Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

Hi monks,

I have a problem in enabling authentication after logging in to the firewall.

I am trying to execute 'sh access-list access-list-name' command on remote firewall to get hit counts.

My script to access firewall is as follows

use Net::SSH::Perl;
$host="ip";
$username = "username";
$pass = "password";
$ssh=Net::SSH::Perl->new($host, debug=>1, cipher=>'DES', port =>22);
$ssh->login($username, $pass);
my(@arra) = $ssh->cmd("?");
print "output: $arra\n";

[download]
When I execute this script, I could log in successfully but could not enter interactive session.

How do I enable authentication after logging in? Please help me.

Thanks in advance Nalina

Edited by Chady -- added code tags.

Replies are listed 'Best First'.
Re: Problem in enabling authentication after logging in to a firewall
by Anonymous Monk on Jun 11, 2004 at 11:13 UTC

    be warned! Cisco products vary greatly.

    • Net::SSH::Perl + version 2 + IOS == broken.
    • Net::SSH::Perl + version 1 + PIX Firewall Module == works.
    • Net::SSH::Perl + version ? + PIX standalone firewall == ?????

    good luck! (plain ssh + Expect is your best bet. wink wink nudge nudge)

    use Net::SSH::Perl;

my $ssh = Net::SSH::Perl->new( 'rtr',
        protocol => '2',
        debug => 1,
        interactive => 0,
);
$ssh->login( 'admin', 'password' )
  or die "login\n";

$ssh->shell;
__END__

version 1 -> PIX Firewall Services Module 

localhost: Reading configuration data /home/username/.ssh/config
localhost: Reading configuration data /etc/ssh_config
localhost: Connecting to thertr-fw, port 22.
localhost: Remote protocol version 1.5, remote software version Cisco-
+1.25
localhost: Net::SSH::Perl Version 1.25, protocol version 1.5.
localhost: No compat match: Cisco-1.25.
localhost: Connection established.
localhost: Waiting for server public key.
localhost: Received server public key (768 bits) and host key (1024 bi
+ts).
localhost: Host 'thepix' is known and matches the host key.
localhost: Encryption type: DES3
localhost: Sent encrypted session key.
localhost: Received encryption confirmation.
localhost: Trying password authentication.
localhost: Requesting pty.
localhost: Requesting shell.
localhost: Entering interactive session.
Type help or '?' for a list of available commands.
thepix-FW> 
thepix-FW> exit


version 2 -> Cisco IOS

localhost: Reading configuration data /home/username/.ssh/config
localhost: Reading configuration data /etc/ssh_config
localhost: Connecting to thertr, port 22.
localhost: Remote protocol version 2.0, remote software version Cisco-
+1.25
localhost: Net::SSH::Perl Version 1.25, protocol version 2.0.
localhost: No compat match: Cisco-1.25.
localhost: Connection established.
localhost: Sent key-exchange init (KEXINIT), wait response.
localhost: Algorithms, c->s: 3des-cbc hmac-sha1 none
localhost: Algorithms, s->c: 3des-cbc hmac-sha1 none
localhost: Entering Diffie-Hellman Group 1 key exchange.
localhost: Sent DH public key, waiting for reply.
localhost: Received host key, type 'ssh-rsa'.
localhost: Host 'thertr' is known and matches the host key.
localhost: Computing shared secret key.
localhost: Verifying server signature.
localhost: Waiting for NEWKEYS message.
localhost: Enabling incoming encryption/MAC/compression.
localhost: Send NEWKEYS, enable outgoing encryption/MAC/compression.
localhost: Sending request for user-authentication service.
localhost: Service accepted: ssh-userauth.
localhost: Trying empty user-authentication request.
localhost: Authentication methods that can continue: password.
localhost: Next method to try is password.
localhost: Trying password authentication.
localhost: Login completed, opening dummy shell channel.
localhost: channel 0: new [client-session]
localhost: Requesting channel_open for channel 0.
localhost: channel 0: open confirm rwindow 1024 rmax 4096
localhost: Got channel open confirmation, requesting shell.
localhost: Requesting service shell on channel 0.
localhost: channel 1: new [client-session]
localhost: Requesting channel_open for channel 1.
localhost: Entering interactive session.
localhost: Channel open failure: 1: reason 4:

    [download]
[reply]
[d/l]
Re: Problem in enabling authentication after logging in to a firewall
by eXile (Priest) on Jun 11, 2004 at 05:25 UTC
[reply]
      I could log in to the remote firewall But am not able to execute any command. with debug action, it is getting struck at the last line of the following

      Linux: Reading configuration data /root/.ssh/config

      Linux: Reading configuration data /etc/ssh_config

      Linux: Allocated local port 1023.

      Linux: Connecting to 203.91.132.111, port 22.

      Linux: Remote protocol version 1.5, remote software version Cisco-1.25

      Linux: Net::SSH::Perl Version 1.25, protocol version 1.5.

      Linux: No compat match: Cisco-1.25.

      Linux: Connection established.

      Linux: Waiting for server public key.

      Linux: Received server public key (768 bits) and host key (2048 bits).

      Linux: Host '203.91.132.111' is known and matches the host key.

      Linux: Encryption type: DES

      Linux: Sent encrypted session key.

      Linux: Received encryption confirmation.

      Linux: Trying password authentication.

      Linux: Sending command: ?

      Linux: Entering interactive session.

      What do I do now?

      Thanks

      Nalina
[reply]

Back to Seekers of Perl Wisdom