Jump to content

SSH & Cisco IOS


slowfib

Recommended Posts

I've been working on a script on and off for a while to SSH to a Cisco ASA and run some commands, but I haven't had any luck returning data from my commands. I'm able to login to the device just fine, but they either hang after the first command or do nothing.

 

I've had the best success with the 2nd method. I'm not sure I'm using the stream_set_blocking function correctly. Sometimes I get partial data back but can't run any commands after than, or nothing is returned at all.

 

Here are 2 methods I've been trying to work with:

 

 

// With Net_SSH2:
require("lib/SSH2.php");
$ssh = new Net_SSH2($ip);
if (!$ssh->login($username, $password)) {
exit('Login Failed');
}
$vpncmd = "?";
echo $ssh->exec($vpncmd);


// With PHP built in SSH2 library
$ssh = ssh2_connect($ip, 22);
if (!ssh2_auth_password($ssh, $username, $password)) {
exit('Login Failed');
}
$vpncmd = "?";
$stream = ssh2_exec($ssh, $vpncmd) or die("error");
stream_set_blocking($stream, false);
$data = "";
while ($buf = fread($stream, 4096)) {
$data .= $buf;
}
fclose($stream);
echo $data;

 

From my Google searches, I've seen some suggestions that Cisco's IOS might have some problems after running the first command, or that SSH2 isn't supported very well (I've tried SSH1 too and had the same problem), but never any resolutions to the issue.

 

If anyone has any suggestions, I'd really appreciate it.

Or even if there is a way to display debug info on the connection status and could troubleshoot that.

 

Or if there's even some way I can push all my commands through Putty.exe  :)

 

Thank you!

Link to comment
Share on other sites

  • 4 months later...

Try unpicking some of this and see if it helps....sorry not pretty...looks like you are not creating a shell? (this is for a Cisco PGW but should work with any SSH2 requirements... let me know how you get on!

 

 

function PGWscripts($pgwCommandString)
{
	// ------------------- PARAMETERS

	$Dontrun = 0 ; // set to 1 to avoid actually performing the script	
	$Flush = 0 ; // Normal value is 0 for TDT use (flush kills http headers)
	$SSH_debug = 1 ;  // Yes we want debugs!
	$SSH_usleep = 1000000 ; // 0.5 sec
	$SSH_IPaddress = "<removed>" ; // The PGW address to connect to via SSH2 
	// $SSH_username = "removed" ; // The PGW user
	// $SSH_password = "removed" ; // The PGW password baa#123
	$SSH_username = "removed" ; // The PGW user
	$SSH_password = "removed" ; // The PGW password baa#123
	// $SSH_username = "mgcusr" ; // The PGW user
	// $SSH_password = "cisco" ; // The PGW password baa#123
	// --------------------------------------

	niwaWriteLog("PGWscripts: Process Start command string [" . $pgwCommandString . "]","Diag") ;
	$j = 0 ;
	$pgwSingleCommand = explode("*",$pgwCommandString) ;
	while(isset($pgwSingleCommand[$j]))
	{
		if($pgwSingleCommand[$j] != NULL || $pgwSingleCommand[$j] != "")	niwaWriteLog("PGWscripts: Command [".$j."] is [".$pgwSingleCommand[$j]."]","Diag") ;
		$j++ ;
	} // end of while
	niwaWriteLog("SSH: *** PGW connection, IP Address [" . $SSH_IPaddress . "]","Diag") ;
	if($Dontrun) // -------------------------------------------- DEBUG ONLY ----------------------------------
	{
		niwaWriteLog("PGWscripts: *************** WARNING DEBUG BREAK OUT IS TURNED ON, NO COMMANDS SENT","Diag") ;
		return 999 ; 
	} // -------------------------------------------- DEBUG ONLY ----------------------------------

	$returncode = 0 ;

        if (!($resource=@ssh2_connect($SSH_IPaddress))) {
                // echo "[FAILED]<br />";
			if($SSH_debug) niwaWriteLog("SSH: Failed IP connection","Diag") ;
                return(50);
        }
        //echo "[OK]<br />";
	if($SSH_debug) niwaWriteLog("SSH: Connected to IP Address [" . $SSH_IPaddress . "]","Diag") ;
                                                                                                                                                             
        // Authentification by login/passwd
        //echo "Authentification ";
	if($SSH_debug) niwaWriteLog("SSH: Attempt login with username [" . $SSH_username . "]","Diag") ;
        if (!@ssh2_auth_password($resource,$SSH_username,$SSH_password)) {
                // echo "[FAILED]<br />";
			if($SSH_debug) niwaWriteLog("SSH: Failed to login","Diag") ;
                return(51);
        }
        // echo "[OK]<br />";
	if($SSH_debug) niwaWriteLog("SSH: Login OK with username [" . $SSH_username . "]","Diag") ;
                                                                                                                                                             
        // We need a shell
        // echo "Shell stdio ";
	if($SSH_debug) niwaWriteLog("SSH: Now require SHELL","Diag") ;
        if (!($stdio = @ssh2_shell($resource,"xterm"))) {
                // echo "[FAILED]<br />";
			if($SSH_debug) niwaWriteLog("SSH: Failed to acquire XTERM SHELL","Diag") ;
                return(52);
        }
        // echo "[OK]<br />";
	if($SSH_debug) niwaWriteLog("SSH: SHELL acquired OK","Diag") ;
                                                                                                                                                             
