Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

SSH connections

Help
2010-02-23
2013-05-14
  • Brian Bauman
    Brian Bauman
    2010-02-23

    Currently I'm using rxsock for telnet but we are transitioning to ssh.

    Is there either something similar to rxsock for ssh or a way for REXX to interact with a command line ssh client?

    We need to connect and stay connected similar to a telnet session. The script needs to be able to run multiple commands on the ssh connected device and read the output.

    This is for regina rexx on windows.

    Anyone have any ideas?

     
  • Mark Hessling
    Mark Hessling
    2010-02-24

    Have a look at Rexx/CURL. It may provide the capabilities you are after.
    http://rexxcurl.sourceforge.net

     
  • Brian Bauman
    Brian Bauman
    2010-02-24

    I've looked at cURL over the years but the only thing on SSH is that it has SCP.

    We need to connect to network devices via SSH, a persistent connection, not a one liner.  Run multiple commands, gathering output of those commands after each command, make decisions on the output as to what the next command is, staying connected.  It is like a telnet session but encrypted via SSH.

    If there is no addin for SSH, is there a way for REXX to control a command line application when it is more than one command? We have command line ssh apps but my attempts to control them via rexx is that they wont take what I'm trying to send at them and the program just sits until you manually exit the session.

    When we change from telnet to ssh there's a bunch of scripts I need to change, anywhere from one device at a time scripts to some that will update configurations of 1,000 devices per 15 minutes.  If I can't figure out a way to do this in REXX I'm going to have to scrap years of scripting and start over with some other language.

     
  • Mark Hessling
    Mark Hessling
    2010-02-25

    There is a project; libssh: http://www.libssh.org,  that appears to provide an API that will do what you need.  I'm making some enquiries on the user mailing list to confirm if it will work as hoped. If so then I could write a Rexx interface for libssh.

    What sort of timeframe are you looking at before you have to move from telnet to ssh?

    Cheers, Mark

     
  • Mike Protts
    Mike Protts
    2010-02-25

    You may need libssh2 (http://www.libssh2.org/) - which is the same as used with curl. 

    As an interim, would telnet be allowed on the loopback address, and then the script could be used on a telnet session through an ssh tunnel?  That may buy more time.   It's certainly possible to automate setting up the tunnel with putty on Windows, or using openssh with ssh-agent on most systems.

    Cheers
    Mike

     
  • Brian Bauman
    Brian Bauman
    2010-02-25

    Mark,
    We have some devices that are ssh only already but the big move will be in a couple months most likely. We will need ssh version 2.

    Mike,
    Funny you mention that. I played with using putty to tunnel and telnet through thinking if it would work manually then maybe I could use rxsock through the tunnel too.  Chances are I did something wrong because it wouldn't work.  
       plink  -N sshhost  -l username -pw ==password -L 522:sshhost:22
    then in another window
       telnet localhost 522
          window says: SSH-1.99-OpenSSH_3.7.1p1-pwexp24
           when anything is typed it comes back with: Protocol Mismatch. Connection to host lost.

      If I ssh to localhost 522 it then works. So I'm not converting from ssh to telnet, I am just proxying.  Any idea how to make putting convert?  That would save me for the interim until there is an ssh API.

     
  • Mike Protts
    Mike Protts
    2010-02-25

    You'd need to set up the server to run telnetd on the 127.0.0.1 address first, then:
    plink -N sshhost -l username -pw ==password -L 523:sshhost:23

    and then telnet to localhost 523 will work.

    The telnet could be allowed to listen on any address if the port is blocked at the firewall - that's my usual preference.  Then I only allow a single ssh access point, and tunnel through that for any other access.\

     
  • Brian Bauman
    Brian Bauman
    2010-02-25

    Lets take a step back. 

    Once the move to SSH is done, telnet will no longer be allowed, period, even to the loopback. 

    In your example we are using port 23 yet "-N" means ssh-2 only, our devices will have ssh on port 22, telnet on them will be turned off on 23. 

    When you say run telnetd on the server is the server the same device that is running the rexx script? If so, I'm missing the purpose.
    plink listens on port 523 and forward to remote 23.  telnet localhost 523 goes right to plink's port. Telnetd isn't used at all.

    It is the same thing I was doing with forwarding local 522 to remote host 22 but it doesn't convert from telnet to ssh which seems to be what I need since REXX can't control a command line app like plink. 

    Does that make sense or am I just thick?

    Thanks,
    Brian.