in reply to Net SSH Module problem with Netscreen

Heh, been there, done that :)

I don't know what Netscreen gear you are working with. I am using 5XTs from a couple of years ago, running ScreenOS 3.x. To cut a long story short, I suspect that their ssh implementation is slightly out of spec. Either that, or Net::SSH is (insofar as it doesn't deal correctly with a slightly non-orthodox ssh implementation, but it's a grey area). I spoke with btrott at the time about it, but I wasn't able to pinpoint the fault on one side of the fence or the other, or moreover how patch Net::SSH to deal with it.

After battling for a while, I gave up and used Expect. My Netscreens are connected with el-cheapo ADSL lines (albeit with fixed IP addresses). From time to time the line goes down, or something else happens, and the Netscreen re-establishes the PPPoE session. When this occurs, it fetches the IP addresses of the provider's DNS servers, and obligingly offers this to the DHCP clients on the trusted interface. Which means that all of my internal hosts are unknown.

I have to inspect each router periodically, check the addresses of the DNS servers it offers to its DHCP clients, and if they're not mine, I push my own. (I believe this flaw is corrected in more recent editions of ScreenOS). Anyway, to push a setting to a router, my code looks something like this:

    for my $site( @fix ) {
        my $ssh=Expect->spawn( "/usr/bin/ssh $user\@$site" )
            or die "could not create ssh Expect object: $!\n";

        $ssh->expect( TIMEOUT," password: ")
            or die "Never got password prompt from $site: $!\n";
        print $ssh "password\n");

        my @cmds = (
            'set dhcp server option dns1 10.0.0.1',
            'set dhcp server option dns2 10.0.0.2',
            'save',
            'exit',
        );

        for my $cmd( @cmds ) {
            $ssh->expect( TIMEOUT, "$site>" )
              or die "Never got command prompt from $site: $!\ndid not
+ send [$cmd]\n";
            print $ssh "$cmd\n";
        }

        sleep 1;
        $ssh->soft_close();
    }

[download]

- another intruder with the mooring of the heat of the Perl

  • Comment on Re: Net SSH Module problem with Netscreen (you might have to use Expect)
  • Download Code

Replies are listed 'Best First'.
Re^2:Net SSH Module problem with Netscreen (you might have to use Expect)
by iloveperl (Initiate) on Jun 16, 2004 at 18:14 UTC
    Ok that's a bummer but that leads me to my next question which is most likely a simple answer but I haven't worked with it enough to figure it out and need a quick answer.

    Is there a way to manipulate <STDIN> to perform commands on my $ssh->shell. I can't use print as it's expecting STDIN for all commands. I also cannot use expect due to the environment I work in. Thanks for the help.

[reply]

In Section Seekers of Perl Wisdom