Integrity Servers
cancel
Showing results for 
Search instead for 
Did you mean: 

ssh automated script with MP

 
SOLVED
Go to solution
Joao Rei
Frequent Advisor

ssh automated script with MP

rx2660 MP

I have a telnet automated script that connects into MP and submits several MP commands. It's working fine.

Now I would like to use ssh instead of telnet.
I can establish a ssh session with MP from putty.

1)When I try to ssh from HP-UX 11.23 to the MP I cant establish the session:
_________________________________________

# ssh

OpenSSH_4.4p1-hpn12v11, OpenSSL 0.9.7l 28 Sep 2006
HP-UX Secure Shell-A.04.40.011, HP-UX Secure Shell version
debug1: Reading configuration data /opt/ssh/etc/ssh_config
debug3: RNG is ready, skipping seeding
debug2: ssh_connect: needpriv 0
debug1: Connecting to
[] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/3
....
....
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
Received disconnect from : 11: Client Disconnect
_________________________________________

Any ideas why after "expecting SSH2_MSG_KEXDH_REPLY" the session disconnects?


2)How can I automate ssh (e.g. using here document)

I get the following message:

Pseudo-terminal will not be allocated because stdin is not a terminal.

Regards,

Joao Rei

4 REPLIES 4
Murat SULUHAN
Honored Contributor

Re: ssh automated script with MP

Hi Joao

I don't know your firmware revision.But latest firmware has some fixes about SSH in MP like below
iLO-2 MP F.02.17

* Who command now shows current user.
* Web GUI interface timeout has been increased from 5 to 15 minutes.
* Incomplete hot-key sequence on serial console is now forwarded to OS console.
* SSH now works with SSH 4.4.
* vMedia connection enabled when system power is off.
* Web power status was showing as unavailable on power off.
* Battery failure event no longer occurs on upgrade.
* Repeating CO and Ctrl-B can no longer cause an MP hang.
* Fixed SSH bad password detection.

You can check your firmware revision from MP->CM->SYSREV

The corrected firmware located in http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?lang=en&cc=us&prodTypeId=15351&prodSeriesId=3346452&prodNameId=3346456&swEnvOID=54&swLang=13&mode=2&taskId=135&swItem=ux-56643-1
and installation instructions are
http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?lang=en&cc=us&prodTypeId=15351&prodSeriesId=3346452&swItem=ux-56643-1&prodNameId=3346456&swEnvOID=54&swLang=13&taskId=135&mode=4&idx=1

I hope it will help

Best Regards
Murat
Murat Suluhan
Olivier Masse
Honored Contributor

Re: ssh automated script with MP

1) There is a bug of some sort in the implementation of ssh on some MPs, they work with some clients (e.g. Putty) but not with the OpenSSH client on which you have to manually specify a cipher.

Try:
$ ssh -c 3des-cbc

or another ciper from the man page, I don't remember which one to use.


2) You won't be able to automate easily commands on an MP, as here documents don't work for obvious reasons with SSH. The way I circumvented this is by creating an "operator" account on the MP with limited privileges, and automating the SSH session on it using expect. Not a best practice security-wise, but it works. I can send you an example program tomorrow if you want to. Or if you know perl, perl-expect is easier to program than vanilla expect.

Olivier.
Joao Rei
Frequent Advisor

Re: ssh automated script with MP

1) Thanks to all replys, the issue about ssh session from HP-UX to rx2660 MP is solved:


Current firmware revisions

MP FW : F.02.17

# ssh Admin@

Works fine.

Current firmware revisions

MP FW : F.01.58


# ssh -c 3des-cbc Admin@

Works fine.

_______________________________

Olivier, can you please provide an expect script example to automate ssh?

Regards,

Joao Rei


Olivier Masse
Honored Contributor
Solution

Re: ssh automated script with MP

Here is my expect script. It gets the temperature of the built-in sensor in a rx7640, but it should give you an idea.

P.S.: Never use expect to automate SSH sessions between hosts, it's far from being secure as the password must be stored somewhere, certificates should be used instead.