Automatic Linux Management: remote logon

Article title: Linux automatic management: remote logon. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.

The Telnet and SSH protocols are the standard and main methods for the Internet remote login service. they provide users with the ability to work on local machines. The user uses Telnet or SSH software to connect to the remote server. the commands entered in Telnet or SSH software will run on the server. The Telnet protocol is inherently insecure because it uses plain text to transmit data, user accounts, and passwords, and is vulnerable to man-in-the-middle attacks; the SSH protocol is a reliable protocol that provides security for remote logon sessions and other network services. SSH can be used to encrypt all transmitted data and prevent DNS spoofing and IP spoofing. This article focuses on the SSH protocol. The SSH software used is OpenSSH, which is a free alternative to open-source SSH software package.

You can use Telnet or SSH to log on to different operating systems and get different returned information. You can write a program to determine and process the program based on the return information of the flight logs, so as to achieve automatic logon of the remote server system. This article will first introduce the technologies used to achieve remote automated login, and then details how to achieve remote login automation between Unix/Linux systems.

Introduction to automatic remote system logon

Automatic remote logon means that you can log on to the remote system without manual password input without user intervention. Currently, the remote logon tool has two security authentication methods.

User password-based security authentication

When you log on with an account, enter the password as prompted, and then use the secure password authentication protocol to send the encryption to the SSHD server. After successful authentication, you can log on to the SSHD server.

For this security authentication method, the program can automatically enter the user name and password to achieve automatic login. Currently, objective CT, C, or Perl can be used. If C is used, you need to be familiar with the TCP/IP protocol, which is complicated to implement. if CT is used, because CT is based on Tcl, you need to be familiar with the Tcl syntax. If perl is used for implementation, the objective CT of perl is required. pm package. However, you need to enter a password. Therefore, this authentication method poses a security risk.

Secure authentication based on SSH key exchange

The user needs to create a pair of keys for the login account on the SSH client: private key and public key, and then transmit the public key to the SSHD server to be logged on. When you use an SSH client to log on to the SSHD server, the SSH client sends a security verification request to the SSHD server using the key of the logon account. the SSHD server receives the request, first, search for the corresponding public key in the main directory of the logon account and compare it with the public key sent by the client. if the two keys are consistent, the SSHD server uses the public key to encrypt the challenge ), send it to the SSH client. after receiving the question, the SSH client decrypts it with the client's private key and sends it to the SSHD server. This completes the entire process of security authentication.

The SSH key exchange-based authentication method allows you to copy the public key generated on the SSH client to a remote SSHD server. When you log on to the SSHD server through an SSH client, you can automatically log on to the remote SSHD server without entering the password. This method is not only simple, but also avoids the leakage of user names and passwords, which is safer than the first method.

Automated login using trusted CT

CT basics

Trusted CT is developed by Don Libes based on the Tcl language and is widely used in interactive operations and automated testing scenarios. it is especially suitable for environments that require identical operations on multiple servers, this greatly improves the efficiency of system administrators. At present, most Unix/Linux systems are installed with keep Ct. in case the system does not have, you can download the corresponding package installation from the http://expect.nist.gov.

As an advanced Tcl-based language, keep Ct adds some special syntaxes. In the traditional sense, secondary CT appears in the form of a Tcl extension package. any application written in the Tcl language can load the secondary CT function. In addition, objective CT has been transplanted to the Perl and Python languages in a modular manner. Therefore, you can also use the strong interaction functions of objective CT in Perl and Python scripts.

Send, keep CT, and spwan are the most basic commands in keep Ct language. The send command sends a string to the specified process. the send CT command waits for receiving the results returned by the process and determines the next operation based on the returned string; the spwan command can initiate a process.

The send command receives a string as a parameter and sends it to the specified process.

Send "Hello world"

In this line of code, send sends the string "Hello world" (without quotation marks ). If regular CT has already started to interact with a program, the string will be sent to the program. In general, the string will be sent to the standard output device.

The secondary CT command waits for a response, usually from the process that the secondary CT is interacting with, or from the standard input device; it waits for a specified string or any string that meets the given regular expression. We can create a file named response. exp to see how CT is handled. its content is as follows:

#! CT? F

CT "hi \ n"

Send "hello there \ n"

Then run "response CT response. exp ", it will wait for the response from the standard input device, until the user enters hi and press enter, it will send" hello there "to the standard output device, and press enter. Then, the CT script is run. However, if the user does not enter hi and press enter, secondary CT will continue to wait for "hi \ n"; entering other characters will not affect the operation of secondary CT. Generally, secondary CT waits until it finally times out and exits. In addition, regular expressions can be used to prevent secondary CT from matching unexpected input data.

The spawn command calls another program. Its first parameter is the name of the program to be started; the remaining parameters will be passed to the program as the parameter. For example

Spawn ftp linux.ibm.com "> ftp.linux.ibm.com

The command will generate an ftp process and pass ftp.linux.ibm.com as a parameter to the ftp process.

You can use the three basic commands spawn, send, and receive CT to compile a program for automated work.

CT script implementation

This section uses the user password-based security authentication method, and uses reverse CT to automate the SSHD server logon process, and implements command execution on the SSHD server in the logon session. The specific experiment environment used in this article is as follows: the SSH client machine used by the User: the operating system is RHELS5.3, the IP address is 192.168.0.3, and the reverse Ct version is version 5.43.0; the remote SSHD server: the operating system is RHELS5.3, the IP address is 192.168.0.4, and the user name/password is root/123456.

List 1. automated script for logging on to the SSHD server

#! /Usr/bin/CT

# Set the timeout time to 60 seconds

Set timeout 60

# Set the IP address of the host to be logged on

Set host 192.168.0.4

# Set the user logon name

Set name root

# Set the logon password for the user name

Set password 123456

# Spawn an ssh logon process

Spawn ssh $ host-l $ name

# Wait for a response. when you log on for the first time, you will always be prompted to permanently save RSA to the know hosts list on the local machine. after the answer, you will be prompted to output the password. then, you will be prompted to enter the password.

CT {

"(Yes/no )? "{

Send "yes \ n"

Wrong CT "assword :"

Send "$ pasword \ n"

}

"Assword :"{

Send "$ password \ n"

}

}

CT "#"

# Test whether to log on to $ host

Send "uname \ n"

Customized CT "Linux"

Send_user "Now you can do some operation on this terminal \ n"

# The interact command is used here. after the program is executed, you can perform interactive operations on the $ host terminal.

Interact

[1] [2] [3] Next page