Re: [Ssh-sftp-perl-users] Problem login in to Cisco ASA 7.2(2) with Net::SSH::Perl
Brought to you by:
dbrobins
Menu
▾
▴
Re: [Ssh-sftp-perl-users] Problem login in to Cisco ASA 7.2(2) with Net::SSH::Perl
|
From: Alexander S. <ale...@cb...> - 2010-05-07 17:13:10
|
Merci beaucoup, Thierry!
That works like a charm!
Kind regards
Alexander
-----Original Message-----
From: Thierry CHICH [mailto:thi...@ac...]
Sent: 07 May 2010 18:44
To: ssh...@li...
Cc: Alexander Schwab
Subject: Re: [Ssh-sftp-perl-users] Problem login in to Cisco ASA 7.2(2) with Net::SSH::Perl
Hello,
When I have tried with pix, I have to use a pipe ie I emit my comands on the standard input, like this :
use Net::SSH::Perl;
use Term::ReadKey;
my $cmd="
ena
ocsic
conf t
pager 0
sh conn
";
my $host="192.168.0.1";
my $user="pix";
my $pass="mypass";
my $ssh = Net::SSH::Perl->new($host,debug=>true,
options => ["BatchMode yes", "RhostsAuthentication no"
]);
$ssh->login($user,$pass);
my ($stdout, $stderr, $exit) = $ssh->cmd("",$cmd);
print "stdout:$stdout \n";
print "stderr: $stderr \n";
print "$exit\n";
Le vendredi 7 mai 2010 13:10:58, Alexander Schwab a écrit :
> Hello,
>
> I have a problem login in to a Cisco ASA 7.2(2) via Net::SSH::Perl. I
> tried both SSH protocols 1 and 2 but both attempts fail. Login in to
> Cisco Switches is no problem at all, but this ASA seems to do things
> differently. I want to avoid setting up a bidirectional pipe in perl
> to an SSH client to get some config data out of my firewall.
>
> Can anyone point me into the right direction? I appended the script,
> and the debug output of the firewall and perl script, both for SSH
> protocol
> 1 and 2.
>
> Your help would be greatly appreciated.
> Thanks in advance.
>
> Regards
> Alexander
>
>
> Here is my little perl script:
>
>
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> +++++++++++++++++++++
>
> #!/usr/bin/perl -w
>
> use Net::SSH::Perl;
>
> my $host = "f1p100fws.seydler.local";
> my $user = "admin";
> my $pw = "mytoughpw";
> my $enablepw = "mytoughenablepw";
>
> my $ssh = Net::SSH::Perl->new($host, %params => ("debug", "true",
> "protocol", "1 ,2")); $ssh->login($user, $pw);
>
> my($stdout, $stderr, $exit) = $ssh->cmd("show version");
>
> print $stdout;
> print $stderr;
> print $exit;
>
>
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> +++++++++++++++++++++
>
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> +++++++++++++++++++++
>
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> +++++++++++++++++++++
>
> Here is the debugging output of both the perl module and the ASA using
> SSH protocol 1:
>
> f1p100fws# debug ssh 10
> debug ssh enabled at level 10
> f1p100fws# Device ssh opened successfully.
