Xymon Mailing List Archive search

monitoring ssh

5 messages in this thread

list Dan Simoes · Thu, 23 Aug 2007 11:12:35 -0700 · 
I know how to monitor the service availablity on port 22.
I'm wondering if anyone has actually made a script that connects, logs in,
writes a file (say with scp) and only then returns a green status.
We got burned with an ssh keys problem so I have to deploy something like
this.
list Larry Barber · Thu, 23 Aug 2007 13:17:31 -0500 · 
I used Python and pexpect to write a script that changed the passwords on
all my machines. A script to do what you are asking for should be quite
straight forward using those tools.

Thanks,
Larry Barber
quoted from Dan Simoes

On 8/23/07, Dan Simoes <user-3428f00c5f40@xymon.invalid> wrote:
I know how to monitor the service availablity on port 22.
I'm wondering if anyone has actually made a script that connects, logs in,
writes a file (say with scp) and only then returns a green status.
We got burned with an ssh keys problem so I have to deploy something like
this.
list Larry Barber · Thu, 23 Aug 2007 13:21:04 -0500 · 
Just to give you an idea, here's the script:

#!/usr/bin/python

import os
import sys
import pexpect
import getopt

import ConfigFile

def changeUserPw(host, user, cur_pw, new_pw):

        log_file.write('Changing password of user ' + user + ' on host ' +
host + '\n')
        child=pexpect.spawn('slogin ' + user + '@' + host)

        child.expect('[Pp]assword:')
        child.send(cur_pw + '\n')
        child.expect('[#\$] ')
        child.send('passwd\n')
        child.expect('[Cc]urrent.*[pP]assword:')
        child.send(cur_pw + '\n')
        child.expect('[Nn]ew [Pp]assword:')
        child.send(new_pw + '\n')
        child.expect('[Nn]ew [Pp]assword:')
        child.send(new_pw + '\n')
        child.expect('[#\$] ')
        log_file.write('password change successful\n')
        child.send('exit\n');
        child.expect(pexpect.EOF)

def changeRootPw(host, user, cur_pw, cur_root_pw, new_root_pw):

        log_file.write('Changing password of user root on host ' + host +
'\n')
        child=pexpect.spawn('slogin ' + user + '@' + host)

        child.expect('[Pp]assword:')
        child.send(cur_pw + '\n')
        child.expect('[#\$] ')

        child.send('su -\n')
        child.expect('[Pp]assword:')
        child.send(cur_root_pw + '\n')
        child.expect('[#\$] ')

        child.send('passwd\n')
        child.expect('[Nn]ew [Pp]assword:')
        child.send(new_root_pw + '\n')
        child.expect('[Nn]ew [Pp]assword:')
        child.send(new_root_pw + '\n')
        child.expect('[#\$] ')

        log_file.write('password change successful\n')
        child.send('exit\n');           # exit from root shell
        child.expect('[#\$] ')
        child.send('exit\n');           # exit from user shell
        child.expect(pexpect.EOF)

opts, args = getopt.getopt(sys.argv[1:], "c:")
cfg_file_name = None
for o,a in opts:
        if o == '-c':
                cfg_file_name = a

if cfg_file_name == None:
        print 'PwChange.py -c <config file name>'
        sys.exit(0)

cfg_file=ConfigFile.ConfigFile(cfg_file_name, ':')

log_file_name = cfg_file.getVal('log_file')
if log_file_name == None or log_file_name == '':
        log_file = sys.stderr
else:
        log_file = open(log_file_name, 'w');

groups = cfg_file.getVal('groups');
for group in groups.split():
        pw_file_name = cfg_file.getVal(group + '.pw_file')
        if pw_file_name == None:
                print "No " + group + ".pw_file parameter in config file,
exiting"
                sys.exit(0)
        pw_file = open(pw_file_name, 'r');

        default_cur_pw = cfg_file.getVal(group + '.default_cur_pw');
        default_new_pw = cfg_file.getVal(group + '.default_new_pw');
        default_cur_root_pw = cfg_file.getVal(group +
'.default_cur_root_pw');
        default_new_root_pw = cfg_file.getVal(group +
'.default_new_root_pw');

        for ln in pw_file:
                if ln[0] == '#':
                        continue
                if ln.strip() == '' or ln.strip() == None:
                        continue
                fields = ln[0:-1].split(':')
                if len(fields) == 4:
                        if fields[2] == 'default':
                                if default_cur_pw != None:
                                        fields[2] = default_cur_pw
                                else:
                                        print "default specified in password
file, but no default_cur_pw specified in config file, bye!"
                                        sys.exit(0)
                        if fields[3] == 'default':
                                if fields[3] != None:
                                        fields[3] = default_new_pw
                                else:
                                        print "default specified in password
file, but no default_new_pw specified in config file, bye!"
                                        sys.exit(0)
                        changeUserPw(fields[0], fields[1], fields[2],
fields[3])
                elif len(fields) == 5:
                        if fields[2] == 'default':
                                if default_cur_pw != None:
                                        fields[2] = default_cur_pw
                                else:
                                        print "default specified in password
file, but no default_cur_pw specified in config file, bye!"
                                        sys.exit(0)
                        if fields[3] == 'default':
                                if default_cur_root_pw != None:
                                        fields[3] = default_cur_root_pw
                                else:
                                        print "default specified in password
file, but no default_cur_root_pw specified in config file, bye!"
                                        sys.exit(0)
                        if fields[4] == 'default':
                                if default_new_root_pw != None:
                                        fields[4] = default_new_root_pw
                                else:
                                        print "default specified in password
file, but no default_new_root_pw specified in config file, bye!"
                                        sys.exit(0)
                        changeRootPw(fields[0], fields[1], fields[2],
fields[3], fields[4])
        pw_file.close()

What you're trying to do should be considerably shorter.

Thanks,
Larry Barber
quoted from Larry Barber


On 8/23/07, Larry Barber <user-6ef9c2864140@xymon.invalid> wrote:
I used Python and pexpect to write a script that changed the passwords on
all my machines. A script to do what you are asking for should be quite
straight forward using those tools.

Thanks,
Larry Barber

On 8/23/07, Dan Simoes <user-3428f00c5f40@xymon.invalid> wrote:
I know how to monitor the service availablity on port 22.
I'm wondering if anyone has actually made a script that connects, logs
in, writes a file (say with scp) and only then returns a green status.
We got burned with an ssh keys problem so I have to deploy something
like this.
list S Aiello · Thu, 23 Aug 2007 14:23:52 -0400 · 
I believe I wrote a script that wrapped around lftp and lftp handles sftp. lftp is nice since it handles a few protocols.  The script never made it to stable status, since the project I was monitoring, fell through.

~ Steve
quoted from Dan Simoes
On Thursday 23 August 2007 14:12, Dan Simoes wrote:
I know how to monitor the service availablity on port 22.
I'm wondering if anyone has actually made a script that connects, logs in,
writes a file (say with scp) and only then returns a green status.
We got burned with an ssh keys problem so I have to deploy something like
this.
list Stef Coene · Thu, 23 Aug 2007 20:38:21 +0200 ·
quoted from Dan Simoes
On Thursday 23 August 2007, Dan Simoes wrote:
I know how to monitor the service availablity on port 22.
I'm wondering if anyone has actually made a script that connects, logs in,
writes a file (say with scp) and only then returns a green status.
We got burned with an ssh keys problem so I have to deploy something like
this.
Take a look at expect.  You can simulate all kind of interactive command line 
stuff.  I use this to remote connect with ssh / telnet and to transfer files 
with scp.


Stef