Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

StartShell default tcp port hardcoded #573

Closed
miguelgr83 opened this issue Aug 9, 2016 · 12 comments
Closed

StartShell default tcp port hardcoded #573

miguelgr83 opened this issue Aug 9, 2016 · 12 comments

Comments

@miguelgr83
Copy link

Hi guys,

It seems the port is pre-stablished in the code when you try to perform a "start-shell" command
https://github.com/Juniper/py-junos-eznc/blob/master/lib/jnpr/junos/utils/start_shell.py#L78

I did some testing and I can confirm that it wont take "port" as a variable and it will always try to connect to tcp/22.

Do you think you can fix this in the future?

These are some tests I've done to confirm that.

This is regular PyEz and works
from jnpr.junos import Device
host_ip = "127.0.0.1"
port = "8011"
username = "miguel"
password = “Juniper"
dev = Device(host=host_ip, port=port, user=username, password=password)
dev.open()

This is my attempt to run Start Shell commands and does not work (it goes to the port 22 instead of the port 8011)

from jnpr.junos import Device
from jnpr.junos.utils.start_shell import StartShell
host_ip = "127.0.0.1"
port = "8011"
username = “miguel"
password = “Juniper"
dev = Device(host=host_ip, port=port, user=username, password=password)
dev.open()
ss = StartShell(dev)
ss.open()
ss.run('cli -c "ping 10.7.240.114 count 5 rapid”')

dev = Device(host=host_ip, port=port, user=username, password=password)
dev.open()
Device(127.0.0.1)
ss = StartShell(dev)
ss.open()
Traceback (most recent call last):
File "", line 1, in
File "/tmp/pip-build-wO4SAk/junos-eznc/jnpr/junos/utils/start_shell.py", line 79, in open
File "/tmp/pip-build-ajZ6CA/paramiko/paramiko/client.py", line 380, in connect
File "/tmp/pip-build-ajZ6CA/paramiko/paramiko/client.py", line 603, in _auth
paramiko.ssh_exception.AuthenticationException: Authentication failed.

The reason it fails is because it goes against port 22 (linux ssh) and not port 8011 (mx port redirect).

Regards.

@stacywsmith
Copy link
Contributor

@miguelgr83 I agree we need to support the ability to handle a non-default port for StartShell(). We're looking into the best way to do that.

For this particular example, I'm wondering why you're trying to invoke the CLI from the shell to then execute the ping command. Why not just invoke the ping RPC from PyEZ?

@miguelgr83
Copy link
Author

Hi Stacy,

The main reason of invoking the cli from the shell is that I really need the regular output of the "ping" command to attach it as evidence that the ip is reachable.
The same happens with the command "traceroute".
My customer (AT&T) is quite strict on how the test plans have to be filled and the output of the rpc command is something that they don't know and therefore they don't want as probe that the test was successful.

Regards

Miguel Garcia
Senior Network Security Consultant
JNCIE-SEC #186
Professional Services AMER

[email protected]:[email protected]
+1 (415) 608 7449

On 10 Aug 2016, at 01:40, Stacy W. Smith <[email protected]mailto:[email protected]> wrote:

@miguelgr83https://github.com/miguelgr83 I agree we need to support the ability to handle a non-default port for StartShell(). We're looking into the best way to do that.

For this particular example, I'm wondering why you're trying to invoke the CLI from the shell to then execute the ping command. Why not just invoke the ping RPC from PyEZ?

You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHubhttps://github.com//issues/573#issuecomment-238770830, or mute the threadhttps://github.com/notifications/unsubscribe-auth/ARAi4dGiiY-41Gv07owHSdyRBli3GTywks5qeWQ1gaJpZM4JgJKL.

@stacywsmith
Copy link
Contributor

OK. Then could you just use:

dev.cli('ping 10.7.240.114 count 5 rapid', warning=False)

That would give you the ping output as CLI text over the existing NETCONF session rather than having to make a new SSH connection to the shell.

--Stacy

On Aug 9, 2016, at 11:46 PM, miguelgr83 <[email protected]mailto:[email protected]> wrote:

Hi Stacy,

The main reason of invoking the cli from the shell is that I really need the regular output of the "ping" command to attach it as evidence that the ip is reachable.
The same happens with the command "traceroute".
My customer (AT&T) is quite strict on how the test plans have to be filled and the output of the rpc command is something that they don't know and therefore they don't want as probe that the test was successful.

Regards

Miguel Garcia
Senior Network Security Consultant
JNCIE-SEC #186
Professional Services AMER

[email protected]:[email protected]:[email protected]
+1 (415) 608 7449

On 10 Aug 2016, at 01:40, Stacy W. Smith <[email protected]mailto:[email protected]mailto:[email protected]> wrote:

@miguelgr83https://github.com/miguelgr83 I agree we need to support the ability to handle a non-default port for StartShell(). We're looking into the best way to do that.

For this particular example, I'm wondering why you're trying to invoke the CLI from the shell to then execute the ping command. Why not just invoke the ping RPC from PyEZ?

