sslug-teknik team mailing list archive
-
sslug-teknik team
-
Mailing list archive
-
Message #83214
Hvorfor afbrydes ssh-forbindelse under boot, men ikke under manuel oprettelse?
God dag,
for at få adgang til internettet skal jeg logge på vores kollegies
firewall med ssh. Dertil kan man benytte et expect-script som vist
herunder.
Jeg vil gerne have at min computer automatisk logger på firewallen når
den booter. Derfor har jeg tilføjet boot-scriptet /etc/init.d/
k-net-fw som vist herunder.
Når det afvikles under boot er der kortvarig forbindelse til
internettet igennem firewallen. Det kan jeg se fordi xntpd få
sekunder senere kan hente dato og tid fra TDCs tidsserver.
Men når jeg efter afsluttet boot, som bruger logger ind og prøver at
surfe på internettet, er der ingen internetforbindelse.
ssh-forbindelsen til firewallen er væk, og expect-scriptet er
stoppet. Jeg er nødt til manuelt at afvikle /etc/init.d/k-net-fw før
jeg kan komme på internettet. Kun når jeg afvikler /etc/init.d/
k-net-fw manuelt forbliver expect-scriptet kørende, og
ssh-forbindelsen forbliver oppe.
Spørgsmål:
Hvorfor bliver forbindelsen til firewallen afbrudt efter /etc/init.d/
k-net-fw afvikles under boot, men ikke efter det afvikles manuelt?
Jeg er blank.
Er der nogen der kan hjælpe?
Hilsen Johnny :o)
--- /etc/init.d/rc5.d/S12k-nte-fw (link til /etc/init.d/k-net-fw ---
#! /bin/sh
/home/johnny/Programs/k-login_v0.1-j.sh mitbrugernavn fw1.k-net.dk < /
home/johnny/Programs/k-net-passwordfile.txt
/home/johnny/Programs/k-login_v0.1-j.sh mitbrugernavn fw2.k-net.dk < /
home/johnny/Programs/k-net-passwordfile.txt
--- k-login_v0.1-j.sh ---
#!/usr/bin/expect -f
#Written by Steffen M. Hansen, steffen a zervus.dk
#This script can be used to login to K-net's new firewall(6.2004). It
# will reopen the connection if the firewall logs you out.
#
# Time-stamp: <2004-06-20 12:42:03 zervus>
# $Id: k-login.sh,v 1.2 2004/06/20 10:42:50 zervus Exp $
set numargs [llength $argv]
if {$numargs != 2} {
send_user "Error: Expected 2 arguments got $numargs\n"
send_user "Usage: k-login.sh username firewallhost < passwordfile
\n"
send_user "\nusername: your K-net username\n"
send_user "firewallhost: the firewall to login to. \n\t(eg.
fw1.k-net.dk or fw2.k-net.dk)\n"
send_user "passwordfile: The program reads the password from
stdin. \n\t You can put the password in a file and redirect it to
this program. \n\t This prevents the password from showing up in the
process list\n"
exit
}
set username [lindex $argv 0]
#host: firewall to login to. (fw1.k-net.dk or fw2.k-net.dk)
set host [lindex $argv 1]
set password [read -nonewline stdin ]
proc touser {str} {
send_user "[clock format [clock seconds]]: $str"
}
#sleeptime: number of seconds to wait between 2 ssh login attempts
set sleeptime 30
log_user 0 ;#do not echo output from ssh
while {1} {
sleep 2 ;#wait for 2 sec between two ssh connects.
set timeout $sleeptime
spawn -noecho ssh -T -l $username $host
touser "Connecting to $host\n"
expect {
password: {
send "$password\r"
touser "Connected to $host (password sent)\n"
expect {
"ind!" {
touser "Login successful: \
User $username logged in on $host\n"
#we are now logged in and only need to do anything
## #Continue running the script in the background.
if {[fork]!=0} exit
disconnect
# if the connection is closed.
set timeout -1
expect eof {
touser "Connection closed by remote host\n"
exp_wait;continue
}
} "Permission denied, please try again." {
touser "Login failed: Username or password incorrect! \
<-- Notice!!!\n"
exp_close;exp_wait
touser "Connection closed\n"
touser "Exiting program\n"
exit
} timeout {
touser "Login failed: \
Timeout waiting for remote host to confirm\n"
close;wait
touser "Connection closed\n"
continue
} eof {
touser "got end of file exiting\n";
wait;continue
}
} ;# expect ind!
} eof {
touser "Connection failed: \
Remote host($host) closed connection\n";
wait;continue
} timeout {
touser "Connection failed: \
Timeout waiting for remote host($host)\n";
close;wait;continue
}
} ;#expect password
exit
} ;#while
exit
Follow ups
