I am new to using batch so I'm not sure if what I'm trying to do is possible, BUT, the scenario is I have several switches that I need to manage using SSH. I am currently using plink(putty) to do so through the command prompt. I'm able to connect to my switches but I'm confused on how to automate the login portion.
What I'm trying to figure out is when I connect to the switch I am stopped 3 times and asked for input, one time for username, again for username(i dont know why its twice) and then finally for password. All of that before I can actually run commands on the switch.
So in my very archaic batch file I'm attempting to do the following.
echo
plink SESSIONNAME -l username -pw password
enable
config
crypto key generate rsa
the switch however doesn't want to cooperate with plink in accepting the input username and pw, instead prompting me to input that same information into cmdprompt. Is there a way in batch to have it "wait" for the switch to prompt me for the username and then input it, then "wait" for the switch to prompt me for the password and input that as well? All before executing my desired commands?
Every search I've done has only given me the results for the other way around, where the batch file would prompt the user for input, rather than whatever im connecting to prompting me for input.
Its possible I am just unaware of the proper terms to search for, if thats the case please let me know so I can redo my research. I'm just at a point where I'm not sure where to go or what to ask.
Plink log output
User Name:USERNAME
Password:PASSWORD
source#
Additional
Looking up host "X"
Connecting to X port 22
Server version: SSH-2.0-OpenSSH_3.4p1.RL
We believe remote version has SSH-2 channel request bug
Using SSH protocol version 2
We claim version: SSH-2.0-PuTTY_Release_0.66
Doing Diffie-Hellman group exchange
Doing Diffie-Hellman key exchange with hash SHA-1
Host key fingerprint is:
ssh-rsa 2048 XXXXXXX
Initialised AES-256 CBC client->server encryption
Initialised HMAC-SHA1 client->server MAC algorithm
Initialised AES-256 CBC server->client encryption
Initialised HMAC-SHA1 server->client MAC algorithm
Using username "USERNAME".
Access granted
Opening session as main channel
Opened main channel
Allocated pty (ospeed 38400bps, ispeed 38400bps)
Started a shell/command
For anyone who might run into the same issue, I ended up needing to set up a linux box(ubuntu in my case) and then install expect, sudo apt-get install expect, then create a script working around that. The syntax is fairly simple, mine ended up similar to whats below. Links to useful resources I found are below that. To be more specific on the devices, they were Dell PowerConnect switches, ranging between series, 3400, 3500, and 6200.
#!/usr/bin/expect
spawn /usr/bin/plink -ssh HOST
expect -exact "User Name:"
send "USERNAME\r"
expect -exact "Password:"
send "PASSWORD\r"
send "whatevercommandsyouwant\r"
send "exit\r"
expect eof
Its not perfect but it drastically reduces the amount of time spent updating switches or gathering config info.
Debugging Expect
Expect Examples
Related
I'm trying to use AT commands to setup a BGS2-W modem on a custom board to connect to a site over TLS, but the modem is not reacting to my commands and no certificates are being set.
I'm using the command
AT^SBNW
to send the commands as documented in Transport Layer Security for Client
TCP/IP Services doc (https://ptelectronics.ru/wp-content/uploads/organizatsiya_bezopasnogo_ssl-soedineniya.pdf#page=8).
Unfortunately, the document provides no examples, and I haven't been able to find any samples showing the usage of this command online.
The document linked has a java commandline tool attached that will send a cert from a PC, however I am unable to use this tool (I don't have the connection to the modem).
If anyone has any idea's on how to use this command I could very much use the help.
Note: I'm trying to set the certificates from within code running on a PIC18 - this isn't a final incarnation, I just need the certificates loaded so I can connect to our secure server.
Well, guess this one isn't going to find an answer anytime soon :)
So, its fairly easy to capture the output from the javatool - I'm using Com0Com to emulate 2 connected ports, then using termite to manually input on one port while telling the java app to connect to the other.
The first query from the java app expects an "OK" response, I find it easiest to send the response before starting the java app (I guess it gets cached in the recv buffer of the emulated port).
The javatool then sends "AT^SBNW=is_cert,1\r", and you can type in the reply in termite "SECURE CMD READY: SEND COMMAND ..."
After this a large binary dump comes through. You can decode the dump using the structure described in Application Note 62 (https://ptelectronics.ru/wp-content/uploads/organizatsiya_bezopasnogo_ssl-soedineniya.pdf). That should get all the data required to generate the same binary within code.
I made a back-end server which redirects users who abuse the main server (via too many invalid webpage requests in a short time) to another port so that the load on the server will be slightly less.
I then in my program via a exec() issue this command to block the IP from regular service:
iptables -t nat -I <tableforport> -p tcp --src <offending ip> -j REDIRECT --to-port <port of my server>
The problem is when I test this using an actual 2-computer setup where one is the client spamming the server (I'm actually holding F5 down for a few minutes to test), The internal port redirection doesn't seem to kick in right away. If I pause from holding F5 down for a few minutes then try again, then the internal redirection works and the blocking message from my server software works.