You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHubhttps://github.com//issues/573#issuecomment-238770830, or mute the threadhttps://github.com/notifications/unsubscribe-auth/ARAi4dGiiY-41Gv07owHSdyRBli3GTywks5qeWQ1gaJpZM4JgJKL.


You are receiving this because you commented.
Reply to this email directly, view it on GitHubhttps://github.com//issues/573#issuecomment-238771574, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AL3qY76UTplZijZKBsOvwVtkNxQsLY0bks5qeWW5gaJpZM4JgJKL.

@miguelgr83
Copy link
Author

That command gives me an output error "command does not exist".

Miguel Garcia
Senior Network Security Consultant
JNCIE-SEC #186
Professional Services AMER

[email protected]:[email protected]
+1 (415) 608 7449

On 10 Aug 2016, at 01:59, Stacy W. Smith <[email protected]mailto:[email protected]> wrote:

OK. Then could you just use:

dev.cli('ping 10.7.240.114 count 5 rapid', warning=False)

That would give you the ping output as CLI text over the existing NETCONF session rather than having to make a new SSH connection to the shell.

--Stacy

On Aug 9, 2016, at 11:46 PM, miguelgr83 <[email protected]mailto:[email protected]mailto:[email protected]> wrote:

Hi Stacy,

The main reason of invoking the cli from the shell is that I really need the regular output of the "ping" command to attach it as evidence that the ip is reachable.
The same happens with the command "traceroute".
My customer (AT&T) is quite strict on how the test plans have to be filled and the output of the rpc command is something that they don't know and therefore they don't want as probe that the test was successful.

Regards

Miguel Garcia
Senior Network Security Consultant
JNCIE-SEC #186
Professional Services AMER

[email protected]:[email protected]:[email protected]:[email protected]
+1 (415) 608 7449

On 10 Aug 2016, at 01:40, Stacy W. Smith <[email protected]mailto:[email protected]mailto:[email protected]:[email protected]> wrote:

@miguelgr83https://github.com/miguelgr83 I agree we need to support the ability to handle a non-default port for StartShell(). We're looking into the best way to do that.

For this particular example, I'm wondering why you're trying to invoke the CLI from the shell to then execute the ping command. Why not just invoke the ping RPC from PyEZ?

You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHubhttps://github.com//issues/573#issuecomment-238770830, or mute the threadhttps://github.com/notifications/unsubscribe-auth/ARAi4dGiiY-41Gv07owHSdyRBli3GTywks5qeWQ1gaJpZM4JgJKL.

You are receiving this because you commented.
Reply to this email directly, view it on GitHubhttps://github.com//issues/573#issuecomment-238771574, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AL3qY76UTplZijZKBsOvwVtkNxQsLY0bks5qeWW5gaJpZM4JgJKL.

You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHubhttps://github.com//issues/573#issuecomment-238773128, or mute the threadhttps://github.com/notifications/unsubscribe-auth/ARAi4SUpzzuuH4iDbBK170ADC6RCSCJcks5qeWi3gaJpZM4JgJKL.

@miguelgr83
Copy link
Author

Hi Vijay,

This is the problem we're facing, it works for you as you're running default TCP/22 port for the SSH connection.
In my case, it won't run as I need to use a non-default port (tcp/8011) to connect to the MX in this case as I'm behind an ssh tunnel.
When I run the command "dev.run" it will attempt to connect to tcp/22 which is a different device (localhost in this case).

If you have something like:
dev = Device('10.x.x.x', user='User123', password='Pwd123', port='8011')
won't work.

Regards.

....................................
Miguel Garcia
Senior Network Security Consultant
JNCIE-SEC #186
Professional Services - AMER

[cid:346DD60A-941A-4CE3-9355-541BE1ED8BFB]

m +1 (415) 608 7449
[email protected]:[email protected]
www.juniper.nethttp://www.juniper.net/

From: vijay-shetty <[email protected]mailto:[email protected]>
Reply-To: Juniper/py-junos-eznc <[email protected]mailto:[email protected]>
Date: Wednesday 10 August 2016 02:15
To: Juniper/py-junos-eznc <[email protected]mailto:[email protected]>
Cc: Miguel Garcia <[email protected]mailto:[email protected]>, Mention <[email protected]mailto:[email protected]>
Subject: Re: [Juniper/py-junos-eznc] StartShell default tcp port hardcoded (#573)

@miguelgr83https://github.com/miguelgr83

It works fine on latest PyEZ code.

`from jnpr.junos.utils.start_shell import StartShell
from jnpr.junos import Device

dev = Device('10.x.x.x', user='User123', password='Pwd123')

with StartShell(dev) as sh:
ret, value = sh.run('cli -c "ping 10.209.1.228 count 5 rapid"')

print (value)`

Output:-
cli -c "ping 10.209.1.228 count 5 rapid"
PING 10.209.1.228 (10.209.1.228): 56 data bytes
!!!!!
--- 10.209.1.228 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.333/0.369/0.409/0.027 ms
%

You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHubhttps://github.com//issues/573#issuecomment-238810469, or mute the threadhttps://github.com/notifications/unsubscribe-auth/ARAi4VkIPV8uVGwbeKYQ7WvAjP4XMn1eks5qeZaWgaJpZM4JgJKL.

