py-junos-eznc
py-junos-eznc copied to clipboard
Juniper
StartShell default tcp port hardcoded
Hi guys,
It seems the port is pre-stablished in the code when you try to perform a "start-shell" command https://github.com/Juniper/py-junos-eznc/blob/master/lib/jnpr/junos/utils/start_shell.py#L78
I did some testing and I can confirm that it wont take "port" as a variable and it will always try to connect to tcp/22.
Do you think you can fix this in the future?
These are some tests I've done to confirm that.
This is regular PyEz and works from jnpr.junos import Device host_ip = "127.0.0.1" port = "8011" username = "miguel" password = “Juniper" dev = Device(host=host_ip, port=port, user=username, password=password) dev.open()
This is my attempt to run Start Shell commands and does not work (it goes to the port 22 instead of the port 8011)
from jnpr.junos import Device from jnpr.junos.utils.start_shell import StartShell host_ip = "127.0.0.1" port = "8011" username = “miguel" password = “Juniper" dev = Device(host=host_ip, port=port, user=username, password=password) dev.open() ss = StartShell(dev) ss.open() ss.run('cli -c "ping 10.7.240.114 count 5 rapid”')
dev = Device(host=host_ip, port=port, user=username, password=password) dev.open() Device(127.0.0.1) ss = StartShell(dev) ss.open() Traceback (most recent call last): File "
", line 1, in File "/tmp/pip-build-wO4SAk/junos-eznc/jnpr/junos/utils/start_shell.py", line 79, in open File "/tmp/pip-build-ajZ6CA/paramiko/paramiko/client.py", line 380, in connect File "/tmp/pip-build-ajZ6CA/paramiko/paramiko/client.py", line 603, in _auth paramiko.ssh_exception.AuthenticationException: Authentication failed.
The reason it fails is because it goes against port 22 (linux ssh) and not port 8011 (mx port redirect).
Regards.
@miguelgr83 I agree we need to support the ability to handle a non-default port for StartShell(). We're looking into the best way to do that.
For this particular example, I'm wondering why you're trying to invoke the CLI from the shell to then execute the ping command. Why not just invoke the ping RPC from PyEZ?
Hi Stacy,
The main reason of invoking the cli from the shell is that I really need the regular output of the "ping" command to attach it as evidence that the ip is reachable. The same happens with the command "traceroute". My customer (AT&T) is quite strict on how the test plans have to be filled and the output of the rpc command is something that they don't know and therefore they don't want as probe that the test was successful.
Regards
Miguel Garcia Senior Network Security Consultant JNCIE-SEC #186 Professional Services AMER
[email protected]:[email protected] +1 (415) 608 7449
On 10 Aug 2016, at 01:40, Stacy W. Smith <[email protected]mailto:[email protected]> wrote:
@miguelgr83https://github.com/miguelgr83 I agree we need to support the ability to handle a non-default port for StartShell(). We're looking into the best way to do that.
For this particular example, I'm wondering why you're trying to invoke the CLI from the shell to then execute the ping command. Why not just invoke the ping RPC from PyEZ?
You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/Juniper/py-junos-eznc/issues/573#issuecomment-238770830, or mute the threadhttps://github.com/notifications/unsubscribe-auth/ARAi4dGiiY-41Gv07owHSdyRBli3GTywks5qeWQ1gaJpZM4JgJKL.
OK. Then could you just use:
dev.cli('ping 10.7.240.114 count 5 rapid', warning=False)
That would give you the ping output as CLI text over the existing NETCONF session rather than having to make a new SSH connection to the shell.
--Stacy
On Aug 9, 2016, at 11:46 PM, miguelgr83 <[email protected]mailto:[email protected]> wrote:
Hi Stacy,
The main reason of invoking the cli from the shell is that I really need the regular output of the "ping" command to attach it as evidence that the ip is reachable. The same happens with the command "traceroute". My customer (AT&T) is quite strict on how the test plans have to be filled and the output of the rpc command is something that they don't know and therefore they don't want as probe that the test was successful.
Regards
Miguel Garcia Senior Network Security Consultant JNCIE-SEC #186 Professional Services AMER
[email protected]:[email protected]:[email protected] +1 (415) 608 7449
On 10 Aug 2016, at 01:40, Stacy W. Smith <[email protected]mailto:[email protected]mailto:[email protected]> wrote:
@miguelgr83https://github.com/miguelgr83 I agree we need to support the ability to handle a non-default port for StartShell(). We're looking into the best way to do that.
For this particular example, I'm wondering why you're trying to invoke the CLI from the shell to then execute the ping command. Why not just invoke the ping RPC from PyEZ?
