Jump to content
wisem2540

Putty/Plink with Cisco Controller

Recommended Posts

iamtheky

have your password in the script as plain text and simply use Send()

while its a way, it would not be best, because

Just encrypt the shit out of it.

 is impossible.

 

That aside, I totally write my plink commands in that fashion, then again I do lots I dont recommend to others.

$Connection = "plink.exe -ssh COMPUTERNAME -l USERNAME -pw PASSWORD" 
$log_dir = @ScriptDir & "\" & @MON & @MDAY & @YEAR & "\" 


Func _CableTest() 
$log = ">" & $log_dir & "\CableTestLog.log" 
$Command1 = "show int cable 5/0/14" 
runwait('cmd /c ' & $Connection & ' ' & $Command1 & $log) 
EndFunc ;_CableTest()

 

Edited by boththose

,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Share this post


Link to post
Share on other sites
SatishMohanan

@Adam

 

Its

Login As:

The same scenario as faced by Wisem2540

If I use a Putty client to connect to the WLC . I would first reach the Login As:   prompt. I can simply hit enter and it would take me to the Controller prompt where I can enter my credentials

On other hand if I am trying to use Plink  and user the below command:

C:\>plink -ssh <controller hostname>
login as:   <I can simply hit enter and it will give me the below prompt>


(Cisco Controller)
User:

****************************************************

If I use the below switch in Plink

C:\>plink -ssh <Controller Hostname> -l test -pw mypassword
Using username "test".


(Cisco Controller)
User:

In above case If I use the username and password switch it will pass the first stage of Login as and shows connected  as (Using username "test" ) but then it actually doesnt login to the controller and instead give the controller prompt.

******************************************************************

I tried using powershell using the SSH.NET module available . Now with Powershell it seems as though the connection is established however when I try to run a TFTP command to initiate the backup it would throw an error.

PS C:\Users\Administrator> Import-Module ssh-sessions
PS C:\Users\Administrator> $hostname= "192.168.10.180"
PS C:\Users\Administrator> $user= "testuser"
PS C:\Users\Administrator> $Password= "MyPassword"
PS C:\Users\Administrator> New-Sshsession -computername $hostname -username $user -password $password
PS C:\Users\Administrator> New-Sshsession -computername $hostname -username $user -password $password
Successfully connected to IP Address
PS C:\Users\Administrator> Get-SshSession

ComputerName                                                                                                  Connected
------------                                                                                                  ---------
192.168.10.180                                                                                                      True
PS C:\Users\Administrator> $Command1 = Invoke-SshCommand -InvokeOnAll -Command "transfer upload mode tftp"
Exception calling "RunCommand" with "1" argument(s): "An established connection was aborted by the server."
At C:\Windows\system32\WindowsPowerShell\v1.0\Modules\ssh-sessions\SSH-Sessions.psm1:272 char:66
+         $CommandObject = $global:SshSessions.$Computer.RunCommand <<<< ($Command)
    + CategoryInfo          : NotSpecified: (:) [], ParentContainsErrorRecordException
    + FullyQualifiedErrorId : DotNetMethodException

 

SSh-Sessions.psm1 is the same I downloaded from http://www.powershelladmin.com/wiki/SSH_from_PowerShell_using_the_SSH.NET_library

So am not sure if the powershell fails because of the prompt I am getting when using plink.

 

Share this post


Link to post
Share on other sites
iamtheky

what happens if you run

plink -ssh <Controller Hostname> -l test -pw mypassword <command>

(or just fill out my template above with your info as the log might be helpful as well)

do you get the same aborted connection error?  or another one related to authentication? 

Edited by boththose

,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Share this post


Link to post
Share on other sites
SatishMohanan

@boththose

I just ran my SSH command using the -m switch in a verbose mode:

 

C:\>plink -ssh <controller> -l testuser -pw <password> -v -m input.txt
Looking up host "<controller>"
Connecting to 192.168.10.180 port 22
We claim version: SSH-2.0-PuTTY_Release_0.64
Server version: SSH-2.0-CISCO_WLC
Using SSH protocol version 2
Doing Diffie-Hellman group exchange
Doing Diffie-Hellman key exchange with hash SHA-1
Host key fingerprint is:
ssh-rsa 1024 4c:22:56:22:38:86:g2:ee:b3:f0:0f:f8:30:73:4r:c2
Initialised AES-256 CBC client->server encryption
Initialised HMAC-SHA1 client->server MAC algorithm
Initialised AES-256 CBC server->client encryption
Initialised HMAC-SHA1 server->client MAC algorithm
Using username "testuser".
Access granted
Opening session as main channel
Opened main channel
Server refused to start a shell/command
FATAL ERROR: Server refused to start a shell/command

 

*******************************************************************

input.txt had the SSH commands which I plan to use to take a controller backup to a TFTP

transfer upload mode tftp
transfer upload datatype config
transfer upload filename Controller_Backup
transfer upload path ./BACKUPConfigs/WLC               
transfer upload serverip 192.168.10.18
transfer upload start
 

 

Share this post


Link to post
Share on other sites
iamtheky

 

Can you do a simple show command and rule out that this behavior is solely exhibited with ftp commands?  Because it looks like auth went through fine so im leaning towards controller config, and these commands all work manually through putty with 'testuser'?


