cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
danielschmidt
New Contributor

SSH scripting with plink / paramiko etc

Jump to solution

Has anyone been able to script SSH commands in AOS with a tool like Putty's plink.exe or Python's paramiko library?  I can connect successfully with username/password authentication, but attempting to run any commands produces an error and immediately disconnects.

Plink output:

C:\>plink -ssh -v -l USERNAME -pw PASSWORD HOSTNAME "show version"

Looking up host "HOSTNAME"

Connecting to IPADDRESS port 22

Server version: SSH-2.0-RomSShell_4.31

Using SSH protocol version 2

We claim version: SSH-2.0-PuTTY_Release_0.63

Using Diffie-Hellman with standard group "group1"

Doing Diffie-Hellman key exchange with hash SHA-1

Host key fingerprint is:

ssh-dss 1024 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Initialised triple-DES CBC client->server encryption

Initialised HMAC-SHA1 client->server MAC algorithm

Initialised triple-DES CBC server->client encryption

Initialised HMAC-SHA1 server->client MAC algorithm

Using username "USERNAME".

Sent password

Access granted

Opening session as main channel

Opened main channel

Server refused to start a shell/command

FATAL ERROR: Server refused to start a shell/command

Labels (1)
0 Kudos
2 Solutions

Accepted Solutions
jayh
Honored Contributor
Honored Contributor

Re: SSH scripting with plink / paramiko etc

Jump to solution

I'm not familiar with Plink or paramiko, but my co-worker (or cow-orker for you old-timers) Ted Cabeen wrote a RANCID modification to send commands to Adtran devices which works quite nicely.  It's in perl but the concept is the same.  Basically a smart wrapper for an expect script.  See:

http://osdir.com/ml/network.rancid/2006-08/msg00025.html

View solution in original post

0 Kudos
jayh
Honored Contributor
Honored Contributor

Re: SSH scripting with plink / paramiko etc

Jump to solution

danielschmidt wrote:



Has anyone been able to script SSH commands in AOS with a tool like Putty's plink.exe or Python's paramiko library?  I can connect successfully with username/password authentication, but attempting to run any commands produces an error and immediately disconnects.



Plink output:


C:\>plink -ssh -v -l USERNAME -pw PASSWORD HOSTNAME "show version"



[snip]



Sent password


Access granted


Opening session as main channel


Opened main channel


Server refused to start a shell/command


FATAL ERROR: Server refused to start a shell/command


Perhaps your script is looking for a specific prompt or syntax from the unit?  "show version" should work without needing to be enabled.  If you're looking to capture and record version and configuration info, RANCID with the Adtran plug-in is the way to go.  We may tweak it to send "no events" before the main script as the occasional firewall log notice will sometimes get misinterpreted as a diff.  Available from http://www.shrubbery.net/rancid/  The price is right, too.

View solution in original post

0 Kudos
3 Replies
jayh
Honored Contributor
Honored Contributor

Re: SSH scripting with plink / paramiko etc

Jump to solution

I'm not familiar with Plink or paramiko, but my co-worker (or cow-orker for you old-timers) Ted Cabeen wrote a RANCID modification to send commands to Adtran devices which works quite nicely.  It's in perl but the concept is the same.  Basically a smart wrapper for an expect script.  See:

http://osdir.com/ml/network.rancid/2006-08/msg00025.html

0 Kudos
jayh
Honored Contributor
Honored Contributor

Re: SSH scripting with plink / paramiko etc

Jump to solution

danielschmidt wrote:



Has anyone been able to script SSH commands in AOS with a tool like Putty's plink.exe or Python's paramiko library?  I can connect successfully with username/password authentication, but attempting to run any commands produces an error and immediately disconnects.



Plink output:


C:\>plink -ssh -v -l USERNAME -pw PASSWORD HOSTNAME "show version"



[snip]



Sent password


Access granted


Opening session as main channel


Opened main channel


Server refused to start a shell/command


FATAL ERROR: Server refused to start a shell/command


Perhaps your script is looking for a specific prompt or syntax from the unit?  "show version" should work without needing to be enabled.  If you're looking to capture and record version and configuration info, RANCID with the Adtran plug-in is the way to go.  We may tweak it to send "no events" before the main script as the occasional firewall log notice will sometimes get misinterpreted as a diff.  Available from http://www.shrubbery.net/rancid/  The price is right, too.

0 Kudos

Re: SSH scripting with plink / paramiko etc

Jump to solution

Thank you very much, RANCID looks like exactly what I need.  I look forward to trying it out.