Jump to content

SSH & Cisco IOS

slowfib

By slowfib
in PHP Coding Help

Recommended Posts

slowfib Newbie

slowfib

Posted
Posted

I've been working on a script on and off for a while to SSH to a Cisco ASA and run some commands, but I haven't had any luck returning data from my commands. I'm able to login to the device just fine, but they either hang after the first command or do nothing.

 

I've had the best success with the 2nd method. I'm not sure I'm using the stream_set_blocking function correctly. Sometimes I get partial data back but can't run any commands after than, or nothing is returned at all.

 

Here are 2 methods I've been trying to work with:

 

 

// With Net_SSH2:
require("lib/SSH2.php");
$ssh = new Net_SSH2($ip);
if (!$ssh->login($username, $password)) {
exit('Login Failed');
}
$vpncmd = "?";
echo $ssh->exec($vpncmd);


// With PHP built in SSH2 library
$ssh = ssh2_connect($ip, 22);
if (!ssh2_auth_password($ssh, $username, $password)) {
exit('Login Failed');
}
$vpncmd = "?";
$stream = ssh2_exec($ssh, $vpncmd) or die("error");
stream_set_blocking($stream, false);
$data = "";
while ($buf = fread($stream, 4096)) {
$data .= $buf;
}
fclose($stream);
echo $data;

 

From my Google searches, I've seen some suggestions that Cisco's IOS might have some problems after running the first command, or that SSH2 isn't supported very well (I've tried SSH1 too and had the same problem), but never any resolutions to the issue.

 

If anyone has any suggestions, I'd really appreciate it.

Or even if there is a way to display debug info on the connection status and could troubleshoot that.

 

Or if there's even some way I can push all my commands through Putty.exe  :)

 

Thank you!

Link to comment
https://forums.phpfreaks.com/topic/214260-ssh-cisco-ios/
Share on other sites
  • 4 months later...
niwa3836 Member

niwa3836

Posted
Posted

Try unpicking some of this and see if it helps....sorry not pretty...looks like you are not creating a shell? (this is for a Cisco PGW but should work with any SSH2 requirements... let me know how you get on!

 

 

function PGWscripts($pgwCommandString)
{
	// ------------------- PARAMETERS

	$Dontrun = 0 ; // set to 1 to avoid actually performing the script	
	$Flush = 0 ; // Normal value is 0 for TDT use (flush kills http headers)
	$SSH_debug = 1 ;  // Yes we want debugs!
	$SSH_usleep = 1000000 ; // 0.5 sec
	$SSH_IPaddress = "<removed>" ; // The PGW address to connect to via SSH2 
	// $SSH_username = "removed" ; // The PGW user
	// $SSH_password = "removed" ; // The PGW password baa#123
	$SSH_username = "removed" ; // The PGW user
	$SSH_password = "removed" ; // The PGW password baa#123
	// $SSH_username = "mgcusr" ; // The PGW user
	// $SSH_password = "cisco" ; // The PGW password baa#123
	// --------------------------------------

	niwaWriteLog("PGWscripts: Process Start command string [" . $pgwCommandString . "]","Diag") ;
	$j = 0 ;
	$pgwSingleCommand = explode("*",$pgwCommandString) ;
	while(isset($pgwSingleCommand[$j]))
	{
		if($pgwSingleCommand[$j] != NULL || $pgwSingleCommand[$j] != "")	niwaWriteLog("PGWscripts: Command [".$j."] is [".$pgwSingleCommand[$j]."]","Diag") ;
		$j++ ;
	} // end of while
	niwaWriteLog("SSH: *** PGW connection, IP Address [" . $SSH_IPaddress . "]","Diag") ;
	if($Dontrun) // -------------------------------------------- DEBUG ONLY ----------------------------------
	{
		niwaWriteLog("PGWscripts: *************** WARNING DEBUG BREAK OUT IS TURNED ON, NO COMMANDS SENT","Diag") ;
		return 999 ; 
	} // -------------------------------------------- DEBUG ONLY ----------------------------------

	$returncode = 0 ;

        if (!($resource=@ssh2_connect($SSH_IPaddress))) {
                // echo "[FAILED]<br />";
			if($SSH_debug) niwaWriteLog("SSH: Failed IP connection","Diag") ;
                return(50);
        }
        //echo "[OK]<br />";
	if($SSH_debug) niwaWriteLog("SSH: Connected to IP Address [" . $SSH_IPaddress . "]","Diag") ;
                                                                                                                                                             
        // Authentification by login/passwd
        //echo "Authentification ";
	if($SSH_debug) niwaWriteLog("SSH: Attempt login with username [" . $SSH_username . "]","Diag") ;
        if (!@ssh2_auth_password($resource,$SSH_username,$SSH_password)) {
                // echo "[FAILED]<br />";
			if($SSH_debug) niwaWriteLog("SSH: Failed to login","Diag") ;
                return(51);
        }
        // echo "[OK]<br />";
	if($SSH_debug) niwaWriteLog("SSH: Login OK with username [" . $SSH_username . "]","Diag") ;
                                                                                                                                                             
        // We need a shell
        // echo "Shell stdio ";
	if($SSH_debug) niwaWriteLog("SSH: Now require SHELL","Diag") ;
        if (!($stdio = @ssh2_shell($resource,"xterm"))) {
                // echo "[FAILED]<br />";
			if($SSH_debug) niwaWriteLog("SSH: Failed to acquire XTERM SHELL","Diag") ;
                return(52);
        }
        // echo "[OK]<br />";
	if($SSH_debug) niwaWriteLog("SSH: SHELL acquired OK","Diag") ;
                                                                                                                                                             
