automating username/password when ssh to cisco router
in [Cisco]
|
Prev: nat problem
Next: Logging issue in CiscoSecure ACS 4.2
From: BertieBigBollox on 17 Apr 2008 05:10 On Apr 16, 1:17 pm, Gary Mills <mi...(a)cc.umanitoba.ca> wrote: > In <dccbbdd7-731d-4295-9250-8aaa85356...(a)a1g2000hsb.googlegroups.com> "BertieBigBol...(a)gmail.com" <BertieBigBol...(a)gmail.com> writes: > > >Trying to ssh from a Sun Solaris box to a Cisco router and want to use > >a script to log in automatically without it prompting for a username > >and password. > > I use `kermit' for this purpose. All of the scripting, including the > ssh password, can be done within a kermit script. > > -- > -Gary Mills- -Unix Support- -U of M Academic Computing and Networking- Please correct me I'm wrong but with kermit dont you need a client end and a server? Client end (Solaris) would be OK but not sure how'd I'd run a kermit server on the Cisco router? Of course, if you are able to do this, I'd be grateful if you dont mind sharing....
From: Gary Mills on 17 Apr 2008 08:19 In <6af5ffd1-c89d-486a-bcb0-af4b0ec976fb(a)k37g2000hsf.googlegroups.com> "BertieBigBollox(a)gmail.com" <BertieBigBollox(a)gmail.com> writes: >On Apr 16, 1:17=A0pm, Gary Mills <mi...(a)cc.umanitoba.ca> wrote: >> In <dccbbdd7-731d-4295-9250-8aaa85356...(a)a1g2000hsb.googlegroups.com> "Ber= >tieBigBol...(a)gmail.com" <BertieBigBol...(a)gmail.com> writes: >> >> >Trying to ssh from a Sun Solaris box to a Cisco router and want to use >> >a script to log in automatically without it prompting for a username >> >and password. >> >> I use `kermit' for this purpose. =A0All of the scripting, including the >> ssh password, can be done within a kermit script. >> >> -- >> -Gary Mills- =A0 =A0-Unix Support- =A0 =A0-U of M Academic Computing and N= >etworking- >Please correct me I'm wrong but with kermit dont you need a client end >and a server? >Client end (Solaris) would be OK but not sure how'd I'd run a kermit >server on the Cisco router? Of course, if you are able to do this, I'd >be grateful if you dont mind sharing.... No, just the client. Here's an example kermit script. This runs on a Solaris machine to make an SSH connection to the ELOM console on an X4150 server. The one command-line parameter is the hostname of the network management port of that server. The password, XXXXXXXX, in this example, is embedded in the script. #!/usr/local/bin/kermit + SET EXIT WARNING OFF set host /pty ssh -o 'StrictHostKeyChecking no' -l admin \%1 IF FAIL { EXIT 1 connection to \%1 } INPUT 12 {assword: } IF FAIL { EXIT 1 password timeout } PAUSE 1 OUTPUT XXXXXXXX\{13} INPUT 20 { \{45}\{62} } IF FAIL { EXIT 1 prompt timeout } PAUSE 1 OUTPUT start /SP/AgentInfo/Console\{13} INPUT 48 {\{13}\{10}} IF FAIL { EXIT 1 console timeout } CONNECT PAUSE 10 EXIT 1 disconnected -- -Gary Mills- -Unix Support- -U of M Academic Computing and Networking-
From: Doug McIntyre on 17 Apr 2008 09:47 "BertieBigBollox(a)gmail.com" <BertieBigBollox(a)gmail.com> writes: >On Apr 16, 2:21=A0pm, Doug McIntyre <mer...(a)geeks.org> wrote: >> "BertieBigBol...(a)gmail.com" <BertieBigBol...(a)gmail.com> writes: >> >Trying to ssh from a Sun Solaris box to a Cisco router and want to use >> >a script to log in automatically without it prompting for a username >> >and password. >> >Looks like you can use ssh -l <username> to specify a username but >> >there doesnt appear to be a way to send the password, so it still >> >prompts for this. >> >I understand that if I was ssh to another unix box I could probably >> >use the 'expects' command and do it this way but I guess its no good >> >for a cisco router. >> >> (expect, not expects) >> Why not? Same exact thing. >> >OK. I just thought that since I was running ssh, control wouldnt >return to the script running this (and thus go on to the next line >with the expect statement on until the ssh command was all done and >complete? >Dont you need to use 'spawn' or something if doing it this way? Is >this right? Yes, spawn is the correct way to do this in expect.. spawn ssh ... expect { -re "... -re "... .... } But as I said, its already been invented and debugged as the clogin program as part of the RANCID package (guess what its written in.. :) Its pretty self sufficient, you don't need the whole package, although what RANCID does is pretty nice too.
From: skylazart on 17 Apr 2008 23:39 On Apr 17, 10:47 am, Doug McIntyre <mer...(a)geeks.org> wrote: > "BertieBigBol...(a)gmail.com" <BertieBigBol...(a)gmail.com> writes: > >On Apr 16, 2:21=A0pm, Doug McIntyre <mer...(a)geeks.org> wrote: > >> "BertieBigBol...(a)gmail.com" <BertieBigBol...(a)gmail.com> writes: > >> >Trying to ssh from a Sun Solaris box to a Cisco router and want to use > >> >a script to log in automatically without it prompting for a username > >> >and password. > >> >Looks like you can use ssh -l <username> to specify a username but > >> >there doesnt appear to be a way to send the password, so it still > >> >prompts for this. > >> >I understand that if I was ssh to another unix box I could probably > >> >use the 'expects' command and do it this way but I guess its no good > >> >for a cisco router. > > >> (expect, not expects) > >> Why not? Same exact thing. > > >OK. I just thought that since I was running ssh, control wouldnt > >return to the script running this (and thus go on to the next line > >with the expect statement on until the ssh command was all done and > >complete? > >Dont you need to use 'spawn' or something if doing it this way? Is > >this right? > > Yes, spawn is the correct way to do this in expect.. > > spawn ssh ... > > expect { > -re "... > -re "... > ... > > } > > But as I said, its already been invented and debugged as the clogin > program as part of the RANCID package (guess what its written in.. :) > > Its pretty self sufficient, you don't need the whole package, although > what RANCID does is pretty nice too. Expect is pretty nice. Follow a little example: -- example.exp -- #!/usr/bin/expect -f set timeout 20 exp_internal 1 log_user 1 match_max 5000 #conectando spawn ssh -l skylazart localhost set timeout 20 expect { -re "(P|p)assword:" { send "mypassword\r" } timeout { exit 1 } } interact -- EOF -- I know that it isn´t exactly what you want, but, You can automate almost everything with this powerful tool.
From: Dave Uhring on 18 Apr 2008 09:38
On Fri, 18 Apr 2008 02:16:35 -0700, BertieBigBollox(a)gmail.com wrote: > Just noticed - this isnt going to work, is it? You need to send the > authorised key to the router in question. > > The router in question is a cisco device, so I dont know how to do > this... If you can ssh into the router you can use scp to send the key. |