Putty/Plink with Cisco Controller

[wisem2540]

Whenever I try to SSH into a Cisco Controller, which I believe is using TACACS, I get a "LOGINAS" prompt, before I get the traditional username/password prompt.  It seems that even using -l and -pw, it still does not allow me past this prompt.  I am hoping someone here has some ideas. 

 

I am trying to use autoit to execute and automated login and capture some data

[Kovacic]

Do you have some code for us to look at, or are you just looking for methodology?

[ViciousXUSMC]

When you attempt a manual connection without script you have the same issue correct?

Not sure how you want to automate it without knowing a way to do it normally first.

Can you not just use ControlSend to the first window to enter the needed information and proceed to the next login prompt?

Screenshots or more information would be helpful.

I know on Cisco devices you can have multiple layers of security.

For example on ours we have login enabled on the port first (Telnet) and once you have port access you must log in again to get to privileged mode.

Edited September 8, 2014 by ViciousXUSMC

[wisem2540]

Yes that is correct.  Same issue.  The LOGINAS prompt is nothing.  You can simply press enter to move on.  The problem is, I want this script to run and export some data for me every 15mins.  I can send screenshots if you want, but I dont think I can use Controlsend because, if I run as a scheduled task, I would have no way to guarantee someone is always logged into the console, correct?

[wisem2540]

Do you have some code for us to look at, or are you just looking for methodology?

 

Kovacic,

I cant even get the login piece to work because of this LOGINAS prompt.  I was just hoping someone has seen it before.  I have a post on the Cisco forums as well.

[AdamUL]

I have look at this example >thread that uses PLINK to access to connect to a iMac through SSH.  This may give you some ideas.  You will have to add code to deal with the LOGINAS prompt.  Also, do the know the user name to use for the LOGINAS prompt?  

 

Adam

[wisem2540]

At the LoginAS prompt, I can simply press ENTER to dismiss it. 

The problem is still rgar plink does not actually function, I believe because of this.  if I use Plink.exe -ssh -l username -pw password, it does not allow me to connect.  I have used this method in other scripts to work with SSH, so I know it works.  But plink, or putty does not seem to have provisions for dealing with a "secondary prompt"

Also, Remember that I cannot just simply send an enter command, because, in theory, the window will not be visible.

[AdamUL]

What do you get when you enter the following a the command prompt with PLINK?  Put your server name for the hostname.

plink -ssh hostname

Adam

[wisem2540]

I get the LOGIN AS prompt I described before.  If I press enter, or enter anything and press enter, I get the actual username prompt

[AdamUL]

What is the exact text returned with previous command that I gave you?  This will help me update the _PlinkConnect function to work with this system.

 

Adam

[wisem2540]

Is this enough information?

See how when I try to pass the username; it assumes I mean it for the LOGIN AS field. 

[AdamUL]

Few more questions.  When you hit the enter key after the "logon as:" prompt, what text do you get?  I do not see a screen shot of that.  The second screen shot looks like you are logged into the actual controller, due to the "Cisco Controller" prompt.  Did you try entering the same user name and password at this prompt.  What is the model number for this controller?  Maybe I can find the docs on how to log into using ssh.  

Just to let you know what I'm trying to do with updating the function.  I'm trying to have the function read the text so it knows what commands to send back to the process to login.

 

Adam

[wisem2540]

Adam,

I understand what you are trying to do, and I will help any way I can.  In our environment, we do not use the LOGINAS prompt.  I could literally enter anything.  When I hit the enter key, I get what you see in the second screenshot.  Its just using my -l switch for the login prompt, when it should be waiting.  Make sense?  I can manally login fine.  That is not the issue.  The model of the controller is an 8510

Ive attached a screenshot showing what happens if I just press enter.  I imagine for completion sake, youll need a param to specify this in case someone actually wants to use it.