You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/Juniper/py-junos-eznc/issues/573#issuecomment-238770830, or mute the threadhttps://github.com/notifications/unsubscribe-auth/ARAi4dGiiY-41Gv07owHSdyRBli3GTywks5qeWQ1gaJpZM4JgJKL.
— You are receiving this because you commented. Reply to this email directly, view it on GitHubhttps://github.com/Juniper/py-junos-eznc/issues/573#issuecomment-238771574, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AL3qY76UTplZijZKBsOvwVtkNxQsLY0bks5qeWW5gaJpZM4JgJKL.
That command gives me an output error "command does not exist".
Miguel Garcia Senior Network Security Consultant JNCIE-SEC #186 Professional Services AMER
[email protected]:[email protected] +1 (415) 608 7449
On 10 Aug 2016, at 01:59, Stacy W. Smith <[email protected]mailto:[email protected]> wrote:
OK. Then could you just use:
dev.cli('ping 10.7.240.114 count 5 rapid', warning=False)
That would give you the ping output as CLI text over the existing NETCONF session rather than having to make a new SSH connection to the shell.
--Stacy
On Aug 9, 2016, at 11:46 PM, miguelgr83 <[email protected]mailto:[email protected]mailto:[email protected]> wrote:
Hi Stacy,
The main reason of invoking the cli from the shell is that I really need the regular output of the "ping" command to attach it as evidence that the ip is reachable. The same happens with the command "traceroute". My customer (AT&T) is quite strict on how the test plans have to be filled and the output of the rpc command is something that they don't know and therefore they don't want as probe that the test was successful.
Regards
Miguel Garcia Senior Network Security Consultant JNCIE-SEC #186 Professional Services AMER
[email protected]:[email protected]:[email protected]:[email protected] +1 (415) 608 7449
On 10 Aug 2016, at 01:40, Stacy W. Smith <[email protected]mailto:[email protected]mailto:[email protected]:[email protected]> wrote:
@miguelgr83https://github.com/miguelgr83 I agree we need to support the ability to handle a non-default port for StartShell(). We're looking into the best way to do that.
For this particular example, I'm wondering why you're trying to invoke the CLI from the shell to then execute the ping command. Why not just invoke the ping RPC from PyEZ?
You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/Juniper/py-junos-eznc/issues/573#issuecomment-238770830, or mute the threadhttps://github.com/notifications/unsubscribe-auth/ARAi4dGiiY-41Gv07owHSdyRBli3GTywks5qeWQ1gaJpZM4JgJKL.
You are receiving this because you commented. Reply to this email directly, view it on GitHubhttps://github.com/Juniper/py-junos-eznc/issues/573#issuecomment-238771574, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AL3qY76UTplZijZKBsOvwVtkNxQsLY0bks5qeWW5gaJpZM4JgJKL.
You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/Juniper/py-junos-eznc/issues/573#issuecomment-238773128, or mute the threadhttps://github.com/notifications/unsubscribe-auth/ARAi4SUpzzuuH4iDbBK170ADC6RCSCJcks5qeWi3gaJpZM4JgJKL.
Hi Vijay,
This is the problem we're facing, it works for you as you're running default TCP/22 port for the SSH connection. In my case, it won't run as I need to use a non-default port (tcp/8011) to connect to the MX in this case as I'm behind an ssh tunnel. When I run the command "dev.run" it will attempt to connect to tcp/22 which is a different device (localhost in this case).
If you have something like: dev = Device('10.x.x.x', user='User123', password='Pwd123', port='8011') won't work.
Regards.
.................................... Miguel Garcia Senior Network Security Consultant JNCIE-SEC #186 Professional Services - AMER
[cid:346DD60A-941A-4CE3-9355-541BE1ED8BFB]
m +1 (415) 608 7449 [email protected]:[email protected] www.juniper.nethttp://www.juniper.net/
From: vijay-shetty <[email protected]mailto:[email protected]> Reply-To: Juniper/py-junos-eznc <[email protected]mailto:[email protected]> Date: Wednesday 10 August 2016 02:15 To: Juniper/py-junos-eznc <[email protected]mailto:[email protected]> Cc: Miguel Garcia <[email protected]mailto:[email protected]>, Mention <[email protected]mailto:[email protected]> Subject: Re: [Juniper/py-junos-eznc] StartShell default tcp port hardcoded (#573)
@miguelgr83https://github.com/miguelgr83
It works fine on latest PyEZ code.