I feel this is due to linux (which the server runs on) caching remote IP address entries along with its ports along with other instructions causing the new iptables rules (like the one above) to be skipped until the routing cache is flushed for that IP.
In linux, I can easily flush the routing cache for each IP version via:
echo 1 > /proc/sys/net/ipvn/route/flush
where n in ipvn is either a 4 or 6.
The problem with that is if I execute it, then all the good IP's in cache will be flushed which in turn creates a slower experience for all. I only want to create a bad experience to potential hackers.
How do I go about removing only one IP address from the route cache so that when I add a redirection rule to iptables (like above), the redirection takes place right away the moment the client refreshes the page (not several refreshes, seconds or minutes later)?
Once I get an answer, I want to be able to make a C program out of it after which I can probably figure out myself.
I have an embedded system that is programed in C. I need to do the equivalent to the DOS command Telnet. The idea is to test if the remote host is up and running.
I would like to have some orientation here like:
Open source project that I can use as a guide line (C language)
Some documentation on what the Telnet command does (so I can
implement my own)
Thanks
Update: Thank you for your valuable comments
My system connects to a host via GPRS/Ethernet/dial up/Wifi (one of them). As a developer I check if the host is ok by using my windows laptop (with a Dial up modem, GPRS modem or whatever is needed) and running Telnet like this:
telnet 192.168.0.1 8000
(non real values)
If the host is ok I got the clean screen, otherwise I got an error. That's what I need to do in code, to be able to determine if the host is up and running by using a sort of DOS telnet client command in C.
This is done once, just to check communications, after this test is cleared the real info should be sent.
if I am using the following command command msg * /server:127.0.0.1 Hello world
then it opens pop box and displays Hello world
If I use the similar way to send a message to remote system
msg * /server:192.168.1.56 Hello world then it shows
Error 5 getting session names
whats the reason behind and how to send message to remote machine
remote os can either be windows 7 or windows 8.
Not since Windows XP. It's a security flaw.
msg send messages to terminal sessions on terminal server. Workstations are limited terminal servers, limited to one interactive user, so msg works on local computers.
Anything you can do remotely is always invisible to the user on the remote computer.
You can send a program to display a message using psexec by MS though, its not part of windows. http://technet.microsoft.com/en-us/sysinternals/bb545027.aspx
It may be possible to do it and the method you described should work.
I recently attempted to do this exact operation but I was blocked because if user rights on the PC's and the only way to make this function available was to edit the reg. You will continue to get that error until the Reg on both computers has been edited to allow the messages. Now if you are not on your own computer and you do have system administrators they could have blocked these functions for security purposes. If you want to attempt to edit the registry to allow you to do this you need to follow these instructions
Open the Registry Editor ( regedit.exe ).
In the left panel, locate and then click on the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server
In the right panel, find the key AllowRemoteRPC and be sure the value of the key is 1. If the value is not 1, change it to 1.
Close Registry Editor and restart your computer.
Run MSG.EXE command in the elevated CMD window. Launch it when you hold Ctrl+Shift keys to enter elevated mode.
http://www.cezeo.com/tips-and-tricks/msg-command/
If you run into admin rights errors you will either need to contact the server admins or you will need to find a different way to talk to people in your office :P I recommend gmails messaging system for that. You can log into mail.google.com then click their email address on the bottom left and send them instant messages. As long as they have google up as well or set up email notifications to their phone they can communicate back with you.
here is the situation:
I have written a C program doing some wireless measurements on a WRT54GL Router (OpenWRT White Russian, Busybox 1.00, Dropbear client v0.49). Please note that i can not use a more up to date version of the operating system on the router or install additional packages (just scripts or small programs are allowed).
Up to now, i log my measurements results every 15 minutes from the router to the server via a
cat localfile | ssh target_address cat ">" remotefile
which i call from my C program (system()) for every logfile which is created or present at the moment the log starts. What i don't like is, that the system call opens a new shell for every single call, causing some overhead. The good thing is that in this way the data is encrypted and because i do a connection for every file, i can directly get per file feedback from the server, so that i can remove the logs from the router. (Other approaches calling scripts from the router on the server, which then return values for the logging did not work, as the dropbear ssh client does not support this return).
So what i'm asking for: what could be a more elegant way to do so and to reduce this overhead ? By now, i've read a few tutorials about how to use TLS / TCP Sockets (so i can send the data encrypted to the server). Another possibility could be a HTTP PUT or POST, but there i am not sure how i could get feedback for the data being send. So i would just like to hear your oppions and how you guys would try to tackle this.
Best regards
Since you're talking about log files, this sounds like a job for the syslog protocol.
I am pretty sure OpenWRT supports it out of the box.