Hope this helps

Edited September 9, 2014 by wisem2540

[AdamUL]

Thanks for the additional info.  I ask for the model as I like to look at the docs directly, when I can.  I think I have it.  Give this example script a try.  

expandcollapse popup

#include <Constants.au3>

Global $iPIDPlink = _PlinkConnectCiscoController("10.56.10.2", "chip", "mypassword")
_PlinkSend($iPIDPlink, "show time") ;Example controller command.
Global $sPlinkReturn = _PlinkRead($iPIDPlink)
ConsoleWrite($sPlinkReturn & @LF)
_PlinkExit($iPIDPlink)


; #FUNCTION# ====================================================================================================================
; Name ..........: _PlinkConnectCiscoController
; Description ...: Use Plink to connect to a remote server using SSH.
; Syntax ........: _PlinkConnectCiscoController($sHostName, $sUserName, $sPassword)
; Parameters ....: $sHostName - A string of the host server name or IP Address.
;                 $sUserName - A string of the SSH User Name.
;                 $sPassword - A string of the SSH Password.
; Return values .: Success - $iPID - the PID of the Plink session.
;                 Failure - 0, sets @error to:
;                 |1 - Plink.exe not found in @ScriptDir.
;                 |2 - Error running Plink.exe.
; Author ........: spudw2k
; Modified ......: Adam Lawrence (AdamUL)
; Remarks .......:
; Related .......: _PlinkExit
; Link ..........: http://www.autoitscript.com/forum/topic/130536-interacting-with-a-remote-computer-via-ssh/page__p__910252#entry910252
; Example .......: No
; ===============================================================================================================================
Func _PlinkConnectCiscoController($sHostName, $sUserName, $sPassword)
    Local $sEXE = @ScriptDir & "\plink.exe"
;~   $sEXE = "plink.exe"
    If Not FileExists($sEXE) Then Return SetError(1, 0, 0)
;~ $iPID = Run('"' & $sEXE & '" -ssh -pw ' & $sPassword & " " & $sUserName & "@" & $sHostName, @ScriptDir, @SW_HIDE, 0x1 + 0x8)  ;Run SSH.EXE
    Local $iPID = Run('"' & $sEXE & '" -ssh ' & $sHostName, @ScriptDir, @SW_HIDE, $STDIN_CHILD + $STDERR_MERGED)  ;Run SSH.EXE
    If Not $iPID Then Return SetError(2, 0, 0)
    Local $sReturn = _PlinkRead($iPID)
    
    If StringInStr($sReturn, "login as:") Then      
        _PlinkSend($iPID, @CR)
    EndIf
    $sReturn = _PlinkRead($iPID)  ;Check for Login Success - Prompt
    If StringInstr($sReturn, "Store key in cache? (y/n)") Then
        _PlinkSend($iPID, "y" & @CR) ;Store key in registry.
;~       _PlinkSend($iPID, "n" & @CR) ;Do not store key in registry.
        $sReturn = _PlinkRead($iPID)
    EndIf
    If StringInstr($sReturn, "Access denied") Or StringInstr($sReturn, "FATAL")  Or StringInstr($sReturn, "Using keyboard-interactive authentication") _
        Or StringInstr($sReturn, "Unable to open connection") Or Not ProcessExists($iPID) Then Return SetError( 3, 0, 0)
    
    If StringInStr($sReturn, "User:") Then
         _PlinkSend($iPID, $sUserName & @CR)
    EndIf
    $sReturn = _PlinkRead($iPID)
    If StringInStr($sReturn, "Password:") Then 
        _PlinkSend($iPID, $sPassword & @CR)
    EndIf
    
    Return $iPID
EndFunc


; #FUNCTION# ====================================================================================================================
; Name ..........: _PlinkRead
; Description ...: Read text data returned from the connected server.
; Syntax ........: _PlinkRead($iPID)
; Parameters ....: $iPID - PID returned from _PlinkConnect.
; Return values .: Success - String returned from StdOutRead of Plink.
;                 Failure - -1, sets @error to:
;                 |1 - Invaild Plink PID.
; Author ........: spudw2k
; Modified ......: Adam Lawrence (AdamUL)
; Remarks .......:
; Related .......: _PlinkSend
; Link ..........: http://www.autoitscript.com/forum/topic/130536-interacting-with-a-remote-computer-via-ssh/page__p__910252#entry910252
; Example .......: No
; ===============================================================================================================================
Func _PlinkRead($iPID)
    If Not $iPID Then Return SetError(1, 0, -1)
    Local $sDataA
    Local $sDataB
    Do
        $sDataB = $sDataA
        Sleep(100)
        $sDataA &= StdOutRead($iPID)
        If @error Then ExitLoop
    Until $sDataB = $sDataA And $sDataA And $sDataB
    Return $sDataA
EndFunc