> SSH2: SSH client: IP = 'f1s608wws' interface # = 47
> SSH: host key initialised
> SSH2: starting SSH control process
> SSH2: Exchanging versions - SSH-1.99-Cisco-1.25
>
> SSH2: send SSH message: outdata is NULL
>
> server version string:SSH-1.99-Cisco-1.25SSH2: receive SSH message: 83
> (83)
> SSH2: client version is - SSH-1.5-1.34
>
> client version string:SSH-1.5-1.34SSH2: begin server key generation
> SSH2: complete server key generation, elapsed time = 870 ms
> SSH2: declare what cipher(s) we support:
> 00 0x00 0x00 0x0c 0xSSH2: send SSH message: SSH_SMSG_PUBLIC_KEY
> (2)
> SSH2: SSH_SMSG_PUBLIC_KEY message sent
> SSH2: receive SSH message: SSH_CMSG_SESSION_KEY (3)
> SSH2: SSH_CMSG_SESSION_KEY message received - msg type 0x03, length
> 144
> SSH2: client requests 3DES cipher: 3
> SSH: scb created 0x6a25288, size 104
> SSH2: send SSH message: SSH_SMSG_SUCCESS (14)
> SSH2: keys exchanged and encryption on
> SSH2: receive SSH message: SSH_CMSG_USER (4)
> SSH2: authentication request for userid admin
> SSH(admin): user authen method is 'use AAA', aaa server group ID = 1
> SSH2: send SSH message: SSH_SMSG_FAILURE (15)
> SSH2: receive SSH message: SSH_CMSG_AUTH_PASSWORD (9)
> SSH2: send SSH message: SSH_SMSG_SUCCESS (14)
> SSH2: authentication successful for admin
> SSH2: receive SSH message: SSH_CMSG_EXEC_CMD (13)
> SSH2: starting exec shell
>
> And here is the debugging output of my script:
>
>
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> +++++++++++++++++++++
>
> aschwab@f1s608wws$ ./sshfw.pl
> Name "main::params" used only once: possible typo at ./sshfw.pl line 10.
> f1s608wws: Reading configuration data /home/aschwab/.ssh/config
> f1s608wws: Reading configuration data /etc/ssh_config
> f1s608wws: Connecting to f1p100fws.seydler.local, port 22.
> f1s608wws: Remote protocol version 1.99, remote software version
> Cisco-1.25
> f1s608wws: Net::SSH::Perl Version 1.34, protocol version 1.5.
> f1s608wws: No compat match: Cisco-1.25.
> f1s608wws: Connection established.
> f1s608wws: Waiting for server public key.
> f1s608wws: Received server public key (768 bits) and host key (1024
> bits).
> f1s608wws: Host 'f1p100fws.seydler.local' is known and matches the
> host key.
> f1s608wws: Encryption type: DES3
> f1s608wws: Sent encrypted session key.
> f1s608wws: Received encryption confirmation.
> f1s608wws: Trying password authentication.
> f1s608wws: Sending command: show version
> f1s608wws: Entering interactive session.
>
> The script hangs afterwards and must be terminated with CTRL-C.
>
>
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> +++++++++++++++++++++
>
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> +++++++++++++++++++++
>
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> +++++++++++++++++++++
>
> Here is the debugging output when using SSH protocol version 2:
>
> aschwab@f1s608wws$ ./sshfw.pl
> Name "main::params" used only once: possible typo at ./sshfw.pl line 10.
> f1s608wws: Reading configuration data /home/aschwab/.ssh/config
> f1s608wws: Reading configuration data /etc/ssh_config
> f1s608wws: Connecting to f1p100fws.seydler.local, port 22.
> f1s608wws: Remote protocol version 1.99, remote software version
> Cisco-1.25
> f1s608wws: Net::SSH::Perl Version 1.34, protocol version 2.0.
> f1s608wws: No compat match: Cisco-1.25.
> f1s608wws: Connection established.
> f1s608wws: Sent key-exchange init (KEXINIT), wait response.
> f1s608wws: Algorithms, c->s: 3des-cbc hmac-sha1 none
> f1s608wws: Algorithms, s->c: 3des-cbc hmac-sha1 none
> f1s608wws: Entering Diffie-Hellman Group 1 key exchange.
> f1s608wws: Sent DH public key, waiting for reply.
> f1s608wws: Received host key, type 'ssh-rsa'.
> f1s608wws: Host 'f1p100fws.seydler.local' is known and matches the
> host key.
> f1s608wws: Computing shared secret key.
> f1s608wws: Verifying server signature.
> f1s608wws: Waiting for NEWKEYS message.
> f1s608wws: Send NEWKEYS.
> f1s608wws: Enabling encryption/MAC/compression.
> f1s608wws: Sending request for user-authentication service.
> f1s608wws: Service accepted: ssh-userauth.
> f1s608wws: Trying empty user-authentication request.
