Jump to content

Putty/Plink with Cisco Controller


 Share

Recommended Posts

have your password in the script as plain text and simply use Send()

while its a way, it would not be best, because

Just encrypt the shit out of it.

 is impossible.

 

That aside, I totally write my plink commands in that fashion, then again I do lots I dont recommend to others.

$Connection = "plink.exe -ssh COMPUTERNAME -l USERNAME -pw PASSWORD" 
$log_dir = @ScriptDir & "\" & @MON & @MDAY & @YEAR & "\" 


Func _CableTest() 
$log = ">" & $log_dir & "\CableTestLog.log" 
$Command1 = "show int cable 5/0/14" 
runwait('cmd /c ' & $Connection & ' ' & $Command1 & $log) 
EndFunc ;_CableTest()

 

Edited by boththose

,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Link to comment
Share on other sites

@Adam

 

Its

Login As:

The same scenario as faced by Wisem2540

If I use a Putty client to connect to the WLC . I would first reach the Login As:   prompt. I can simply hit enter and it would take me to the Controller prompt where I can enter my credentials

On other hand if I am trying to use Plink  and user the below command:

C:\>plink -ssh <controller hostname>
login as:   <I can simply hit enter and it will give me the below prompt>


(Cisco Controller)
User:

****************************************************

If I use the below switch in Plink

C:\>plink -ssh <Controller Hostname> -l test -pw mypassword
Using username "test".


(Cisco Controller)
User:

In above case If I use the username and password switch it will pass the first stage of Login as and shows connected  as (Using username "test" ) but then it actually doesnt login to the controller and instead give the controller prompt.

******************************************************************

I tried using powershell using the SSH.NET module available . Now with Powershell it seems as though the connection is established however when I try to run a TFTP command to initiate the backup it would throw an error.

PS C:\Users\Administrator> Import-Module ssh-sessions
PS C:\Users\Administrator> $hostname= "192.168.10.180"
PS C:\Users\Administrator> $user= "testuser"
PS C:\Users\Administrator> $Password= "MyPassword"
PS C:\Users\Administrator> New-Sshsession -computername $hostname -username $user -password $password
PS C:\Users\Administrator> New-Sshsession -computername $hostname -username $user -password $password
Successfully connected to IP Address
PS C:\Users\Administrator> Get-SshSession

ComputerName                                                                                                  Connected
------------                                                                                                  ---------
192.168.10.180                                                                                                      True
PS C:\Users\Administrator> $Command1 = Invoke-SshCommand -InvokeOnAll -Command "transfer upload mode tftp"
Exception calling "RunCommand" with "1" argument(s): "An established connection was aborted by the server."
At C:\Windows\system32\WindowsPowerShell\v1.0\Modules\ssh-sessions\SSH-Sessions.psm1:272 char:66
+         $CommandObject = $global:SshSessions.$Computer.RunCommand <<<< ($Command)
    + CategoryInfo          : NotSpecified: (:) [], ParentContainsErrorRecordException
    + FullyQualifiedErrorId : DotNetMethodException

 

SSh-Sessions.psm1 is the same I downloaded from http://www.powershelladmin.com/wiki/SSH_from_PowerShell_using_the_SSH.NET_library

So am not sure if the powershell fails because of the prompt I am getting when using plink.

 

Link to comment
Share on other sites

what happens if you run

plink -ssh <Controller Hostname> -l test -pw mypassword <command>

(or just fill out my template above with your info as the log might be helpful as well)

do you get the same aborted connection error?  or another one related to authentication? 

Edited by boththose

,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Link to comment
Share on other sites

@boththose

I just ran my SSH command using the -m switch in a verbose mode:

 

C:\>plink -ssh <controller> -l testuser -pw <password> -v -m input.txt
Looking up host "<controller>"
Connecting to 192.168.10.180 port 22
We claim version: SSH-2.0-PuTTY_Release_0.64
Server version: SSH-2.0-CISCO_WLC
Using SSH protocol version 2
Doing Diffie-Hellman group exchange
Doing Diffie-Hellman key exchange with hash SHA-1
Host key fingerprint is:
ssh-rsa 1024 4c:22:56:22:38:86:g2:ee:b3:f0:0f:f8:30:73:4r:c2
Initialised AES-256 CBC client->server encryption
Initialised HMAC-SHA1 client->server MAC algorithm
Initialised AES-256 CBC server->client encryption
Initialised HMAC-SHA1 server->client MAC algorithm
Using username "testuser".
Access granted
Opening session as main channel
Opened main channel
Server refused to start a shell/command
FATAL ERROR: Server refused to start a shell/command