; #FUNCTION# ====================================================================================================================
; Name ..........: _PlinkSend
; Description ...: Send text data to the connected server.
; Syntax ........: _PlinkSend($iPID, $sCmd)
; Parameters ....: $iPID - PID returned from _PlinkConnect.
;                 $sCmd - A string of the command to send.
; Return values .: Success - 1
;                 Failure - 0, sets @error to:
;                 |StdinWrite @error code.
; Author ........: spudw2k
; Modified ......: Adam Lawrence (AdamUL)
; Remarks .......:
; Related .......: _PlinkRead
; Link ..........: http://www.autoitscript.com/forum/topic/130536-interacting-with-a-remote-computer-via-ssh/page__p__910252#entry910252
; Example .......: No
; ===============================================================================================================================
Func _PlinkSend($iPID, $sCmd)
    Local $iChars = StdinWrite($iPID,$sCmd)
Return SetError(@error, 0, $iChars)
EndFunc

; #FUNCTION# ====================================================================================================================
; Name ..........: _PlinkExit
; Description ...: End a Plink session.
; Syntax ........: _PlinkExit($iPID)
; Parameters ....: $iPID - PID returned from _PlinkConnect.
; Return values .: Success - 1
;                 Failure - 0, sets @error to:
;                 |ProcessClose @error code.
; Author ........: spudw2k
; Modified ......: Adam Lawrence (AdamUL)
; Remarks .......:
; Related .......: _PlinkConnect
; Link ..........: http://www.autoitscript.com/forum/topic/130536-interacting-with-a-remote-computer-via-ssh/page__p__910252#entry910252
; Example .......: No
; ===============================================================================================================================
Func _PlinkExit($iPID)
    Local $iClosed = ProcessClose($iPID)
Return SetError(@error, 0, $iClosed)
EndFunc

Adam

Edited June 15, 2015 by AdamUL
Error in Code

[wisem2540]

Adam,

I know this must be almost impossible because you are working blind.  Maybe we can set somehting up where I can give you remote access?

In any event, This is still not working

  Local $sEXE = @ScriptDir & "plink.exe"
you were missing a here so I added that.

I changed the show flag for plink to SHOW so I could watch it.  Unfortunately it just hangs.  After 10mins, I closed it.  I put in a msgbox for Sreturn, and it returns blank

Something must still be off...

[AdamUL]

What is showing in the console when it hangs?  Also, do you have the ssh key for the controller stored in the registry under your profile.  I figured that I wouldn't run the first time, since I couldn't' test it directly.  

 

Adam

[wisem2540]

_Adam,

_{I apologize for the delay in getting back to you, I have been on vacation.  Perhaps we could setup a teamviewer session and I can show you more directly what happens?}

[SatishMohanan]

Did you ever get a work around on this ? I am facing a same issue wherein am trying to connect to a Cisco WLC via plink to invoke a command for taking a backup to a TFTP. the WLC would first give me a LOGINAS.. I can hit Enter or anything after which I get the actual prompt to enter the credentials.  Do let me know if you found any resolution .

[Scripthen]

best thing to do is to use {ENTER} or {NUMPADENTER} and have your password in the script as plain text and simply use Send(). Just encrypt the shit out of it.

[AdamUL]

@Scripten,

I would beg to differ.  Using {ENTER}, {NUMPADENTER}, Send, and automating the CMD window can be very unreliable.  

@SatishMohanan

What does the text prompt look like before you have to hit enter?  Is it "LOGINAS", "login as:", or something different?  

 

Adam