,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Share this post


Link to post
Share on other sites
SatishMohanan

No I dont think it has anything to do with the FTP command if I replace that with "show cdp neighbour" in the input.txt I get the exact same error .

I am not into Cisco administration as I am just helping my Network team to atutomate the backup procedure using scripting. Though would like to understand if the Login as: prompt whcih I get  on plink or even when i use putty got anything to do  with the Configuration of the device. If I use the same set of commands to connect to a Cisco switch it goes through fine. So I feel there is some SSH authentication in WLC even though you can simply skip by hitting enter. Which means inorder for an SSH session to get established there is a prompt followed by the actual Controller prompt

Just to reiterate.. if I use putty client I get the same login as: prompt where I can enter anything or simply hit enter to reach the actual controller prompt

 

login as:


(Cisco Controller)
User:

 

 Thanks!

Share this post


Link to post
Share on other sites
AdamUL

@SatishMohanan 

Have you tried using the _PlinkConnectCiscoController function that I posted?  If not, could you try it, and tell me if it returns any errors?  

 

Adam  

Share this post


Link to post
Share on other sites
JiBe

Hi,

Check this:

Share this post


Link to post
Share on other sites
egas

Hey @AdamUL!

I am having a similar problem as the OP

.plink2.thumb.PNG.1b7b393605862ba0f5b1c64

plink1.thumb.PNG.972a7afadb2ae9cfc5eba95

plink3.thumb.PNG.726a843fc5b6037111971a4

Initially I tried to write a script on my own here but I haven't gotten very far with that.

I tried your script as well, but that too didn't work. Any other ideas?

 

Share this post


Link to post
Share on other sites
AdamUL

@egas

Could you explain by what you mean "didn't work" in relation to the function?  Did is stall or return an error?  Also, what keys do you type to get it to the input were you can log in?  

 

Adam

Share this post


Link to post
Share on other sites
TheDude69

Hello All,

I know that this is an old post but I am running into exactly the same issue today. Has anyone of you find a workaround for this problem?

At the moment I help myself by sending text and enter sequence to the putty windows but I want to use plink.exe to hide this from users and to be able to get the exit messages of plink.exe.

Many thanks in advance,
best regards

TheDude

 

Share this post


Link to post
Share on other sites
AdamUL

So what you are sending to the PUTTY windows is working?  Where are the keys you are sending?  As you can tell above, I never got a answer to any of my questions.  Maybe I can help.  

 

Adam

 

Share this post


Link to post
Share on other sites
TheDude69

Hello Adam,

I am sending the following to putty:
 

Func _CreateGuestUser()
    Local $PID
    $PID = Run(@ScriptDir & "\Tools\putty.exe -ssh <ip-address>")
    Sleep(8000)
    Send('Start') ; Send something
    Sleep(500)
    Send("{ENTER}")
    Sleep(500)
    Send('<UserName>')
    Sleep(500)
    Send('{ENTER}')
    Sleep(500)
    Send('<Password>')
    Sleep(500)
    Send('{ENTER}')
    Sleep(500)
    Send('config netuser add AutoIT 123456789 wlan 4 userType guest lifetime 300 description "Created by AutoIT script"')
    Sleep(500)
    Send('{ENTER}')
    Sleep(500)
    Send('logout')
    Sleep(500)
    Send('{ENTER}')
    Sleep(500)
    Send('N')
    Return 
EndFunc

But this is a Workaround because I cannot work with plink.exe. The first prompt prevents the successful login into the Cisco WLC. Also when using putty.exe there is no way to get a Feedback from the external program.

 

Best regards

TheDude

 

Share this post


Link to post
Share on other sites
AdamUL
On 9/27/2016 at 1:52 AM, TheDude69 said:

The first prompt prevents the successful login into the Cisco WLC.

What is the text of the prompt?  Also, what is the text returned before you use each send command?  We should be able to read the returned text from plink with StdoutRead, and send the correct text based on that.  

Also, have you tried to use plink manually though the console to connect.  This is usually how I test before writing a script, so I can have the input and output text together to work from.  

 

Adam

 

Share this post


Link to post
Share on other sites
TheDude69

Hello Adam,

... this is what I do get from the DOS box when using the command manually: "FATAL ERROR: Server refused to start a shell/command". Same in Autoit.

I believe that there is no way to use plink together with Scripting and I also believe that Cisco has done "double Login" intentionally to prvent from Scripting something with this controler.

This is how I use plink in a DOS box: plink.exe -ssh <IP address> -l <username> -pw <password> -m "CMDs.txt"

If you start putty with param -ssh IP address then you see the following:

PuTTY.jpg

Here you can see the Problem: Two logins. The first is a dummy, the second one is for the valid and existing user name. 

If there is a known Workaround this would be great to know. But again - I do not believe that there is any ... :(

Best regards
TheDude

 

Share this post


Link to post
Share on other sites
AdamUL

Can you try just connecting with plink, without using the commmand file?  I would like to see if you get the same error, or a different one.  

plink.exe -v -ssh <IP address> -l <username> -pw <password>

 

Adam

 

Share this post


Link to post
Share on other sites
misterhonorable

Did this issue ever have a resolution? I am still having the same problem as initially reported.

 

Frank

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×