Purpose of the script
I needed to connect to a FortiGate device (CLI) from my Ubuntu server within the local network, especially when the internet was down. The goal was to disable the WAN interface, wait for 60 seconds, and then re-enable the interface. To accomplish this, I used execute_commands function in bash script.
This function is designed to execute a series of commands on a remote server via SSH. Here’s a detailed breakdown of how it works:
execute_commands() {
local commands=("$@")execute_commands() is the name of the function.
local commands=(“$@”) creates a local array named commands that contains all the arguments passed to the function.
sshpass -p "$PASSWORD" ssh -o StrictHostKeyChecking=no -p $PORT $USER@$HOST << EOF
$(for cmd in "${commands[@]}"; do echo "$cmd"; done)
EOF
sshpass -p “$PASSWORD” uses the sshpass utility to provide the SSH password stored in the PASSWORD variable. This allows for non-interactive password authentication.
ssh -o StrictHostKeyChecking=no -p $PORT $USER@$HOST runs the ssh command with the following options:
-o StrictHostKeyChecking=no: Disables strict host key checking, which prevents SSH from asking for confirmation if the host key is not already in the known hosts file.
-p $PORT: Specifies the SSH port to connect to, using the value of the PORT variable.
$USER@$HOST: Specifies the remote user and host to connect to, using the values of the USER and HOST variables.
Command execution block:
<< EOF
$(for cmd in "${commands[@]}"; do echo "$cmd"; done)
EOF
<< EOF initiates a here-document, which allows you to provide input to the SSH command.
$(for cmd in “${commands[@]}”; do echo “$cmd”; done) is a command substitution that loops over the commands array, printing each command. This results in each command being executed on the remote server.
EOF marks the end of the here-document.
Example usage:
execute_commands "ls -l" "pwd" "whoami"My script
I saved it under: /opt/scripts/fortigate/fgt_gw_check.sh
nano fgt_gw_check.sh#!/bin/bash
# Variables
HOST="HOST_IP"
USER="USER"
PASSWORD="PASSWORD" # Not recommended to hardcode passwords; consider using SSH keys or prompting for password
# Port, in my case I changed the port from 22 to 11022
PORT=11022
LOG_FILE="/opt/scripts/log/fortigate_disable_enable_wan1_$(date +%Y-%m-%d).log" # Location for log file
# Commands to disable wan1 interface
disable_commands=(
"config system interface"
"edit wan1"
"set status down"
"end"
)
# Commands to enable wan1 interface
enable_commands=(
"config system interface"
"edit wan1"
"set status up"
"end"
)
# Function to send commands via SSH
execute_commands() {
local commands=("$@")
sshpass -p "$PASSWORD" ssh -o StrictHostKeyChecking=no -p $PORT $USER@$HOST << EOF
$(for cmd in "${commands[@]}"; do echo "$cmd"; done)
EOF
}
# Disable wan1 interface
#echo "Disabling wan1 interface..."
echo "$(date): Disabling wan1 interface..." >> $LOG_FILE
execute_commands "${disable_commands[@]}"
# Wait for 60 seconds
#echo "Waiting for 60 seconds..."
echo "$(date): Waiting for 60 seconds..." >> $LOG_FILE
sleep 60
# Enable wan1 interface
#echo "Enabling wan1 interface..."
echo "$(date): Enabling wan1 interface..." >> $LOG_FILE
execute_commands "${enable_commands[@]}"
echo "$(date): Done." >> $LOG_FILEIn one of the following posts, I will publish my internet monitoring script.
UPDATE: My script to monitor the internet connection