@vijay-shetty
Copy link

@miguelgr83

I don't know whether it is supposed to work or not. But, it is working for me.
`
from jnpr.junos.utils.start_shell import StartShell
from jnpr.junos import Device

dev = Device('10.x.x.x', user='User123', password='Pwd123', port='8011')

print ("port: ",dev.port ,"\n")

with StartShell(dev) as sh:
ret, value = sh.run('cli -c "ping 10.209.1.228 count 5 rapid"')

print (value)
`
output:-

port: 8011

cli -c "ping 10.209.1.228 count 5 rapid"
PING 10.209.1.228 (10.209.1.228): 56 data bytes
!!!!!
--- 10.209.1.228 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.019/0.029/0.054/0.013 ms
%

@vnitinv vnitinv self-assigned this Aug 12, 2016
@vnitinv
Copy link
Contributor

vnitinv commented Aug 12, 2016

@vijay-shetty Its just printing the port value associated with Device class. StartShell starts a totally new connection and uses port 22 only
refer:
https://github.com/Juniper/py-junos-eznc/blob/master/lib/jnpr/junos/utils/start_shell.py#L78

@vijay-shetty
Copy link

@vnitinv Shouldn't it throw a warning or an error message?

@ydnath ydnath added this to the R_2_1_0 milestone Sep 7, 2016
@a-v-popov
Copy link

If it is a totally new connection it should honor ssh_config as well. On the other hand do we really need a separate connection? SSH channel should work just fine without additional hassle. Or do I miss something?

@a-v-popov
Copy link

This works for me:

diff --git a/lib/jnpr/junos/utils/start_shell.py b/lib/jnpr/junos/utils/start_shell.py
index 07956c0..afec546 100644
--- a/lib/jnpr/junos/utils/start_shell.py
+++ b/lib/jnpr/junos/utils/start_shell.py
@@ -75,25 +75,17 @@ class StartShell(object):
         self._chan.send(data)
         self._chan.send('\n')

-    def open(self):
+    def open(self, term='vt100', width=80, height=24, width_pixels=0, height_pixels=0):
         """
-        Open an ssh-client connection and issue the 'start shell' command to
+        Open a channel and issue the 'start shell' command to
         drop into the Junos shell (csh).  This process opens a
         :class:`paramiko.SSHClient` instance.
         """
         junos = self._nc

-        client = paramiko.SSHClient()
-        client.load_system_host_keys()
-        client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
-        client.connect(hostname=junos.hostname,
-                       port=(22, junos._port)[junos.hostname == 'localhost'],
-                       username=junos._auth_user,
-                       password=junos._auth_password,
-                       )
-
-        chan = client.invoke_shell()
-        self._client = client
+        chan = junos._conn._session.transport.open_session()
+        chan.get_pty(term, width, height, width_pixels, height_pixels)
+        chan.invoke_shell()
         self._chan = chan

         got = self.wait_for(r'(%|>|#)')
@@ -102,9 +94,8 @@ class StartShell(object):
             self.wait_for(_SHELL_PROMPT)

     def close(self):
-        """ Close the SSH client channel """
+        """ Close the SSH channel """
         self._chan.close()
-        self._client.close()

     def run(self, command, this=_SHELL_PROMPT, timeout=0):
         """

@chidanandpujar
Copy link
Collaborator

chidanandpujar commented Mar 28, 2023

Hi @miguelgr83
Thanks ,
Could you please check and confirm whether following results are according to your requirements .

   I have enabled  port 8011 on the JUNOS device 
show system services 
ssh {
    port 8011;
}


from jnpr.junos import Device
from jnpr.junos.utils.start_shell import StartShell
host_ip = "10.xx.xx.xx"
port = "8011"
username = "testuser"
password = "test123"
dev = Device(host=host_ip, port=8011, user=username, password=password)
dev.open()
ss = StartShell(dev)
ss.open()
ret, value =ss.run('cli -c "ping 127.0.0.1 count 5 rapid"')
print(value)

python issue_573_start_shell.py 
cli -c "ping 127.0.0.1 count 5 rapid"
PING 127.0.0.1 (127.0.0.1): 56 data bytes
ping: sendto: No route to host
.ping: sendto: No route to host
.ping: sendto: No route to host
.ping: sendto: No route to host
.ping: sendto: No route to host
.
--- 127.0.0.1 ping statistics ---
5 packets transmitted, 0 packets received, 100% packet loss
% 

Thanks & Regards
Chidanand

chidanandpujar added a commit to chidanandpujar/py-junos-eznc that referenced this issue Mar 29, 2023
set the port ssh_client.connect
port assigned in Device or
if not assigned then set to default 22
chidanandpujar added a commit to chidanandpujar/py-junos-eznc that referenced this issue Apr 4, 2023
set the port ssh_client.connect
port assigned in Device or
if not assigned then set to default 22
@chidanandpujar
Copy link
Collaborator

Fixed and merged
#1241

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

7 participants