expect script unable to fetch server logs into the text file

2
votes

I am trying to access remote ssh server from a unix client machine. For this i have used expect script which is calling a bash script to fetch some lines from server log file.

Below is my code: 

#!/usr/local/bin/expect -f
set pass "password"
set prompt "(%|$|#)"
spawn ssh [email protected]

expect "password:"
send "$pass\r"

expect -re $prompt
send -- "./access_srvr_log.sh\r"

send -- "exit\r"

code for access_srvr_log.sh file:

#!/usr/local/bin/expect

dir="/home/deployer/Desktop/McKinsey-McKinsey-AdminPanel/log"
tail -n 100 $dir/development.log
echo "hello"
echo >> log.txt

i get this error :

./access_srvr_log.sh
-bash: ./access_srvr_log.sh: No such file or directory

Please help. I have tried lot many changes on the above code and finally reached here.

Thanks.

2
bashexpect
Do you have the script on the server? If not, wont it work if you use send -- `cat ./access_srvr_log.sh` ? - Tomas Pastircak
Do this at a shell prompt: ssh deployer@ip ls -l access_srvr_log.sh -- do you see it? - glenn jackman
Why does your remote shell script have an expect shebang line? - glenn jackman
Thanks Tomas i'll try this in the next go. Glenn.. in my scenario i have to execute bash script using expect only. i'll remove the expect from shebang line in bash script in next execution. Thanks! - pranky301
You could do without expect and without the remote script if tail is all you need: ssh host tail -n 100 /home.... >log.txt with the added benefit of getting the log to your local machine, which I suspect is what actually want. - Harald

2 Answers

0
votes

Friends don't let friends use SSH passwords. It's much less secure.

Use ssh-copy-id to copy your public key to the remote server. (It puts the client ~/.ssh/id_rsa.pub into the server .ssh/authorized_keys) Now you can run "ssh [email protected] ./access_srvr_log.sh", and it won't prompt for a password. That means you no longer need expect and all the odd problems that come with it.

In fact, it's highly recommended that you disable SSH passwords all together.

To make your script even simpler (maintenance-wise) do this:

1) run ssh-keygen -f ~/.ssh/scriptkey on your client (don't enter a password).

2) Put the public part of your key (~/.ssh/scriptkey.pub on the client) into .ssh/authorized_keys on the server. But this time, put command="/home/deployer/access_srvr_log.sh" just before your new key. This tells the server to run that command for that key.

3) Now your script doesn't even need to specify the command, just the private key. (i.e. scp -i ~/.ssh/scriptkey [email protected] will run the script). This allows the server to change (i.e. move the script, change the script name) without changing the client. It also means someone stealing your (non-password-protected) key can't log in to the server, but only run your log script.

And there are no guessable passwords laying around in scripts. (You are checking your scripts into version control, right?)

0
votes

You can simplify it down too 

#!/bin/bash

{
/usr/bin/expect  <<- EOF
    spawn ssh [email protected] "tail -n 100 /home/deployer/Desktop/McKinsey-McKinsey-AdminPanel/log/development.log"
    expect "password:"
    send "deployer\r"
    expect eof
EOF
} |grep -v  "[email protected]'s password:">>  log.txt