> f1s608wws: Authentication methods that can continue: password.
> f1s608wws: Next method to try is password.
> f1s608wws: Trying password authentication.
> f1s608wws: Login completed, opening dummy shell channel.
> f1s608wws: channel 0: new [client-session]
> f1s608wws: Requesting channel_open for channel 0.
> f1s608wws: channel 0: open confirm rwindow 1024 rmax 4096
> f1s608wws: Got channel open confirmation, requesting shell.
> f1s608wws: Requesting service shell on channel 0.
> f1s608wws: channel 1: new [client-session]
> f1s608wws: Requesting channel_open for channel 1.
> f1s608wws: Entering interactive session.
> f1s608wws: Channel open failure: 1: reason 4:
> Use of uninitialized value $stdout in print at ./sshfw.pl line 15.
> Use of uninitialized value $stderr in print at ./sshfw.pl line 16.
> Use of uninitialized value $exit in print at ./sshfw.pl line 17.
>
>
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> +++++++++++++++++++++
>
> SSH2: SSH client: IP = 'f1s608wws' interface # = 47
> SSH: host key initialised
> SSH2: starting SSH control process
> SSH2: Exchanging versions - SSH-1.99-Cisco-1.25
>
> SSH2: send SSH message: outdata is NULL
>
> server version string:SSH-1.99-Cisco-1.25SSH2: receive SSH message: 83
> (83)
> SSH2: client version is - SSH-2.0-1.34
>
> client version string:SSH-2.0-1.34SSH2: begin server key generation
> SSH2: complete server key generation, elapsed time = 590 ms
>
> SSH2 2: SSH2_MSG_KEXINIT sent
> SSH2 2: SSH2_MSG_KEXINIT received
> SSH2 0:
> kex_parse_kexinit: diffie-hellman-group1-sha1
> SSH2 0:
> kex_parse_kexinit: ssh-rsa
> SSH2 0:
> kex_parse_kexinit: aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
> SSH2 0:
> kex_parse_kexinit: aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
> SSH2 0:
> kex_parse_kexinit: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96
> SSH2 0:
> kex_parse_kexinit: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96
> SSH2 0:
> kex_parse_kexinit: none
> SSH2 0:
> kex_parse_kexinit: none
> SSH2 0:
> kex_parse_kexinit:
> SSH2 0:
> kex_parse_kexinit:
> SSH2 0:
> kex_parse_kexinit: diffie-hellman-group1-sha1
> SSH2 0:
> kex_parse_kexinit: ssh-dss,ssh-rsa
> SSH2 0:
> kex_parse_kexinit: 3des-cbc,blowfish-cbc,arcfour
> SSH2 0:
> kex_parse_kexinit: 3des-cbc,blowfish-cbc,arcfour
> SSH2 0:
> kex_parse_kexinit: hmac-sha1,hmac-md5
> SSH2 0:
> kex_parse_kexinit: hmac-sha1,hmac-md5
> SSH2 0:
> kex_parse_kexinit: none
> SSH2 0:
> kex_parse_kexinit: none
> SSH2 0:
> kex_parse_kexinit:
> SSH2 0:
> kex_parse_kexinit:
> SSH2: kex: client->server 3des-cbc hmac-sha1 none
> SSH2: kex: server->client 3des-cbc hmac-sha1 none
> SSH2 2: expecting SSH2_MSG_KEXDH_INIT
> SSH2 2: SSH2_MSG_KEXDH_INIT received
> dh_client_pub=
> 5f66c97d45ab2580 412f0723c66cda07 1dabeac438b57856 8bb1a882bc8cfd18
> 98fd5c5adb1028f3 260af0c8f8b1d177 e4efa8854fc75b2c 1adcc1e6f9ec0988
