Belier
======

What's for ?
------------
Belier allows opening a shell or executing a command on a remote computer through a ssh session. The main feature of Belier is its ability to cross several intermediate computers before realizing the job.

- Belier reaches the final computer through intermediate machines.
- You can execute commands with any account available on the remote computer.
- It is possible to switch account on intermediate computers before accessing the final computer.
- Belier generates one script for each final computer to reach.

License
-------
GPLv3 and more

What you need before installing Belier
--------------------------------------
- Python >= 2.4
- Expect >= 5.42.1 

Debian :
-----------------------------
apt-get install python expect
-----------------------------

Installation
------------

-----------------------
tar zxvf 
cd belier-0.8
su
python setup.py install
-----------------------

Easy_install
~~~~~~~~~~~~
-------------------
easy_install belier
-------------------

Source code
-----------

------------------------------------
git clone git://git.ohmytux.com/belier
------------------------------------

Howtos
------

Open a remote shell as root with PermitRootLogin No in sshd_config
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


We first write a file which defines information to access the final computer :
----------------------------
user@localhost:~$ cat ordres
admin@machine-finale Ic4r3 root jkw!po12;
-----------------------------------------

Belier generates the script :
-------------------------------------
user@localhost:~$ bel --entree=ordres
user@localhost:~$ ls
user@localhost:~$ machine-finale.sh
-------------------------------------

Execution of the script (only the script is executed here, the other lines are self-generated) :
-------------------------------------
user@localhost:~$ ./machine-finale.sh
spawn ssh machine-finale.sh
admin@machine-finale's password:
admin@machine-finale:~$ su - root
Password:
root@machine-finale:~#
---------------------- 

Let's be more verbose about this example : 

. We write a file with the mandatory information to connect the remote computer. The first field is composed by a login followed by '@' and the hostname (could be an ip address). You can omit the login and in this case, the actual login of your shell session will be used.
. The second field is a password to access the remote computer. It could be omitted if you exchanged ssh keys between the both computers.
. The third field is the login you want to switch to after beeing connected to the remote computer. It could be omitted if you don't need to switch.
. The fourth and last field is the required password for the user switching. Could be omitted too.
. You generate the connection script. You could use standard input but in our example we use --entree option to pinpoint the information file.
. You launch the script and you reach the final computer.

Open a remote shell with several intermediate computers
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

We first write a file which defines information to access the final computer :
----------------------------
user@localhost:~$ cat ordres
intermediaire1 admin azer0;lp!Z
admin@intermediaire2 
admin@machine-finale root jkw!po12;
-----------------------------------

Belier generates the script :
-------------------------------------
user@localhost:~$ bel --entree=ordres
user@localhost:~$ ls
user@localhost:~$ machine-finale.sh
-----------------------------------

Execution of the script (only the script is executed here, the other lines are self-generated) :
-------------------------------------
user@localhost:~$ ./machine-finale.sh
spawn ssh intermediaire1
user@intermediaire1's password:
user@intermediaire1:~$ su - admin
Password: 
admin@intermediaire1:~$ ssh admin@intermediaire2
admin@intermediaire2:~$ ssh admin@machine-finale
admin@machine-finale's password:
admin@machine-finale:~$ su - root
Password:
root@machine-finale:~#
---------------------- 

Let's be more verbose about this example : 

. The first line of the information file defines the first intermediate computer to reach. On this one we also define a user switch.
. The second line defines the second intermediate computer.
. The third line defines the final computer. On this computer we switch to root.
. You generate the connection script. You could use standard input but in our example we use --entree option to pinpoint the information file.
. You launch the script and you reach the final computer.

Execute a command on a remote computer as root
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

We first write a file which defines information to access the final computer :
----------------------------
user@localhost:~$ cat ordres
intermediaire admin azer0;lp!Z
admin@machine-finale root !ZuP3r; -c
df -h
-----

Belier generates the script :
-------------------------------------
user@localhost:~$ bel --entree=ordres
user@localhost:~$ ls
user@localhost:~$ machine-finale.sh
-----------------------------------

Here is the output of the execution of the generated script :
-------------------------------------
user@localhost:~$ ./machine-finale.sh
spawn ssh intermediaire
user@intermediaire's password:
user@intermediaire:~$ su - admin
Password: 
admin@intermediaire:~$ ssh admin@machine-finale
admin@machine-finale's password:
admin@machine-finale:~$ su - root
Password:
root@machine-finale:~# df -h
Sys. de fich.            Tail. Occ. Disp. %Occ. Monté sur
/dev/sda2             453G   61G  393G  14% /
varrun                2,0G  112K  2,0G   1% /var/run
varlock               2,0G     0  2,0G   0% /var/lock
udev                  2,0G   48K  2,0G   1% /dev
devshm                2,0G   24K  2,0G   1% /dev/shm
lrm                   2,0G   36M  1,9G   2% /lib/modules/2.6.24-21-generic/volatile
root@machine-finale:~#
----------------------------------------------------------------------------------- 

Let's be more verbose about this example : 

. The first line of the information file defines the first intermediate computer to reach. On this one we also define a user switch.
. The second line defines the second intermediate computer.
. The third line defines the final computer. On this computer we switch to root.
. The fourth line defines the command we want to execute on the final computer.
. You generate the connection script. You could use standard input but in our example we use --entree option to pinpoint the information file.
. You launch the script and you reach the final computer.

Useful to know with passwords in Belier
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
If one of your passwords in the information file has a space in it, you need to wrap your password between quotation marks (character ") :
-----------------------------
admin@serveur "My Passw0rd  "
-----------------------------
If one of your passwords in the information file has a quotation mark in it, you need to put a backslash before (character \) :
-------------------------------
admin@serveur "My \"Pass word "
-------------------------------

Code quality
------------

Since the version 0.4, Belier has been tested (functional tests and regression tests). The code is parsed with Pylint. I also use a fuzzer called Fusil written by Victor Stinner. If you find a bug, please contact me.

mailto:please-use-chaica@ohmytux.com['Carl Chenet aka chaica']
