Beefy Boxes and Bandwidth Generously Provided by pair Networks
Clear questions and runnable code
get the best and fastest answer
 
PerlMonks  

Re^3: SSH to remote subsystem (Net::OpenSSH?)

by salva (Monsignor)
on Mar 20, 2013 at 08:53 UTC ( #1024481=note: print w/ replies, xml ) Need Help??


in reply to Re^2: SSH to remote subsystem (Net::OpenSSH?)
in thread SSH to remote subsystem (Net::OpenSSH?)

Using your suggestion, I tried...

You have two calls to open2socket, the first establishes a connection to the Netconf subsystem, but then on the next line it opens a new one to a shell overwriting $socket.

The correct way to do it is as follows:

my $ssh = Net::OpenSSH->new($host, user=>$user, password=>$pass); $ssh->error and die "unable to connect to remote host: " . $ssh->error +; my ($socket, $pid) = $ssh->open2socket({ssh_opts => '-s'}, 'xmlagent') +; while (<$socket>) { print };
Expecting to either see the XML hello message in the debug, or in the socket print. However, it appears that it first makes a connection to the main system, authenticates, and then tries to connect to the subsystem. I'm not good enough with SSH to know if that's how it works with except/shell version or not.

This is how the SSH protocol works, first a TCP connection is established, then encryption and authentication are negotiated and from that point, bidirectional channels can be open freely between the client and server even in parallel (though, most servers set a limit on the number of concurrent channels, typically 10).

When you run ssh from the command line or using Expect, the two phases are performed under the hood by the ssh client, though just one channel is open.

The "-s" flag is at the beginning, but the "xmlagent" value is at the end

Yes, it works that way, the subsystem name is not an argument to the -s flag but it is taken from the remote command at the end of the ssh argument list (see ssh).

BTW, the specification for NETCONF over SSH (rfc4742) says the server must listen not at the default SSH port (22) but at port 830. Have you activated the subsystem also at port 22?


Comment on Re^3: SSH to remote subsystem (Net::OpenSSH?)
Select or Download Code
Re^4: SSH to remote subsystem (Net::OpenSSH?)
by sojourner9 (Initiate) on Mar 20, 2013 at 15:17 UTC

    Derp! Thanks! That extra line of "open2socket" was what was what was causing the problems. Don't know how I missed that creeping in there.

    As for SSH/830 - It looks like the RFC says it must go into NETCONF subsystem when connected on port 830, but should be allowed access to NETCONF when connected to on other ports. Looks like Cisco's implementation is to have the user connect on port 22 and then call the susbsystem

    So, once I got rid of that extra line, it seems to be connecting just fine. I see the banner and logon prompt, and then the remote device's hello message.

    I had issues figuring out how to send queries and receive replies using open2socket, but got it to work using open_ex. Here's what I currently have:

    #!/usr/bin/perl ## CALL MODULES use strict; use warnings; use Net::OpenSSH; ## SET VARIABLES my $host = 'host'; my $user = 'user'; my $pass = 'pass'; my ($ssh, $out, $in, $pid); my ($message); ## OPEN THE SSH SESSION $ssh = Net::OpenSSH->new($host, user=>$user, password=>$pass); $ssh->error and die "unable to connect to remote host: " . $ssh->error +; ($out, $in, undef, $pid) = $ssh->open_ex( { stdin_pipe=>1, stdout_pipe +=>1, ssh_opts=>'-s'},'xmlagent' ) or die "open_ex failed: " . $ssh->e +rror; ## SEND THE CLIENT HELLO $message = qq~ <?xml version="1.0"?> <nc:hello xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0"> <nc:capabilities> <nc:capability>urn:ietf:params:xml:ns:netconf:base:1.0 +</nc:capability> </nc:capabilities> </nc:hello> ]]>]]>~; print $out $message; ## SEND THE QUERY FOR THE ARP TABLE $message = qq~ <?xml version="1.0" encoding="UTF-8"?> <nf:rpc message-id="1" xmlns="http://www.cisco.com/nxos:1.0:arp" xmlns +:nf="urn:ietf:params:xml:ns:netconf:base:1.0"> <nf:get> <nf:filter type="subtree"> <show> <ip> <arp/> </ip> </show> </nf:filter> </nf:get> </nf:rpc> ]]>]]>~; print $out $message; ## PRINT THE RESULTS while (<$in>) { print; last if $_ =~ m/\/nf:rpc-reply/; }; waitpid($pid, 0); exit;

    And, here's a snippet of the results

    <ROW_adj> <intf-out>Vlan852</intf-out> <ip-addr-out>10.7.252.191</ip-addr-out> <time-stamp>00:00:50</time-stamp> <mac>0050.56ab.2d52</mac> </ROW_adj> </TABLE_adj> </ROW_vrf> </TABLE_vrf> </__readonly__> </__XML__OPT_Cmd_arp_show_adj_cmd___readonly__> </__XML__OPT_Cmd_arp_show_adj_cmd_ip-address> </arp> </ip> </show> </nf:data> </nf:rpc-reply>

    My main problem right now is that I expected the "last" statement of the while loop to find the last line ("/nf:rpc-reply") of the switch's reply and move on to whatever we wanted to do next (In this case, close everything down). But, instead it seems to hang there, so I must still be missing something).

    And, would open2socket be better than open_ex? And if so, can you show a sample of how to print to and read from it? I tried a couple different ways, but wasn't getting it

      You have to close the input and output pipes before calling waitpid:
      ... close $in; close $out; waitpid($pid, 0);

        That got it! Thanks!

        It's working perfectly now using the large block of code posted above with the addition of those two closes.

        The rest of this will just be the grunt work of turning the replies into useable formats for other tools.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1024481]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others rifling through the Monastery: (7)
As of 2014-10-20 05:00 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    For retirement, I am banking on:










    Results (72 votes), past polls