> ffe55b019da9b213 9f3ad9490321fb4a 91bd6d371d893953 ce226c96fae42d65
> ea22deeb943e725f fa4179d746d12c84 8907bd37c0c10b44 715071a947e16ceb
>
>
> my_dh_pub=
> 57f24f069c303207 7f86a571d04ff508 3371b6942660117d 0b61ef155f87e47f
> 3360e5c10ee66cdf 5ee5ed3f36464379 51a08c796faa0ebc 9ca50b312ad54193
> c613ab2484e57f36 37d1b56dab99c55b 4637457647822e6a b4733b2bf0904211
> a0e5d8e2fb2f19b2 f4b766455dd4b4eb 655e750e50919ae3 bac3e59dc7dfdaed
>
>
> shared secret
> 31d99dc902d1ff2f f087ce0d4edeb480 dd9cf5ed8523448a 99f31d40d622c0de
> 60aea956ae2aab04 22a4950bd5c2ec5d 78f283c9e76ae978 397e476e71d6a9bb
> 8f515d90d0a11ef9 4240d62e22f2147a 41f98cf1d6f88157 bd61f437b727111c
> 80ee2f855f3a8216 febcd7ae6434b1da 400fdf264f445f26 e91e7af77657a159
>
>
> hash
> a0b558d46a410bcd 1f7f72ca8ea43465 240632c8
>
> SSH2 2: signature length 143
> signature
>
> 000000077373682d 727361000000801e e24116b92091541c 9c7ab0cdac90f525
> 0e45fbaaf863b39a bc7b66679823d1e3 6af87f2075c17da8 97eb267814af5a9b
> 6d3bd98bc6102e36 5eea2bac94998772 7a9dd1a8e1406cad f15dae317c2284e8
> 5255b67bc31a4733 817ee208b7a942fe 39f418e7857468c4 fb6cdbb86f9814ce
> c8aab2acc297d2e1 02d8b11bb919c3
>
> key
> 2b672ec8618dd4d7 45bce80e215ad230 972a957666632cf7
>
> key = A
> 2b672ec8618dd4d7 45bce80e215ad230 972a957666632cf7
>
> key
> 7bd9e5a4e4be24d4 407d856ff37b0d1f 4ad1d874d0d28d95
>
> key = B
> 7bd9e5a4e4be24d4 407d856ff37b0d1f 4ad1d874d0d28d95
>
> key
> 70301fa848d6737c 3a27327cd39620fa 1cda94fc1d33b147
>
> key = C
> 70301fa848d6737c 3a27327cd39620fa 1cda94fc1d33b147
>
> key
> 3c14840b8c51d063 866029aa13748e71 4a84d8baa0c2a552
>
> key = D
> 3c14840b8c51d063 866029aa13748e71 4a84d8baa0c2a552
>
> key
> 93a6cf893e92d6b6 83542f8646024c84 98ce8ba0ce1ae316
>
> key = E
> 93a6cf893e92d6b6 83542f8646024c84 98ce8ba0ce1ae316
>
> key
> 069b66f62d12bb56 dc4084722b7ef3c3 58cf5dbc0bc94d51
>
> key = F
> 069b66f62d12bb56 dc4084722b7ef3c3 58cf5dbc0bc94d51
>
> SSH2: kex_derive_keys complete
> SSH2 2: newkeys: mode 1
> SSH2 2: SSH2_MSG_NEWKEYS sent
> SSH2 2: waiting for SSH2_MSG_NEWKEYS
> SSH2 2: newkeys: mode 0
> SSH2 2: SSH2_MSG_NEWKEYS receivedSSH(admin): user authen method is
> 'use AAA', aaa server group ID = 1
> SSH(admin): user authen method is 'use AAA', aaa server group ID = 1
>
> SSH2 2: authentication successful for admin
> SSH2 2: channel open request
> SSH2 2: shell request
> SSH2 2: shell message receivedSSH2: TCP read failed, error code =
> 0x86300003 "TCP connection closed"
> SSH2: receive SSH message: [no message ID: variable *data is NULL]
> SSH2: Session disconnected by SSH server - error 0x00 "Internal error"
>
> ----------------------------------------------------------------------
> -----
> ---
>
> _______________________________________________
> Ssh-sftp-perl-users mailing list
> Ssh...@li...
> https://lists.sourceforge.net/lists/listinfo/ssh-sftp-perl-users
|
