[Ssh-sftp-perl-users] Problem login in to Cisco ASA 7.2(2) with Net::SSH::Perl
Brought to you by:
dbrobins
Menu
▾
▴
[Ssh-sftp-perl-users] Problem login in to Cisco ASA 7.2(2) with Net::SSH::Perl
|
From: Alexander S. <ale...@cb...> - 2010-05-07 11:27:19
|
Hello,
I have a problem login in to a Cisco ASA 7.2(2) via Net::SSH::Perl. I
tried both SSH protocols 1 and 2 but both attempts fail. Login in to
Cisco Switches is no problem at all, but this ASA seems to do things
differently. I want to avoid setting up a bidirectional pipe in perl to
an SSH client to get some config data out of my firewall.
Can anyone point me into the right direction? I appended the script, and
the debug output of the firewall and perl script, both for SSH protocol
1 and 2.
Your help would be greatly appreciated.
Thanks in advance.
Regards
Alexander
Here is my little perl script:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++
#!/usr/bin/perl -w
use Net::SSH::Perl;
my $host = "f1p100fws.seydler.local";
my $user = "admin";
my $pw = "mytoughpw";
my $enablepw = "mytoughenablepw";
my $ssh = Net::SSH::Perl->new($host, %params => ("debug", "true",
"protocol", "1
,2"));
$ssh->login($user, $pw);
my($stdout, $stderr, $exit) = $ssh->cmd("show version");
print $stdout;
print $stderr;
print $exit;
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++
Here is the debugging output of both the perl module and the ASA using
SSH protocol 1:
f1p100fws# debug ssh 10
debug ssh enabled at level 10
f1p100fws# Device ssh opened successfully.
SSH2: SSH client: IP = 'f1s608wws' interface # = 47
SSH: host key initialised
SSH2: starting SSH control process
SSH2: Exchanging versions - SSH-1.99-Cisco-1.25
SSH2: send SSH message: outdata is NULL
server version string:SSH-1.99-Cisco-1.25SSH2: receive SSH message: 83
(83)
SSH2: client version is - SSH-1.5-1.34
client version string:SSH-1.5-1.34SSH2: begin server key generation
SSH2: complete server key generation, elapsed time = 870 ms
SSH2: declare what cipher(s) we support:
00 0x00 0x00 0x0c 0xSSH2: send SSH message: SSH_SMSG_PUBLIC_KEY (2)
SSH2: SSH_SMSG_PUBLIC_KEY message sent
SSH2: receive SSH message: SSH_CMSG_SESSION_KEY (3)
SSH2: SSH_CMSG_SESSION_KEY message received - msg type 0x03, length 144
SSH2: client requests 3DES cipher: 3
SSH: scb created 0x6a25288, size 104
SSH2: send SSH message: SSH_SMSG_SUCCESS (14)
SSH2: keys exchanged and encryption on
SSH2: receive SSH message: SSH_CMSG_USER (4)
SSH2: authentication request for userid admin
SSH(admin): user authen method is 'use AAA', aaa server group ID = 1
SSH2: send SSH message: SSH_SMSG_FAILURE (15)
SSH2: receive SSH message: SSH_CMSG_AUTH_PASSWORD (9)
SSH2: send SSH message: SSH_SMSG_SUCCESS (14)
SSH2: authentication successful for admin
SSH2: receive SSH message: SSH_CMSG_EXEC_CMD (13)
SSH2: starting exec shell
And here is the debugging output of my script:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++
aschwab@f1s608wws$ ./sshfw.pl
Name "main::params" used only once: possible typo at ./sshfw.pl line 10.
f1s608wws: Reading configuration data /home/aschwab/.ssh/config
f1s608wws: Reading configuration data /etc/ssh_config
f1s608wws: Connecting to f1p100fws.seydler.local, port 22.
f1s608wws: Remote protocol version 1.99, remote software version
Cisco-1.25
f1s608wws: Net::SSH::Perl Version 1.34, protocol version 1.5.
f1s608wws: No compat match: Cisco-1.25.
f1s608wws: Connection established.
f1s608wws: Waiting for server public key.
f1s608wws: Received server public key (768 bits) and host key (1024
bits).
f1s608wws: Host 'f1p100fws.seydler.local' is known and matches the host
key.
f1s608wws: Encryption type: DES3
f1s608wws: Sent encrypted session key.
f1s608wws: Received encryption confirmation.
f1s608wws: Trying password authentication.
f1s608wws: Sending command: show version
f1s608wws: Entering interactive session.
