adrolter · March 1, 2016 07:28
diff --git a/chrosisopw.exp b/chrosisopw.exp
 #!/usr/bin/expect -f

 ### BEGIN CONFIGURATION #######################################################

 set VERBOSITY 1
 set PASSWORD_LENGTH 40

 ### END CONFIGURATION #########################################################

 exp_internal 0
 log_user 0

 if {$VERBOSITY >= 4} {exp_internal 1}
 if {$VERBOSITY >= 3} {log_user 1}

 proc usage {} {
  puts "usage: ./chrosisopw.exp host.domain.xyz"
 }

 proc spawn_ssh {} {
  if {[info exists ::spawn_id]} {close -i $::spawn_id; wait -i $::spawn_id}
  set ::timeout 1
  spawn ssh -2tv -c {[email protected]} \
     -o {UserKnownHostsFile=/dev/null} -o {HashKnownHosts=no} \
     -o {CheckHostIP=no} -o {StrictHostKeyChecking=no} \
     -o {[email protected],ssh-ed25519} \
     -o {[email protected]} \
     -o {IdentitiesOnly=yes} -o {IdentityFile=/dev/null} \
     -o {PreferredAuthentications=password} -o {PubkeyAuthentication=no} \
     rancher@$::host
  set ::spawn_id $spawn_id
 }

 if {![llength $argv]} {usage; exit 1}
 set host [lindex $argv 0]
 set hostKeyInfo {}

 # Establish the SSH connection
 puts -nonewline "Connecting to “$host”."; flush stdout
 spawn_ssh
 # Generate a new password while we have a moment
 set newPass [exec sh -c "tr -dc '\[:graph:]' < /dev/urandom | head -c $PASSWORD_LENGTH"]
 expect {
  {debug1: Server host key: *} {
    set hostKeyInfo $expect_out(0,string)
    exp_continue
  }
  {debug1: Connection established.} {
    puts {..done.}
  }
  # Retry connection if timeout occurred
  timeout {
    puts -nonewline {.}; flush stdout
    spawn_ssh; exp_continue
  }
  # Ignore other output
  default {exp_continue}
 }  

 # Connection successful, attempt SSH authentication
 set timeout 10
 set startTimeMicrosecs [clock microseconds]
 expect {
  {rancher@* password:} {
    send "rancher\r"
    expect {
      {debug1: Authentication succeeded (password).} {
        puts {Authentication successful.}
      }
      {Permission denied*} {
        puts "\n  ☠ WARNING ☠ -- PERMISSION DENIED -- ☠ WARNING ☠"
        puts "
 IF YOU DID NOT CHANGE THE “rancher” PASSWORD ON “$host”,
 AN IMMEDIATE (FORCEFUL) SHUTDOWN OF “$host” IS STRONGLY
 RECOMMENDED!
        "
        exit 154
      }
      default {exp_continue}
    }
  } 
  # Host closed the connection ???
  eof {error {Unexpected EOF while waiting for password prompt}}
  # Ignore other output
  default {exp_continue}
 }

 # Change rancher user password
 send "sudo passwd rancher\r"
 expect {Changing password for rancher}
 expect {New password: } {send "$newPass\r"}
 expect {Retype password: } {send "$newPass\r"}  
 expect {Password for rancher changed} {
  set elapsedMillisecs [expr {([clock microseconds]-$startTimeMicrosecs)/1000}]
  puts "
 New password for “rancher@$host”
 [string repeat {-} $PASSWORD_LENGTH]
 $newPass
 [string repeat {-} $PASSWORD_LENGTH]
  "
  if {$VERBOSITY >= 2} {
    puts "Completed password change in ~${elapsedMillisecs}ms (since SSHd accepted the connection)."
  }
 }

 send "exit\r"
 expect *  
 expect eof
	#!/usr/bin/expect -f

	### BEGIN CONFIGURATION #######################################################

	set VERBOSITY 1
	set PASSWORD_LENGTH 40

	### END CONFIGURATION #########################################################

	exp_internal 0
	log_user 0

	if {$VERBOSITY >= 4} {exp_internal 1}
	if {$VERBOSITY >= 3} {log_user 1}

	proc usage {} {
	puts "usage: ./chrosisopw.exp host.domain.xyz"
	}

	proc spawn_ssh {} {
	if {[info exists ::spawn_id]} {close -i $::spawn_id; wait -i $::spawn_id}
	set ::timeout 1
	spawn ssh -2tv -c {[email protected]} \
	-o {UserKnownHostsFile=/dev/null} -o {HashKnownHosts=no} \
	-o {CheckHostIP=no} -o {StrictHostKeyChecking=no} \
	-o {[email protected],ssh-ed25519} \
	-o {[email protected]} \
	-o {IdentitiesOnly=yes} -o {IdentityFile=/dev/null} \
	-o {PreferredAuthentications=password} -o {PubkeyAuthentication=no} \
	rancher@$::host
	set ::spawn_id $spawn_id
	}

	if {![llength $argv]} {usage; exit 1}
	set host [lindex $argv 0]
	set hostKeyInfo {}

	# Establish the SSH connection
	puts -nonewline "Connecting to “$host”."; flush stdout
	spawn_ssh
	# Generate a new password while we have a moment
	set newPass [exec sh -c "tr -dc '\[:graph:]' < /dev/urandom \| head -c $PASSWORD_LENGTH"]
	expect {
	{debug1: Server host key: *} {
	set hostKeyInfo $expect_out(0,string)
	exp_continue
	}
	{debug1: Connection established.} {
	puts {..done.}
	}
	# Retry connection if timeout occurred
	timeout {
	puts -nonewline {.}; flush stdout
	spawn_ssh; exp_continue
	}
	# Ignore other output
	default {exp_continue}
	}

	# Connection successful, attempt SSH authentication
	set timeout 10
	set startTimeMicrosecs [clock microseconds]
	expect {
	{rancher@* password:} {
	send "rancher\r"
	expect {
	{debug1: Authentication succeeded (password).} {
	puts {Authentication successful.}
	}
	{Permission denied*} {
	puts "\n ☠ WARNING ☠ -- PERMISSION DENIED -- ☠ WARNING ☠"
	puts "
	IF YOU DID NOT CHANGE THE “rancher” PASSWORD ON “$host”,
	AN IMMEDIATE (FORCEFUL) SHUTDOWN OF “$host” IS STRONGLY
	RECOMMENDED!
	"
	exit 154
	}
	default {exp_continue}
	}
	}
	# Host closed the connection ???
	eof {error {Unexpected EOF while waiting for password prompt}}
	# Ignore other output
	default {exp_continue}
	}

	# Change rancher user password
	send "sudo passwd rancher\r"
	expect {Changing password for rancher}
	expect {New password: } {send "$newPass\r"}
	expect {Retype password: } {send "$newPass\r"}
	expect {Password for rancher changed} {
	set elapsedMillisecs [expr {([clock microseconds]-$startTimeMicrosecs)/1000}]
	puts "
	New password for “rancher@$host”
	[string repeat {-} $PASSWORD_LENGTH]
	$newPass
	[string repeat {-} $PASSWORD_LENGTH]
	"
	if {$VERBOSITY >= 2} {
	puts "Completed password change in ~${elapsedMillisecs}ms (since SSHd accepted the connection)."
	}
	}

	send "exit\r"
	expect *
	expect eof