I am scripting some command line operations for collecting and parsing specific network metrics from a Palo Alto 5060 firewall. I am using Plink and Windows batch scripting.
#echo off
"C:\path\to\plink.exe" -ssh user#1.2.3.4 -pw password < "C:\path\to\commands.txt >> "C:\path\to\output.txt"
The content of the commands.txt is simple at the moment.
show interface ethernet1/1
I cannot get this to work. My output.txt has the following results:
Last login: Tue Nov 24 15:43:13 2015 from localhost
show interface ethernet1/1Welcome user.
user#pa5060> show
[Kuser#pa5060> show interface
[Kuser#pa5060> show interface ethernet1/1
This isn't the proper output and the entry of the commands confuses me. Has anyone seen something like this? There is a login banner on this device if that is relevant.
I'd guess you are missing a new-line at the end of the command.txt, so the command is not submitted.
As for the repeated prompt and the [K sequence:
This is simply because the remote side expects an interactive terminal on your end, and sends ANSI escape sequences to pretty-print an output.
Each line likely starts with the CR (carriage return) character that would cause the interactive terminal to overwrite the previous line. But this does not work, when you redirect the output to a file. Though if you print the file on a terminal (cmd.exe) using type output, you will probably get only the last line.
To make Plink not enable the interactive terminal, use the -T command-line switch:
"C:\path\to\plink.exe" -ssh user#1.2.3.4 -pw password -T < "C:\path\to\commands.txt >> "C:\path\to\output.txt"
Though even better is to specify the command on PLink command line
"C:\path\to\plink.exe" -ssh user#1.2.3.4 -pw password show interface ethernet1/1 >> "C:\path\to\output.txt"
or using -m switch:
"C:\path\to\plink.exe" -ssh user#1.2.3.4 -pw password -m "C:\path\to\commands.txt >> "C:\path\to\output.txt"
The difference is that the commands specified this way are automatically executed in a non-interactive terminal and mainly in an "exec" channel in a more controlled way, then in the "shell" channel you are using when redirecting the input. So you get rid of the "Last login:" message as well as the command prompt (user#pa5060>) and such.
Related
I am trying to make an automation using Power Automate Desktop for PuTTY. I have come across a solution to use cmd to run commands using plink.
I used the following steps:
I added PuTTY to system variables
I used the command (in cmd):
plink -ssh hostname#ipaddress -pw password -no-antispoof -m C:\commands.txt
I edited command.txt:
ssh anotherIP -pw passwordForAnotherIP
cd /tmp
cat filename
When I run the command in cmd, I can not input password for the other server that needs to be accessed inside the first one. The error shown is
Bad Port 'w'
The server runs bash 4.2. How can I input password inside the txt file commands so that command line plink command takes it?
Better solution is using Plink's -proxycmd:
plink -ssh anotherIP -pw passwordForAnotherIP -no-antispoof -proxycmd "plink -ssh hostname#ipaddress -pw password -nc anotherIP:22" -m C:\commands.txt
With the commands.txt containing only the:
cd /tmp
cat filename
To answer your literal question:
The OpenSSH ssh has no -pw switch. See Automatically enter SSH password with script.
Additionally, your command.txt won't do what you think anyway. It won't run the cd and cat within the ssh. It would run them after the ssh. So on the ipaddress. How to do this properly is discussed in: Entering password to remote ssh through Plink after establishing a connection.
These are the things I need to do:
Open putty.exe
Enter username and password.
Run a shell script.
I am using UFT (VB Scripting). I am able to open PuTTY but not able to enter username and password or run any commands using UFT.
Is there any other way I can achieve this? I have searched it and found that we can use Plink. Then the problem would be that the whole team will have to install Plink for that purpose. And that is not possible.
Thanks in advance.
PuTTY has the -m switch, that you can use to provide a path to a file with a list of commands to execute:
putty.exe user#example.com -m c:\local\path\commands.txt
Where the commands.txt will, in your case, contain a path to your shell script, like:
/home/user/myscript.sh
Though for automation, your better use the Plink command-line connection tool, instead of the GUI PuTTY application, as you have already found out. The Plink is a part of PuTTY package, so everyone who has PuTTY should have Plink too.
The Plink (plink.exe) has the same command-line arguments as PuTTY. And in addition to those, you can specify your command directly on its command like:
plink.exe user#example.com /home/user/myscript.sh
or using its standard input
plink.exe user#example.com < c:\local\path\command.txt
(of course, you will use redirection mechanism of your language, instead of the <).
Note that providing a command using the -m switch or directly on command-line implies a non-interactive mode, while using the standard input uses an interactive mode by default. So the results or behavior may differ. Use the -t and -T switches to force the interactive and the non-interactive mode, respectively.
You can add cmd arguments when you launch putty directly;
start C:\Users\putty.exe -load "server" -l userID -pw Password -m commands.txt
Can you not request the user name and pass prior and pass this along to the executable?
To run a single remote command or short series of commands is even easier by using the plink -batch flag instead of needing a script file. For example to show the OS name and a directory listing, do this:
plink user#host -pw password -batch uname;ls
I need to rsync to a remote server using a non-standard SSH port and 2FA which I use via Authy app. The SSH works with this command:
ssh -2 -p 9999 -i /Users/Me/.ssh/id_rsa user#9.9.9.9
This brings up a "Verification Code" prompt in the shell. Which I enter from Authy, and I'm in.
Given the discussion on this a StackOverflow answers I tried this variation of rsync:
rsync -rvz -e 'ssh -p 9999 -i /Users/Me/.ssh/id_rsa \
--progress /src/ user#9.9.9.9.9:/dest/
(Put here on two lines just for legibility, it's one line in my shell command).
This does bring up the Verification Code prompt, which I enter correctly, but then it produces this error:
protocol version mismatch -- is your shell clean?
(see the rsync man page for an explanation)
rsync error: protocol incompatibility (code 2) at compat.c(185) [sender=3.1.3]
How can I use rsync with 2FA? Many thanks.
Because #JGK mentioned the answer in the comment, adding answer here for posterity. This "is your shell clean" stuff is shown when remote server is echoing some output upon login, which in my case .bashrc indeed was. I've added a conditional to that echo only to apply when the shell login is "interactive", as mentioned in this Server Fault thread, and it works. Just for easier clarity, the IF condition reads as follows:
if echo "$-" | grep i > /dev/null; then
[any code that outputs text here]
fi
Many thanks.
I have hard requirement of logging into a terminal via SSH from TCL console and relaunch a tcl script from that terminal. For this I use exec command and it does get executed. The only problem is it doesn't return back to parent code.
I have automated SSH login and it works fine from a bash/csh terminal
But from TCL console, the following happens
Simple example
exec ssh hostname pwd
puts "Done"
When I execute this code in TCL, "Done" never gets printed. I just get the output of pwd and that's it.
I have a need of looping SSH into multiple terminals and run TCL jobs on a hardware, but the loop gets stuck after executing the first SSH.
I search the internet for answers and I am not able to find any. Please help.
There could be a lot issues going on here. Running ssh with an explicit command (pwd) will usually default to not allocating a tty (ssh -T) and will run the remote shell in non-interactive mode. And the output of a command called from exec is not normally echoed to standard output, so I would not expect you to see the output if you call it from a script. You have to print the result of exec to see the output of the pwd command. Also, different shell startup scripts are run on the remote host depending on which shell the account is set up with and whether it is an interactive or non-interactive shell. It could be .bashrc, .bash_profile, .profile, .cshrc, etc., and if the script behaves differently when it has a tty vs. when it doesn't, that could explain differing behavior between a bash/csh shell and the TCL console.
Without having access to your system, it is hard for me to troubleshoot. I would start with a script like this:
set result [exec ssh -T hostname pwd]
puts "result = $result"
puts "Done."
Then I would try changing the -T to a -t and trying again. If the output of "pwd" is appearing before the "result =" line, then you can tell that the command is writing the result to a tty instead of standard output, and that's useful information for troubleshooting.
I want to be able to just ssh to a server where I cannot modify profiles and set up the environment with several commands before getting the usual interactive session.
Any ideas?
I've been using an expect script with an "interact" command at the end - which works for most things but is clumsy and breaks some console apps. Also been extermienting with empty-expect and socat. Any other suggestions?
If you're able to write somewhere on the filesystem, you may be able to invoke bash with a custom rc file like this:
ssh me#example.com -t bash --rcfile /home/user/my_private_profile -i
Note that this appears to only work for interactive shell, not login shells. The -t option to ssh makes it allocate a pty even though you're specifying a command.
If you can't write to the filesystem anywhere, you could use a subshell to supply a named pipe as the rcfile:
$ ssh ares -t "bash --rcfile <(echo 'FOO=foo';echo 'BAR=bar') -i"
axa#ares:~$ echo $FOO
foo
axa#ares:~$ echo $BAR
bar