        // mml connection
        // Be careful to add an '\n' at the  end of the command
        $command = "mml\n";
	if($SSH_debug) niwaWriteLog("SSH: Sending command [" . stripN($command) . "]","Diag") ;
        fwrite($stdio,$command);
                                                                                                                                                             
        usleep($SSH_usleep);
        
        // Then u can fetch the stream to see what happens on stdio
        while($line = fgets($stdio)) {
                if($Flush) flush();
                // echo $line."<br />";
			if($SSH_debug) niwaWriteLog("SSH: Got Response [" . stripN($line) . "]","Diag") ;
        }

/* ---------------------------------
        // $command = "numan-add:fullnumbertrans:svcname=\"2E2\",numtype=\"1\",digstring=\"650000\",translatednum=\"0150000\"\n";
	$command = "numan-" . $adddelete . ":fullnumbertrans:svcname=\"" . $svcname . "\",numtype=\"" . $numtype . "\",digstring=\"" . $digstring . "\",translatednum=\"". $translatednum ."\"\n";
	if($SSH_debug) niwaWriteLog("SSH: Sending command [" . $command . "]","Diag") ;
        fwrite($stdio,$command);

        usleep($SSH_usleep);
        
        // Then u can fetch the stream to see what happens on stdio
        while($line = fgets($stdio)) {
                flush();
                // echo $line."<br />";
			if($SSH_debug) niwaWriteLog("SSH: Got Response [" . $line . "]","Diag") ;
        }
    ---------------------------- */
	$j = 0 ;
	$pgwSingleCommand = explode("*",$pgwCommandString) ;
	while(isset($pgwSingleCommand[$j]))
	{
		if($pgwSingleCommand[$j] != NULL || $pgwSingleCommand[$j] != "")
		{
			niwaWriteLog("PGWscripts: Command [".$j."] is [".$pgwSingleCommand[$j]."]","Diag") ;
			if($SSH_debug) niwaWriteLog("SSH: Sending command [" . $pgwSingleCommand[$j] . "]","Diag") ;
			fwrite($stdio,$pgwSingleCommand[$j] . "\n");
			usleep($SSH_usleep);
			// Then u can fetch the stream to see what happens on stdio
			while($line = fgets($stdio)) 
			{
				if($Flush) flush();
				// echo $line."<br />";
				if($SSH_debug) niwaWriteLog("SSH: Got Response [" . stripN($line) . "]","Diag") ;
			} // while
		} // if 
		$j++ ;
	} // end of while
    
	   // -------------------------------

        $command = "quit\n";
	if($SSH_debug) niwaWriteLog("SSH: Sending command [" . $command . "]","Diag") ;
        fwrite($stdio,$command);

        usleep($SSH_usleep);
        
        // Then u can fetch the stream to see what happens on stdio
        while($line = fgets($stdio)) {
                if($Flush) flush();
                // echo $line."<br />";
			if($SSH_debug) niwaWriteLog("SSH: Got Response [" . stripN($line) . "]","Diag") ;
        }
			   // -------------------------------

        $command = "exit\n";
	if($SSH_debug) niwaWriteLog("SSH: Sending command [" . $command . "]","Diag") ;
        fwrite($stdio,$command);

        usleep($SSH_usleep);
        
        // Then u can fetch the stream to see what happens on stdio
        while($line = fgets($stdio)) {
                if($Flush) flush();
                // echo $line."<br />";
			if($SSH_debug) niwaWriteLog("SSH: Got Response [" . stripN($line). "]","Diag") ;
        }   
	   
	   		   // -------------------------------
        $command = "logout\n" ;
	if($SSH_debug) niwaWriteLog("SSH: Sending command [" . $command . "]","Diag") ;
        fwrite($stdio,$command);

        usleep($SSH_usleep);
        
        // Then u can fetch the stream to see what happens on stdio
        while($line = fgets($stdio)) {
                if($Flush) flush();
                // echo $line."<br />";
			if($SSH_debug) niwaWriteLog("SSH: Got Response [" . stripN($line). "]","Diag") ;
        }   
	   
	   		   // -------------------------------


/* ------------cut----------------
        $command = ":wq\n";
	niwaWriteLog("SSH: Sending command [" . $command . "]","Diag") ;
        fwrite($stdio,$command);

        usleep($SSH_usleep);
       
	$search = "written" ;
	$search_preg = "/" . $search . "/i" ;
        while($line = fgets($stdio)) {
                flush();
			$line=preg_replace("/^.*?\n(.*)\n[^\n]*$/","$1",$line);
			if (preg_match($search_preg, $line))	niwaWriteLog("SSH: Found command [" . $search . "] OK","Diag") ;
			niwaWriteLog("SSH: Got Response [" . $line . "]","Diag") ;
        }
	   
	       -------------------- */
		                                                                                                                                                                                                                                                                                                                                                                                                                                                                           
        // It's always cleaner to close all stream
	niwaWriteLog("SSH: PGW Code Finished Result [" . $returncode . "]","Diag") ;
	usleep($SSH_usleep); // is this needed?
        fclose($stdio);
	return $returncode ;
} // End of function PGWscripts

function stripN($command)
{
$command = str_replace("\r","",$command) ;
$command = str_replace("\n","",$command) ;
return($command) ;
} // stripN

 

Link to comment
https://forums.phpfreaks.com/topic/214260-ssh-cisco-ios/#findComment-1167283
Share on other sites
  • 1 month later...

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.