1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
|
#!/usr/bin/expect -f
###############################################################################
# $Id: cyclades-ssh.exp 1003 2011-01-26 18:26:06Z chris.m.dunlap $
###############################################################################
# Written by Chris Dunlap <cdunlap@llnl.gov>.
# Copyright (C) 2007-2011 Lawrence Livermore National Security, LLC.
# Copyright (C) 2001-2007 The Regents of the University of California.
# UCRL-CODE-2002-009.
#
# This file is part of ConMan: The Console Manager.
# For details, see <http://conman.googlecode.com/>.
###############################################################################
# This script connects to a port on a Cyclades terminal server using the SSH
# protocol (protocol socket_ssh or socket_server_ssh). It supports consoles
# using no authentication (authtype none) and local authentication (authtype
# local).
#
# This script can be specified in "conman.conf" in the following manner:
#
# console name="zot" dev="/path/to/cyclades-ssh.exp HOST PORT [USER PSWD]"
#
# HOST is the hostname of the terminal server.
# PORT is the port number associated with the console.
# USER is the username being authenticated.
# PSWD is the corresponding password.
#
# Both USER and PSWD must be specified if the console requires authentication.
#
# Since this command-line will persist in the process listing for the duration
# of the connection, passing sensitive information like PSWD in this manner is
# not recommended. Instead, consider using either a command-line argument
# default or the password database (see below).
###############################################################################
##
# Set "exp_internal" to 1 to print diagnostics describing internal operations.
# This is helpful in diagnosing pattern-match failures.
##
exp_internal 0
##
# Set "log_user" to 1 to show the underlying dialogue establishing a connection
# to the console.
##
log_user 0
##
# The "timeout" specifies the number of seconds before the connection attempt
# times-out and terminates the connection.
##
set timeout 10
##
# The "password_db" specifies the location of the password database.
# This avoids exposing sensitive information on the command-line without
# needing to modify this script.
# Whitespace and lines beginning with '#' are ignored. The file format is:
# <host-regex> : <user> : <pswd>
##
set password_db "/etc/conman.pswd"
##
# Command-line argument defaults can be specified here. This avoids exposing
# sensitive information on the command-line.
##
# set user "root"
# set pswd "tslinux"
###############################################################################
set env(PATH) "/usr/bin:/bin"
proc get_password {host user index} {
global password_db
set db_pswd {}
if {! [info exists password_db]} {
return
}
if {[catch {open $password_db} input]} {
return
}
while {[gets $input line] != -1} {
if {[regexp {^[ \t]*#} $line]} {
continue
}
set record [split $line ":"]
set db_host [string trim [lindex $record 0]]
if {[catch {regexp "^$db_host$" $host} got_host_match]} {
continue
}
if {! $got_host_match && [string length $db_host]} {
continue
}
set db_user [string trim [lindex $record 1]]
if {[string compare $db_user $user]} {
continue
}
set db_pswd [string trim [lindex $record $index]]
break
}
close $input
return $db_pswd
}
if {! $argc} {
set prog [lindex [split $argv0 "/"] end]
send_user "Usage: $prog <host> <port> [<user> <pswd>]\r\n"
exit 1
}
if {$argc > 0} {
set host [lindex $argv 0]
}
if {$argc > 1} {
set port [lindex $argv 1]
}
if {$argc > 2} {
set user [lindex $argv 2]
}
if {$argc > 3} {
set pswd [lindex $argv 3]
}
set authenticated 0
if {! [info exists host]} {
send_user "Error: Unspecified hostname.\r\n"
exit 1
}
if {! [info exists port]} {
send_user "Error: Unspecified port number.\r\n"
exit 1
}
if {! [info exists user]} {
set authenticated 1
set user {}
} elseif {! [info exists pswd]} {
set pswd [get_password $host $user 2]
if {! [string length $pswd]} {
send_user "Error: Unspecified password.\r\n"
exit 1
}
}
if {[catch "spawn ssh -a -e \& -l $user:$port -p 22 -x $host" spawn_result]} {
send_user "Error: $spawn_result.\r\n"
exit 1
}
expect {
-gl "Permission denied" {
send_user "Error: Permission denied.\r\n"
exit 1
}
-re "(ttyS\[0-9]*) is being used by \\((.*)\\)" {
send_user "Error: Console session for $expect_out(1,string) in use by $expect_out(2,string).\r\n"
exit 1
}
-gl "is being used by" {
send_user "Error: Console session already in use.\r\n"
exit 1
}
-gl "closed by remote host" {
send_user "Error: Connection closed by remote host.\r\n"
exit 1
}
-re "^ssh: (\[^\r]*)\r+\n" {
send_user "Error: $expect_out(1,string).\r\n"
exit 1
}
eof {
send_user "Error: Connection closed by remote host.\r\n"
exit 1
}
timeout {
if {$authenticated == 0} {
send_user "Error: Timed-out waiting to authenticate.\r\n"
exit 1
}
}
-nocase -gl "Are you sure you want to continue connecting (yes/no)? \$" {
send "yes\r"
exp_continue -continue_timer
}
-nocase -gl "password: \$" {
if {$authenticated == 0} {
send "$pswd\r"
incr authenticated
exp_continue -continue_timer
} else {
send_user "Error: Permission denied.\r\n"
exit 1
}
}
-re "\[^\r]*\r+\n" {
exp_continue -continue_timer
}
}
send_user "Connection established via ssh (pid $spawn_result).\r\n"
interact
# Since the default ssh escape character was changed from "~" to "&",
# "&B" will generate a serial-break.
|
