Home > Linux Command Line, Scripts > Automate ssh sudo using Expect

Automate ssh sudo using Expect

SCENARIO: In most of the linux servers as part of securing the ssh service we will be disabling direct root ssh access and will create a wheel user for ssh login and after logging in as that wheel user, we will switch to root user using “sudo su“.

USAGE: The intention is to avoid typing “sudo su” after logging in to the node. The two scripts pasted below can be used for this purpose. The first script “expect.ex” is an ‘expect‘ script which will be called from the bash script “ssh2.sh“. You need to put these two files inside the same directory.

ASSUMPTIONS:
1) ‘expect‘ program is installed
2) The wheel user’s password is the same to be given after typing “sudo su“.
3) In ‘ssh2.sh‘ the username is mentioned directly in ‘USERNAME‘ variable. So, before using this script replace it with your username.

INPUTS:
1) IP Address of the server
2) Wheel users password

expect.ex

log_user 0
set NODEIP [lrange $argv 0 0]
set USERNAME [lrange $argv 1 1]
set PWD [lrange $argv 2 2]
spawn ssh ${USERNAME}@${NODEIP}
expect "(yes/no)?" { send -- "yes\r"; expect "password:" { send -- "${PWD}\r" } } \
"password:" { send -- "${PWD}\r" }
expect "${USERNAME}@"
send -- "sudo su\r"
expect "password" { send -- "${PWD}\r" }
expect "root@"
send -- "\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n"
expect "root@"
send -- "cd /\r"
expect "root@"
send -- "\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r"
expect "root@"
send -- "cat /proc/loadavg\r"
expect "root@"
interact

 

 

ssh2.sh

#!/bin/bash
USERNAME="username"

if [ $# -ne 1 ];then
echo "Usage: ssh2.sh "
exit 1
fi

NODEIP=$1
echo "NODEIP" $NODEIP

read -p "Enter node password:" -s PWD
expect -f expect.ex $NODEIP $USERNAME $PWD
unset PWD

SAMPLE OUTPUT

username@hostname:~$ ssh2.sh node.server.com
NODEIP node.server.com
Enter node password:
[root@node username]# 
[root@node username]# 
[root@node username]# 
[root@node username]# 
[root@node username]# 
[root@node username]# 
[root@node username]# 
[root@node username]# 
[root@node username]# 
[root@node username]# 
[root@node username]# 
[root@node username]# 
[root@node username]# 
[root@node username]# cd /
[root@node /]# 
[root@node /]# 
[root@node /]# 
[root@node /]# 
[root@node /]# 
[root@node /]# 
[root@node /]# 
[root@node /]# 
[root@node /]# 
[root@node /]# 
[root@node /]#                                                                                                                                                                              
[root@node /]#                                                                                                                                                                              
[root@node /]#                                                                                                                                                                              
[root@node /]#                                                                                                                                                                              
[root@node /]# 
[root@node /]# 
[root@node /]# 
[root@node /]# 
[root@node /]#                                                                                                                                                                                  
[root@node /]# cat /proc/loadavg                                                                                                                                                                
3.53 4.43 10.30 3/5586 43792                                                                                                                                                                    
[root@node /]#                                                                                                                                                                                  
[root@node /]# 
Advertisements
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: