I have like 100 keystore e.g. "store15.jks" files, and a single X.509 certificate "mycert.pem". I need to find out in which "store*.jks", "mycert.pem" is imported in. What I am trying to do is to make a script to iterate 100 times and do command
keytool -list -keystore store*.jks
I initially came up with simple script like this:
#!/bin/bash
for((i=1;i<100;i++))
do
cert="mycert.pem"
str="store"$i".jks"
OUTPUT="$(keytool -list -keystore $str)"
echo $OUTPUT
done
Alas, at the first iteration already, I am prompted for keystore password, like
Enter keystore password: //3 or 4 spaces after colon
That means I'd have to enter password for every single iteration, and there must be a (much) better way to do this, i.e. a way to simulate keyboard input when password is prompted. Browsing through the Stack Overflow I found some examples using certain "Expect" scripting, but they were either rudimentary or I just couldn't manage to get it right, so I failed at combining /bash and /expect. Must say I find it a bit strange that there is no /bash technique for task that might see pretty common. I would appreciate any help, preferring example scripts. Thanks!
The easiest way to do this is to use the -storepass option which allows you to pass the password on the command line. If for some reason that does not work for you (maybe you have an earlier version), here is an expect script that works for me:
expect -c "spawn /usr/bin/keytool -list; expect \"assword:\" { exp_send \"the_password\r\"}; expect EOF {exit}"
First of all, thanks alot to both of you guys, -storepass worked like a charm! You made me very happy :)
I'll now post my updated script that solved the problem:
#!/bin/bash
for((i=1;i<100;i++))
do
str="store"$i".jks"
sha="5A:6B:18"
OUTPUT="$(keytool -list -keystore $str -storepass mypass | grep $sha )"
echo $i
echo $OUTPUT
done
The answer to the original problem is store74.jks. Hope this helps someone someday.
For viewing public keys, now password is needed; if you can output a simple "ENTER" keystroke, that should suffice, too.
E.g.
echo "" |keytool -list -keystore key.jks
Related
I am currently trying to query an LDAP server to find whether the email passed to the script exists on our system.
Below is the ldapsearch command I am trying to use:
ldapdata=`ldapsearch -h ### -b "ou=###,o=###" "email=$email" email firstname surname`
echo "ldapdata: $ldapdata"
This works perfectly when the filter includes a predetermined email, ie "mail=firstname-surname####" however when passed a variable, such as $email, the output is not able to be manipulated by further grep / awk statements and will not display any data in the echo statement.
From some Googling I have figured out It could be to do with the line wrapping which LDAP uses.
What I have already tried to solve the issue:
| perl -p00e 's/\r?\n //g
| sed '/^$/d
-o ldif-wrap=no
My question is, what is the best method to solve this issue. Many thanks in advance.
Just for anyone having the same issue, the issue was actually due to me writing and testing the program in a Windows environment.
I was pulling the $email variable from a file that is in the dos format.
To fix this all I did was :
dos2unix $FILELOCATION
I am trying to automate the process of adding extra storage in a linux machine. I'm using plink in PowerShell installed on my Windows machine.
Below is the code:
$plinkpath = "C:\Users\mydrive\Modules\plink.exe"
if (Test-Path $plinkpath) {
Set-Alias plink $plinkpath
} else {
throw "Plink.exe is reqruied"
}
$passw = "linuxadmin$123"
$commands = #(
"sudo su;",
"pvcreate /dev/sde;",
"vgcreate test_vog /dev/sde",
"lvcreate -l 100%FREE -n test_lev test_vog;",
"mkfs.ext3 /dev/test_vog/test_lev;",
"mkdir /azurenew;",
"echo ""/dev/test_vog/test_lev /azurenew/ ext3 defaults 1 1"" >> /etc/fstab;",
"mount /azurenew/;"
)
Approach 1: Using .ppk file
plink -ssh -i "C:\Users\amurthy\Documents\WindowsPowerShell\Modules\sshprivate.ppk" linuxadmin#xx.xx.xx.xxx $commands
In the above situation PowerShell hangs and no response on the console. Not sure what's happening.
Approach 2: using direct log in
plink -P "22" -v "linuxadmin#xx.xx.xx.xxx" -pw "linuxadmin$123" $commands
Here, I get below response on console
Using username "linuxadmin".
Sent password
Password authentication failed
I do not understand why the passoword authentication failed though I am able to login using putty.exe with that password.
Can anyone please help me here to solve my above automation problem? If you have any better solution altogether really welcome.
The password login attempt fails because you defined the password in a double-quoted string. PowerShell tries to expand the (undefined) variable $123 in linuxadmin$123, so you're actually passing just linuxadmin as the password. You could use a single-quoted string to avoid this, but public key authentication (your first approach) is the better approach anyway, so I recommend sticking with that.
I'm not sure why your first approach causes the console to hang, though. If the key were password-protected you should be prompted for the password. There's a semicolon missing at the end of "vgcreate test_vog /dev/sde", but if that caused an issue I'd expect to see an error message.
Try running plink with the parameter -v (verbose messages) to get a better picture of what's going on.
I'am facing a problem, in AIX platform, we use a command to generate checksum:
Sample:
exec 0<list
while read line
do
openssl md5 $line >> checksum.out
done
But this last for a long time. I find out that our cpus still have free resources.
It's the openssl md5 running multithread? If not how can I let it run by multithread, or using other method to speed up it.
Best Regards
Void
If I understand correctly from the answer and comments of this question, it can't be done as there are dependencies between the steps in the hashing algorithm (and I guess OpenSSL would have a multithreaded implementation if it was generally possible).
However you could always parallelize the tasks by starting n instances of openssl md5 in parallel.
For example (assuming n = 4 threads)
while read line; do
openssl md5 $line >> checksum.out0 &
openssl md5 $(read) >> checksum.out1 &
openssl md5 $(read) >> checksum.out2 &
openssl md5 $(read) >> checksum.out3
done
The last one should not run in the background if you want to keep the exact number of threads running at the same time. Also you may want to make sure that the different lines take about the same time to complete so you don't end up with race conditions.
Also this example is not really tested (using $(read)), and there are probably better ways to do it (for example let each instance write its output to a separate file and then concatenate them all afterwards - e.g. cat checksum.out* > checksum.out), but it should be enough of an idea to help you get started.
EDIT:
I just tested and read works the way I hoped, so by making a new output file for each instance of openssl md5 with incremented numbers at the end (for example by including a counter variable) you can just add an extra line at the end of the script to cat the outputs into a single file.
Resulting script:
exec 0<list
COUNT=0
while read line; do
openssl md5 $line >> checksum.out$((COUNT++)) &
openssl md5 $(read) >> checksum.out$((COUNT++)) &
openssl md5 $(read) >> checksum.out$((COUNT++)) &
openssl md5 $(read) >> checksum.out$((COUNT++))
done
cat checksum.out* > checksum.out
Should do the trick (just remember to clean up all the temporary files afterwards...)
I am trying to use a FOR loop to iterate over IP addresses (in a bash array), logs in, runs a script and then exits. The array is called ${INSTANCE_IPS[#]}. The following code doesn't work though, as expect doesn't seem to be able to accept the variable $instance.
for instance in ${INSTANCE_IPS[#]}
do
echo $instance
/usr/bin/expect -c '
spawn ssh root#$instance;
expect "?assword: ";
send "<password>\r";
expect "# ";
send ". /usr/local/bin/bootstrap.sh\r";
expect "# ";
send "exit\r" '
done
However, expect complains with:
can't read "instance": no such variable
while executing
"spawn ssh root#$instance"
There is another question on stackoverflow located here, that uses environmental variables to achieve this, however it doesn't allow me to iterate through different IP addresses like I can in an array.
Any help is appreciated.
Cheers
The problem is with quoting. Single quotes surrounding the whole block don't let Bash expand variables ($instance).
You need to switch to double quotes. But then, double quotes inside double quotes are not allowed (unless you escape them), so we are better off using single quotes with expect strings.
