期望,Bash 和 kpcli
Expect, Bash and kpcli
我编写了一个脚本,它使用 kpcli 和 expect 连接到本地 keepass 数据库,从数据库中获取凭据,然后通过 ssh 连接。该脚本有效,但在通过 SSH 成功登录到远程主机后,会话在大约 5 秒后终止。
#!/bin/bash
firewall=""
keepass_password="******"
keepass_db="/media/sf_VM_shared/kdb.kdb"
keepass_fw_dir="General/Network/Firewalls/SSH"
firewall_user="admin"
echo -e "\n"
echo "Connecting to keepass Database..."
function get_creds {
expect <<- DONE
set timeout 10
spawn kpcli
match_max 100000000
expect "kpcli:/>"
send "open $keepass_db\n"
expect "password:"
send "$keepass_password\n"
expect ">"
send "cd $keepass_fw_dir\n"
expect "SSH>"
send "show -f $firewall\n"
expect ">"
DONE
}
credentials=$(get_creds)
ssh_info=$(echo "$credentials" | grep 'Title:\|Pass:\|Notes:' | sed -e 's/^.*: //')
ip_address=$(echo "$ssh_info" | awk 'NR==3')
firewall_name=$(echo "$ssh_info" | awk 'NR==1')
firewall_pass=$(echo "$ssh_info" | awk 'NR==2')
echo -e "\n"
echo "------Firewall Information-------"
echo -e Firewall IP:'\t \t' "$ip_address"
echo -e Firewall Name:'\t \t' "$firewall_name"
echo -e Firewall Password:'\t' "$firewall_pass"
echo "----------------------------------"
echo -e "\n"
echo "Connecting to firewall module with user "admin"..."
function ssh_connect {
expect <<- DONE
spawn ssh -v -oStrictHostKeyChecking=no -oCheckHostIP=no admin@$ip_address
expect "password"
sleep 5
send "$firewall_pass\n"
expect continue
expect eof
DONE
}
ssh_connect
我认为您指的是您的 ssh_connect 函数,并且我进一步假设您希望 ssh 会话在您对自己进行身份验证后进行交互。您需要 expect interact 命令将控制权传递给用户。
function ssh_connect {
expect <<- DONE
spawn ssh -v -oStrictHostKeyChecking=no -oCheckHostIP=no admin@$ip_address
expect "password"
send -- "$firewall_pass\r"
interact
DONE
}
- 期待return
\r for "hitting enter". 的惯用语
- 在
send -- "$variable" 中使用双连字符来防止变量的第一个字符是连字符的情况。
我设法通过以下方式实现此功能:
expect -c '
spawn ssh -oStrictHostKeyChecking=no -oCheckHostIP=no admin@'$ip_address'
expect "(password)"
send '$firewall_pass'
expect "(*)"
interact'
我编写了一个脚本,它使用 kpcli 和 expect 连接到本地 keepass 数据库,从数据库中获取凭据,然后通过 ssh 连接。该脚本有效,但在通过 SSH 成功登录到远程主机后,会话在大约 5 秒后终止。
#!/bin/bash
firewall=""
keepass_password="******"
keepass_db="/media/sf_VM_shared/kdb.kdb"
keepass_fw_dir="General/Network/Firewalls/SSH"
firewall_user="admin"
echo -e "\n"
echo "Connecting to keepass Database..."
function get_creds {
expect <<- DONE
set timeout 10
spawn kpcli
match_max 100000000
expect "kpcli:/>"
send "open $keepass_db\n"
expect "password:"
send "$keepass_password\n"
expect ">"
send "cd $keepass_fw_dir\n"
expect "SSH>"
send "show -f $firewall\n"
expect ">"
DONE
}
credentials=$(get_creds)
ssh_info=$(echo "$credentials" | grep 'Title:\|Pass:\|Notes:' | sed -e 's/^.*: //')
ip_address=$(echo "$ssh_info" | awk 'NR==3')
firewall_name=$(echo "$ssh_info" | awk 'NR==1')
firewall_pass=$(echo "$ssh_info" | awk 'NR==2')
echo -e "\n"
echo "------Firewall Information-------"
echo -e Firewall IP:'\t \t' "$ip_address"
echo -e Firewall Name:'\t \t' "$firewall_name"
echo -e Firewall Password:'\t' "$firewall_pass"
echo "----------------------------------"
echo -e "\n"
echo "Connecting to firewall module with user "admin"..."
function ssh_connect {
expect <<- DONE
spawn ssh -v -oStrictHostKeyChecking=no -oCheckHostIP=no admin@$ip_address
expect "password"
sleep 5
send "$firewall_pass\n"
expect continue
expect eof
DONE
}
ssh_connect
我认为您指的是您的 ssh_connect 函数,并且我进一步假设您希望 ssh 会话在您对自己进行身份验证后进行交互。您需要 expect interact 命令将控制权传递给用户。
function ssh_connect {
expect <<- DONE
spawn ssh -v -oStrictHostKeyChecking=no -oCheckHostIP=no admin@$ip_address
expect "password"
send -- "$firewall_pass\r"
interact
DONE
}
- 期待return
\rfor "hitting enter". 的惯用语
- 在
send -- "$variable"中使用双连字符来防止变量的第一个字符是连字符的情况。
我设法通过以下方式实现此功能:
expect -c '
spawn ssh -oStrictHostKeyChecking=no -oCheckHostIP=no admin@'$ip_address'
expect "(password)"
send '$firewall_pass'
expect "(*)"
interact'