}
Net::SSH::Expect is not reliable. Use other module as Net::OpenSSH, Net::SSH2, Net::SSH::Any or just Expect
use Net::OpenSSH;
my $ssh = Net::OpenSSH->new("10.10.10.10",
user => 'user',
password => 'pass',
timeout => 60 );
my $output = $ssh->capture('show int g2/1');
# or for some non-conforming SSH server implementations rather
# common in network equipment you will have to do...
my $output = $ssh->capture({stdin_data => "show int g2/1\n"});
$ssh->error and die "unable to run remote command: " . $ssh->error;
I suspect since you are dealing with a router, you want to enable raw_pty => 1 like the Net::SSH::Expect documentation suggests. Also, it might be easier for you to use the ->exec calls instead of the ->send + read_line.
For debugging further, pass in the log_stdout to the Net::SSH::Expect constructor and see if you can detect anything awry happening. Why did you comment out 'use strict'? Always 'use strict' and 'use warnings'
I can successfully create a connection to a Postgres db using the following:
my $settings = {
host => 'myhost',
db => 'mydb',
user => 'myuser',
passwd => 'mypasswd'
};
my $connection = DBI->connect(
'DBI:Pg:dbname=' . $settings->{'db'} . ';host=' . $settings->{'host'},
$settings->{'user'},
$settings->{'passwd'},
{
RaiseError => 1,
ShowErrorStatement => 0,
AutoCommit => 0
}
) or die DBI->errstr;
But I'm left with valuable login credentials exposed (yes, I changed them) in my Perl module. Currently, I use psql to issue queries interactively. And to save on having to remember my username/password, I have placed the credentials in a file (~/.pgpass) with permissions 600. The file looks like this:
# host:port:database:user:passwd
myhost:5432:mydb:myuser:mypasswd
How can I safely use this file ("$ENV{HOME}/.pgpass") and the DBI module to hide my credentials? Can it be done? What is best practice?
YES! There IS a better way.
Change between test & live servers easily.
keep passwords in ~/.pgpass (for psql & pg_dump)
other config info in ~/.pg_service.conf (or /etc/pg_service.conf)
e.g:
#!/usr/bin/perl -T
use strict;
use warnings;
use DBI;
my $dbh = DBI->connect
(
#"dbi:Pg:service=live",
"dbi:Pg:service=test",
undef,
undef,
{
AutoCommit => 0,
RaiseError => 1,
PrintError => 0
}
) or die DBI->errstr;
~/.pg_service.conf:
# http://www.postgresql.org/docs/9.2/static/libpq-pgservice.html
# /usr/local/share/postgresql/pg_service.conf.sample
# http://search.cpan.org/dist/DBD-Pg/Pg.pm
#
[test]
dbname=hotapp_test
user=hotusr_test
# localhost, no TCP nonsense needed:
host=/tmp
[live]
dbname=hotapp_live
user=hotusr_live
host=pgsql-server.example.org
~/.pgpass:
# http://www.postgresql.org/docs/9.2/static/libpq-pgpass.html
# hostname:port:database:username:password
localhost:5432:hotapp_test:hotusr_test:kq[O2Px7=g1
pgsql-server.example.org:5432:hotapp_live:hotusr_live:Unm£a7D(H
Put your login credentials in a file called ~/.pgpass as per the question above.
To open a connection, you'll need to hard-code in the host, database and username. But that's ok, because at least you don't need to code in the password field. This field stays hidden in your ~/.pgpass file.
Make sure to set the connection instance's password field to undef.
Here's what worked for me:
my $settings = {
host => 'myhost',
db => 'mydb',
user => 'myuser'
};
my $connection = DBI->connect(
'DBI:Pg:dbname=' . $settings->{'db'} . ';host=' . $settings->{'host'},
$settings->{'user'},
undef,
{
RaiseError => 1,
ShowErrorStatement => 0,
AutoCommit => 0
}
) or die DBI->errstr;
The connections establishes successfully because for some reason, unknown to me at least, the instance searches the ~/.pgpass file when attempting the connection. I knew there was some magic with this file, I was just unsure about what to do with it. Doc link:
http://search.cpan.org/dist/DBI/DBI.pm#data_string_diff
Notice how a search for "pgpass" on that page does not return? And I refuse to read all of it. Well, one day maybe..
open(my $fh, '<', "$ENV{HOME}/.pgpass") or die $!;
my $settings;
while (<>) {
chomp;
next if /^\s*(?:#.*)?\z/s;
#{$settings}{qw( host port database user passwd )} = split /:/;
}
die "No settings" if !$settings;
Any user capable of running the script would still be able to see the creds.
I am very new to Perl script and trying to write a perl code to ssh to a Router and then run scp export command on the router (scp export from router to a remote destination server).
#!/usr/local/bin/perl
use Net::SSH::Expect;
use warnings;
$hostname = "Router";
my $ssh = Net::SSH::Expect->new (
host => $hostname,
password=> 'abcd',
user => 'admin',
raw_pty => 1,
timeout => 150,
);
my $login_output = $ssh->login();
if ($login_output !~ /Router/) {
die "Login has failed. Login output was $login_output";
}
$ssh->send("scp export log traffic start-time equal 2013/04/01\#00:00:00 to user\#192.168.1.1:<path> end-time equal 2013/04/01\#01:00:00",3);
$ssh->waitfor('user#192.168.1.1\'s password:\s*') or die "prompt 'password' not found";
$ssh->send("abcd");
$ssh->send("\n");
sleep 100;
my $logout = $ssh->close();
print "=" x 50;
print "\n";
I am able to see that script logins to the router fine (I can see a new user on the router everytime I run the script). However, after few seconds, script terminates with error:
SSHProcessError The ssh process was terminated. at cron1 line 22
What is wrong with line 22: $ssh->waitfor('user#192.168.1.1\'s password:\s*') or die "prompt 'password' not found";
I used a different approach to login to a server. Have made a function out of this piece of code, works fine every time for me. See if this can help you out..
sub connect {
my $host =shift;
my $password=shift;
my $user=shift;
my $counter=0;
my $login_output;
$ssh = Net::SSH::Expect->new (
host => "$host",
password=> "$password",
user => "$user",
raw_pty => 1
);
$login_output = $ssh->run_ssh();
LABLE_login: # Lable used for looping
$login_output=$ssh->read_all();
if( $login_output =~ /yes/){ # To check if you are logging in for the first time
$ssh->send("yes\n");
sleep(2);
$login_output=$ssh->read_all();
if( $login_output =~ /Password/){
$ssh->send("$password\n");
}
}
elsif( $login_output =~ /Password/)
{
$ssh->send("$password\n");
}
else
{
sleep(2);
$counter++;
if($counter eq 3)
{ print color('red');print "Cannot connect to host exiting now\n";print color('reset');exit();}
goto LABLE_login;
}
$login_output=$ssh->send("$password\n");
return $ssh;
}
I ran into the same problem when $hostname wasn't valid. Doing a simple hostname check first fixed it for me..
die "Host $hostname not found" unless gethostbyname($hostname);
update:
It seems just about any ssh connection error will cause the SSHProcessError error.