`from jnpr.junos.utils.start_shell import StartShell from jnpr.junos import Device
dev = Device('10.x.x.x', user='User123', password='Pwd123')
with StartShell(dev) as sh: ret, value = sh.run('cli -c "ping 10.209.1.228 count 5 rapid"')
print (value)`
Output:- cli -c "ping 10.209.1.228 count 5 rapid" PING 10.209.1.228 (10.209.1.228): 56 data bytes !!!!! --- 10.209.1.228 ping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.333/0.369/0.409/0.027 ms %
You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/Juniper/py-junos-eznc/issues/573#issuecomment-238810469, or mute the threadhttps://github.com/notifications/unsubscribe-auth/ARAi4VkIPV8uVGwbeKYQ7WvAjP4XMn1eks5qeZaWgaJpZM4JgJKL.
@miguelgr83
I don't know whether it is supposed to work or not. But, it is working for me. ` from jnpr.junos.utils.start_shell import StartShell from jnpr.junos import Device
dev = Device('10.x.x.x', user='User123', password='Pwd123', port='8011')
print ("port: ",dev.port ,"\n")
with StartShell(dev) as sh: ret, value = sh.run('cli -c "ping 10.209.1.228 count 5 rapid"')
print (value) ` output:-
port: 8011
cli -c "ping 10.209.1.228 count 5 rapid" PING 10.209.1.228 (10.209.1.228): 56 data bytes !!!!! --- 10.209.1.228 ping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.019/0.029/0.054/0.013 ms %
@vijay-shetty Its just printing the port value associated with Device class. StartShell starts a totally new connection and uses port 22 only refer: https://github.com/Juniper/py-junos-eznc/blob/master/lib/jnpr/junos/utils/start_shell.py#L78
If it is a totally new connection it should honor ssh_config as well. On the other hand do we really need a separate connection? SSH channel should work just fine without additional hassle. Or do I miss something?
This works for me:
diff --git a/lib/jnpr/junos/utils/start_shell.py b/lib/jnpr/junos/utils/start_shell.py
index 07956c0..afec546 100644
--- a/lib/jnpr/junos/utils/start_shell.py
+++ b/lib/jnpr/junos/utils/start_shell.py
@@ -75,25 +75,17 @@ class StartShell(object):
self._chan.send(data)
self._chan.send('\n')
- def open(self):
+ def open(self, term='vt100', width=80, height=24, width_pixels=0, height_pixels=0):
"""
- Open an ssh-client connection and issue the 'start shell' command to
+ Open a channel and issue the 'start shell' command to
drop into the Junos shell (csh). This process opens a
:class:`paramiko.SSHClient` instance.
"""
junos = self._nc
- client = paramiko.SSHClient()
- client.load_system_host_keys()
- client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
- client.connect(hostname=junos.hostname,
- port=(22, junos._port)[junos.hostname == 'localhost'],
- username=junos._auth_user,
- password=junos._auth_password,
- )
-
- chan = client.invoke_shell()
- self._client = client
+ chan = junos._conn._session.transport.open_session()
+ chan.get_pty(term, width, height, width_pixels, height_pixels)
+ chan.invoke_shell()
self._chan = chan
got = self.wait_for(r'(%|>|#)')
@@ -102,9 +94,8 @@ class StartShell(object):
self.wait_for(_SHELL_PROMPT)
def close(self):
- """ Close the SSH client channel """
+ """ Close the SSH channel """
self._chan.close()
- self._client.close()
def run(self, command, this=_SHELL_PROMPT, timeout=0):
"""
Hi @miguelgr83 Thanks , Could you please check and confirm whether following results are according to your requirements .
I have enabled port 8011 on the JUNOS device
show system services
ssh {
port 8011;
}
from jnpr.junos import Device
from jnpr.junos.utils.start_shell import StartShell
host_ip = "10.xx.xx.xx"
port = "8011"
username = "testuser"
password = "test123"
dev = Device(host=host_ip, port=8011, user=username, password=password)
dev.open()
ss = StartShell(dev)
ss.open()
ret, value =ss.run('cli -c "ping 127.0.0.1 count 5 rapid"')
print(value)
python issue_573_start_shell.py
cli -c "ping 127.0.0.1 count 5 rapid"
PING 127.0.0.1 (127.0.0.1): 56 data bytes
ping: sendto: No route to host
.ping: sendto: No route to host
.ping: sendto: No route to host
.ping: sendto: No route to host
.ping: sendto: No route to host
.
--- 127.0.0.1 ping statistics ---
5 packets transmitted, 0 packets received, 100% packet loss
%
Thanks & Regards Chidanand