Try instead:
for instance in ${INSTANCE_IPS[#]}
do
echo $instance
/usr/bin/expect -c "
spawn ssh root#$instance;
expect '?assword: ';
send '<password>\r';
expect '# ';
send '. /usr/local/bin/bootstrap.sh\r';
expect '# ';
send 'exit\r' "
done
for instance in ${INSTANCE_IPS[&]} ; do
echo $instance
/usr/bin/expect -c '
spawn ssh root#'$instance' "/usr/local/bin/bootstrap.sh"
expect "password:"
send "<password>\r"
expect eof'
done
From the ssh man page:
If command is specified, it is executed on the remote host instead of a login shell.
Specifying a command means expect doesn't have to wait for # to execute your program, then wait for another # just to send the command exit. Instead, when you specify a command to ssh, it executes that command; it exits when done; and then ssh automatically closes the connection.
Alternately, put the value in the environment and expect can find it there
for instance in ${INSTANCE_IPS[&]} ; do
echo $instance
the_host=$instance /usr/bin/expect -c '
spawn ssh root#$env(the_host) ...
Old thread, and one of many, but I've been working on expect for several days. For anyone who comes across this, I belive I've found a doable solution to the problem of passing bash variables inside an expect -c script:
#!/usr/bin/env bash
password="TopSecret"
read -d '' exp << EOF
set user "John Doe"
puts "\$user"
puts "$password"
EOF
expect -c "$exp"
Please note that escaping quotations are typically a cited issue (as #Roberto Reale stated above), which I've solved using a heredoc EOF method, before passing the bash-variable-evaluated string to expect -c. In contrast to escaping quotes, all native expect variables will need to be escaped with \$ (I'm not here to solve all first-world problems--my afternoon schedule is slightly crammed), but this should greatly simplify the problem with little effort. Let me know if you find any issues with this proof of concept.
tl;tr: Been creating an [expect] daemon script with user authentication and just figured this out after I spent a whole day creating separated bash/expect scripts, encrypting my prompted password (via bash) with a different /dev/random salt each iteration, saving the encrypted password to a temp file and passing the salt to the expect script (highly discouraging anyone from easily discovering the password via ps, but not preventative since the expect script could be replaced). Now I should be able to effectively keep it in memory instead.
This question already has an answer here:
Best way to soft brute-force your own GPG/PGP passphrase?
(1 answer)
Closed 8 years ago.
I have forgotten my passphrase for my gpg key on linux. Can someone please help me write a simple script to use bruteforce to crack the key? I remember some of the words which MIGHT be in the passphrase, so hopefully, it will not take long for my computer to bruteforce it.
All is not lost if I can't recover the passphrase, it just means I will not be able to work on my project for the next 10 days until I get back to work to get another copy of the files, but this time with a new key for which I will remember to passphrase.
However, it will be nice to be able to work on my project in these 10 days.
Maybe something like:
#!/bin/bash
#
# try all word in words.txt
for word in $(cat words.txt); do
# try to decrypt with word
echo "${word}" | gpg --passphrase-fd 0 --no-tty --decrypt somegpgfile.gpg --output somegpgfile;
# if decrypt is successfull; stop
if [ $? -eq 0 ]; then
echo "GPG passphrase is: ${word}";
exit 0;
fi
done;
exit 1;
1) The script won't be simple, at least how you envisage "simple."
2) It will take a long time - that's the point of using pass phrases over simple passwords. Taking the time to write such a script, incorporating your words which may or may not be in the phrase plus a stab at iterating will probably take over ten days.
3) You probably will forget the next passphrase too.
4) Ooops!
Sorry dude, time to start a new project (at least to while away the next ten days - I suggest a passphrase cracker as an ideal distraction.)
Merry Christmas!
-Oisin
Tersmitten's answer may be out of date.
echo "${word}" | gpg --passphrase-fd 0 -q --batch --allow-multiple-messages --no-tty --output the_decrypted_file -d /some/input/file.gpg;
I used the above line with gpg 2.0.20 and libcrypt 1.5.2 to achieve the desired results.