        // mml connection
        // Be careful to add an '\n' at the  end of the command
        $command = "mml\n";
	if($SSH_debug) niwaWriteLog("SSH: Sending command [" . stripN($command) . "]","Diag") ;
        fwrite($stdio,$command);
                                                                                                                                                             
        usleep($SSH_usleep);
        
        // Then u can fetch the stream to see what happens on stdio
        while($line = fgets($stdio)) {
                if($Flush) flush();
                // echo $line."<br />";
			if($SSH_debug) niwaWriteLog("SSH: Got Response [" . stripN($line) . "]","Diag") ;
        }

/* ---------------------------------
        // $command = "numan-add:fullnumbertrans:svcname=\"2E2\",numtype=\"1\",digstring=\"650000\",translatednum=\"0150000\"\n";
	$command = "numan-" . $adddelete . ":fullnumbertrans:svcname=\"" . $svcname . "\",numtype=\"" . $numtype . "\",digstring=\"" . $digstring . "\",translatednum=\"". $translatednum ."\"\n";
	if($SSH_debug) niwaWriteLog("SSH: Sending command [" . $command . "]","Diag") ;
        fwrite($stdio,$command);

        usleep($SSH_usleep);
        
        // Then u can fetch the stream to see what happens on stdio
        while($line = fgets($stdio)) {
                flush();
                // echo $line."<br />";
			if($SSH_debug) niwaWriteLog("SSH: Got Response [" . $line . "]","Diag") ;
        }
    ---------------------------- */
	$j = 0 ;
	$pgwSingleCommand = explode("*",$pgwCommandString) ;
	while(isset($pgwSingleCommand[$j]))
	{
		if($pgwSingleCommand[$j] != NULL || $pgwSingleCommand[$j] != "")
		{
			niwaWriteLog("PGWscripts: Command [".$j."] is [".$pgwSingleCommand[$j]."]","Diag") ;
			if($SSH_debug) niwaWriteLog("SSH: Sending command [" . $pgwSingleCommand[$j] . "]","Diag") ;
			fwrite($stdio,$pgwSingleCommand[$j] . "\n");
			usleep($SSH_usleep);
			// Then u can fetch the stream to see what happens on stdio
			while($line = fgets($stdio)) 
			{
				if($Flush) flush();
				// echo $line."<br />";
				if($SSH_debug) niwaWriteLog("SSH: Got Response [" . stripN($line) . "]","Diag") ;
			} // while
		} // if 
		$j++ ;
	} // end of while
    
	   // -------------------------------

        $command = "quit\n";
	if($SSH_debug) niwaWriteLog("SSH: Sending command [" . $command . "]","Diag") ;
        fwrite($stdio,$command);

        usleep($SSH_usleep);
        
        // Then u can fetch the stream to see what happens on stdio
        while($line = fgets($stdio)) {
                if($Flush) flush();
                // echo $line."<br />";
			if($SSH_debug) niwaWriteLog("SSH: Got Response [" . stripN($line) . "]","Diag") ;
        }
			   // -------------------------------

        $command = "exit\n";
	if($SSH_debug) niwaWriteLog("SSH: Sending command [" . $command . "]","Diag") ;
        fwrite($stdio,$command);

        usleep($SSH_usleep);
        
        // Then u can fetch the stream to see what happens on stdio
        while($line = fgets($stdio)) {
                if($Flush) flush();
                // echo $line."<br />";
			if($SSH_debug) niwaWriteLog("SSH: Got Response [" . stripN($line). "]","Diag") ;
        }   
	   
	   		   // -------------------------------
        $command = "logout\n" ;
	if($SSH_debug) niwaWriteLog("SSH: Sending command [" . $command . "]","Diag") ;
        fwrite($stdio,$command);

        usleep($SSH_usleep);
        
        // Then u can fetch the stream to see what happens on stdio
        while($line = fgets($stdio)) {
                if($Flush) flush();
                // echo $line."<br />";
			if($SSH_debug) niwaWriteLog("SSH: Got Response [" . stripN($line). "]","Diag") ;
        }   
	   
	   		   // -------------------------------


/* ------------cut----------------
        $command = ":wq\n";
	niwaWriteLog("SSH: Sending command [" . $command . "]","Diag") ;
        fwrite($stdio,$command);

        usleep($SSH_usleep);
       
	$search = "written" ;
	$search_preg = "/" . $search . "/i" ;
        while($line = fgets($stdio)) {
                flush();
			$line=preg_replace("/^.*?\n(.*)\n[^\n]*$/","$1",$line);
			if (preg_match($search_preg, $line))	niwaWriteLog("SSH: Found command [" . $search . "] OK","Diag") ;
			niwaWriteLog("SSH: Got Response [" . $line . "]","Diag") ;
        }
	   
	       -------------------- */
		                                                                                                                                                                                                                                                                                                                                                                                                                                                                           
        // It's always cleaner to close all stream
	niwaWriteLog("SSH: PGW Code Finished Result [" . $returncode . "]","Diag") ;
	usleep($SSH_usleep); // is this needed?
        fclose($stdio);
	return $returncode ;
} // End of function PGWscripts

function stripN($command)
{
$command = str_replace("\r","",$command) ;
$command = str_replace("\n","",$command) ;
return($command) ;
} // stripN

 

Link to comment
Share on other sites

  • 1 month later...

Thanks niwa3836!

 

It's been a while since I've looked at this problem, but I'm going to try your code and see if it'll help.

 

Also, do you think you could provide the code for your niwaWriteLog function?

 

Thank you!

 

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.