The script hangs afterwards and must be terminated with CTRL-C.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++
Here is the debugging output when using SSH protocol version 2:
aschwab@f1s608wws$ ./sshfw.pl
Name "main::params" used only once: possible typo at ./sshfw.pl line 10.
f1s608wws: Reading configuration data /home/aschwab/.ssh/config
f1s608wws: Reading configuration data /etc/ssh_config
f1s608wws: Connecting to f1p100fws.seydler.local, port 22.
f1s608wws: Remote protocol version 1.99, remote software version
Cisco-1.25
f1s608wws: Net::SSH::Perl Version 1.34, protocol version 2.0.
f1s608wws: No compat match: Cisco-1.25.
f1s608wws: Connection established.
f1s608wws: Sent key-exchange init (KEXINIT), wait response.
f1s608wws: Algorithms, c->s: 3des-cbc hmac-sha1 none
f1s608wws: Algorithms, s->c: 3des-cbc hmac-sha1 none
f1s608wws: Entering Diffie-Hellman Group 1 key exchange.
f1s608wws: Sent DH public key, waiting for reply.
f1s608wws: Received host key, type 'ssh-rsa'.
f1s608wws: Host 'f1p100fws.seydler.local' is known and matches the host
key.
f1s608wws: Computing shared secret key.
f1s608wws: Verifying server signature.
f1s608wws: Waiting for NEWKEYS message.
f1s608wws: Send NEWKEYS.
f1s608wws: Enabling encryption/MAC/compression.
f1s608wws: Sending request for user-authentication service.
f1s608wws: Service accepted: ssh-userauth.
f1s608wws: Trying empty user-authentication request.
f1s608wws: Authentication methods that can continue: password.
f1s608wws: Next method to try is password.
f1s608wws: Trying password authentication.
f1s608wws: Login completed, opening dummy shell channel.
f1s608wws: channel 0: new [client-session]
f1s608wws: Requesting channel_open for channel 0.
f1s608wws: channel 0: open confirm rwindow 1024 rmax 4096
f1s608wws: Got channel open confirmation, requesting shell.
f1s608wws: Requesting service shell on channel 0.
f1s608wws: channel 1: new [client-session]
f1s608wws: Requesting channel_open for channel 1.
f1s608wws: Entering interactive session.
f1s608wws: Channel open failure: 1: reason 4:
Use of uninitialized value $stdout in print at ./sshfw.pl line 15.
Use of uninitialized value $stderr in print at ./sshfw.pl line 16.
Use of uninitialized value $exit in print at ./sshfw.pl line 17.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++
SSH2: SSH client: IP = 'f1s608wws' interface # = 47
SSH: host key initialised
SSH2: starting SSH control process
SSH2: Exchanging versions - SSH-1.99-Cisco-1.25
SSH2: send SSH message: outdata is NULL
server version string:SSH-1.99-Cisco-1.25SSH2: receive SSH message: 83
(83)
SSH2: client version is - SSH-2.0-1.34
client version string:SSH-2.0-1.34SSH2: begin server key generation
SSH2: complete server key generation, elapsed time = 590 ms
SSH2 2: SSH2_MSG_KEXINIT sent
SSH2 2: SSH2_MSG_KEXINIT received
SSH2 0:
kex_parse_kexinit: diffie-hellman-group1-sha1
SSH2 0:
kex_parse_kexinit: ssh-rsa
SSH2 0:
kex_parse_kexinit: aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
SSH2 0:
kex_parse_kexinit: aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
SSH2 0:
kex_parse_kexinit: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96
SSH2 0:
kex_parse_kexinit: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96
SSH2 0:
kex_parse_kexinit: none