 

*******************************************************************

input.txt had the SSH commands which I plan to use to take a controller backup to a TFTP

transfer upload mode tftp
transfer upload datatype config
transfer upload filename Controller_Backup
transfer upload path ./BACKUPConfigs/WLC               
transfer upload serverip 192.168.10.18
transfer upload start
 

 

Link to comment
Share on other sites

 

Can you do a simple show command and rule out that this behavior is solely exhibited with ftp commands?  Because it looks like auth went through fine so im leaning towards controller config, and these commands all work manually through putty with 'testuser'?

,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Link to comment
Share on other sites

No I dont think it has anything to do with the FTP command if I replace that with "show cdp neighbour" in the input.txt I get the exact same error .

I am not into Cisco administration as I am just helping my Network team to atutomate the backup procedure using scripting. Though would like to understand if the Login as: prompt whcih I get  on plink or even when i use putty got anything to do  with the Configuration of the device. If I use the same set of commands to connect to a Cisco switch it goes through fine. So I feel there is some SSH authentication in WLC even though you can simply skip by hitting enter. Which means inorder for an SSH session to get established there is a prompt followed by the actual Controller prompt

Just to reiterate.. if I use putty client I get the same login as: prompt where I can enter anything or simply hit enter to reach the actual controller prompt

 

login as:


(Cisco Controller)
User:

 

 Thanks!

Link to comment
Share on other sites

  • 2 weeks later...
  • 1 month later...
  • 1 year later...

Hello All,

I know that this is an old post but I am running into exactly the same issue today. Has anyone of you find a workaround for this problem?

At the moment I help myself by sending text and enter sequence to the putty windows but I want to use plink.exe to hide this from users and to be able to get the exit messages of plink.exe.

Many thanks in advance,
best regards

TheDude

 

Link to comment
Share on other sites

Hello Adam,

I am sending the following to putty:
 

Func _CreateGuestUser()
    Local $PID
    $PID = Run(@ScriptDir & "\Tools\putty.exe -ssh <ip-address>")
    Sleep(8000)
    Send('Start') ; Send something
    Sleep(500)
    Send("{ENTER}")
    Sleep(500)
    Send('<UserName>')
    Sleep(500)
    Send('{ENTER}')
    Sleep(500)
    Send('<Password>')
    Sleep(500)
    Send('{ENTER}')
    Sleep(500)
    Send('config netuser add AutoIT 123456789 wlan 4 userType guest lifetime 300 description "Created by AutoIT script"')
    Sleep(500)
    Send('{ENTER}')
    Sleep(500)
    Send('logout')
    Sleep(500)
    Send('{ENTER}')
    Sleep(500)
    Send('N')
    Return 
EndFunc

But this is a Workaround because I cannot work with plink.exe. The first prompt prevents the successful login into the Cisco WLC. Also when using putty.exe there is no way to get a Feedback from the external program.

 

Best regards

TheDude

 

Link to comment
Share on other sites

On 9/27/2016 at 1:52 AM, TheDude69 said:

The first prompt prevents the successful login into the Cisco WLC.

What is the text of the prompt?  Also, what is the text returned before you use each send command?  We should be able to read the returned text from plink with StdoutRead, and send the correct text based on that.  

Also, have you tried to use plink manually though the console to connect.  This is usually how I test before writing a script, so I can have the input and output text together to work from.  

 

Adam

 

Link to comment
Share on other sites

Hello Adam,

... this is what I do get from the DOS box when using the command manually: "FATAL ERROR: Server refused to start a shell/command". Same in Autoit.

I believe that there is no way to use plink together with Scripting and I also believe that Cisco has done "double Login" intentionally to prvent from Scripting something with this controler.

This is how I use plink in a DOS box: plink.exe -ssh <IP address> -l <username> -pw <password> -m "CMDs.txt"

If you start putty with param -ssh IP address then you see the following:

PuTTY.jpg

Here you can see the Problem: Two logins. The first is a dummy, the second one is for the valid and existing user name. 

If there is a known Workaround this would be great to know. But again - I do not believe that there is any ... :(

Best regards
TheDude

 

Link to comment
Share on other sites

  • 11 months later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...