SSH2 0:
kex_parse_kexinit: none
SSH2 0:
kex_parse_kexinit:
SSH2 0:
kex_parse_kexinit:
SSH2 0:
kex_parse_kexinit: diffie-hellman-group1-sha1
SSH2 0:
kex_parse_kexinit: ssh-dss,ssh-rsa
SSH2 0:
kex_parse_kexinit: 3des-cbc,blowfish-cbc,arcfour
SSH2 0:
kex_parse_kexinit: 3des-cbc,blowfish-cbc,arcfour
SSH2 0:
kex_parse_kexinit: hmac-sha1,hmac-md5
SSH2 0:
kex_parse_kexinit: hmac-sha1,hmac-md5
SSH2 0:
kex_parse_kexinit: none
SSH2 0:
kex_parse_kexinit: none
SSH2 0:
kex_parse_kexinit:
SSH2 0:
kex_parse_kexinit:
SSH2: kex: client->server 3des-cbc hmac-sha1 none
SSH2: kex: server->client 3des-cbc hmac-sha1 none
SSH2 2: expecting SSH2_MSG_KEXDH_INIT
SSH2 2: SSH2_MSG_KEXDH_INIT received
dh_client_pub=
5f66c97d45ab2580 412f0723c66cda07 1dabeac438b57856 8bb1a882bc8cfd18
98fd5c5adb1028f3 260af0c8f8b1d177 e4efa8854fc75b2c 1adcc1e6f9ec0988
ffe55b019da9b213 9f3ad9490321fb4a 91bd6d371d893953 ce226c96fae42d65
ea22deeb943e725f fa4179d746d12c84 8907bd37c0c10b44 715071a947e16ceb
my_dh_pub=
57f24f069c303207 7f86a571d04ff508 3371b6942660117d 0b61ef155f87e47f
3360e5c10ee66cdf 5ee5ed3f36464379 51a08c796faa0ebc 9ca50b312ad54193
c613ab2484e57f36 37d1b56dab99c55b 4637457647822e6a b4733b2bf0904211
a0e5d8e2fb2f19b2 f4b766455dd4b4eb 655e750e50919ae3 bac3e59dc7dfdaed
shared secret
31d99dc902d1ff2f f087ce0d4edeb480 dd9cf5ed8523448a 99f31d40d622c0de
60aea956ae2aab04 22a4950bd5c2ec5d 78f283c9e76ae978 397e476e71d6a9bb
8f515d90d0a11ef9 4240d62e22f2147a 41f98cf1d6f88157 bd61f437b727111c
80ee2f855f3a8216 febcd7ae6434b1da 400fdf264f445f26 e91e7af77657a159
hash
a0b558d46a410bcd 1f7f72ca8ea43465 240632c8
SSH2 2: signature length 143
signature
000000077373682d 727361000000801e e24116b92091541c 9c7ab0cdac90f525
0e45fbaaf863b39a bc7b66679823d1e3 6af87f2075c17da8 97eb267814af5a9b
6d3bd98bc6102e36 5eea2bac94998772 7a9dd1a8e1406cad f15dae317c2284e8
5255b67bc31a4733 817ee208b7a942fe 39f418e7857468c4 fb6cdbb86f9814ce
c8aab2acc297d2e1 02d8b11bb919c3
key
2b672ec8618dd4d7 45bce80e215ad230 972a957666632cf7
key = A
2b672ec8618dd4d7 45bce80e215ad230 972a957666632cf7
key
7bd9e5a4e4be24d4 407d856ff37b0d1f 4ad1d874d0d28d95
key = B
7bd9e5a4e4be24d4 407d856ff37b0d1f 4ad1d874d0d28d95
key
70301fa848d6737c 3a27327cd39620fa 1cda94fc1d33b147
key = C
70301fa848d6737c 3a27327cd39620fa 1cda94fc1d33b147
key
3c14840b8c51d063 866029aa13748e71 4a84d8baa0c2a552
key = D
3c14840b8c51d063 866029aa13748e71 4a84d8baa0c2a552
key
93a6cf893e92d6b6 83542f8646024c84 98ce8ba0ce1ae316
key = E
93a6cf893e92d6b6 83542f8646024c84 98ce8ba0ce1ae316
key
069b66f62d12bb56 dc4084722b7ef3c3 58cf5dbc0bc94d51
key = F
069b66f62d12bb56 dc4084722b7ef3c3 58cf5dbc0bc94d51
SSH2: kex_derive_keys complete
SSH2 2: newkeys: mode 1
SSH2 2: SSH2_MSG_NEWKEYS sent
SSH2 2: waiting for SSH2_MSG_NEWKEYS
SSH2 2: newkeys: mode 0
SSH2 2: SSH2_MSG_NEWKEYS receivedSSH(admin): user authen method is 'use
AAA', aaa server group ID = 1
SSH(admin): user authen method is 'use AAA', aaa server group ID = 1
SSH2 2: authentication successful for admin
SSH2 2: channel open request
SSH2 2: shell request
SSH2 2: shell message receivedSSH2: TCP read failed, error code =
0x86300003 "TCP connection closed"
SSH2: receive SSH message: [no message ID: variable *data is NULL]
SSH2: Session disconnected by SSH server - error 0x00 "Internal error"
|
