View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
789 | RackTables | default | public | 2013-03-14 13:48 | 2013-04-03 09:16 |
Reporter | ivo@netco.nl | Assigned To | infrastation | ||
Priority | normal | Severity | feature | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Platform | linux | OS | Centos | OS Version | 6.3 |
Product Version | 0.20.3 | ||||
Target Version | 0.20.4 | Fixed in Version | 0.20.4 | ||
Summary | 789: getting live ports/cdp via password authenticated ssh | ||||
Description | The current version of RackTables only has the ability to log in using public key authentication using ssh. The only way I found to log in using username/password was using the telnet or netcat gateway. I created a new 'sshpass' gateway by altering the telnet gateway by wrapping perl::OpenSSH around the telnet session. perl::OpenSSH is also given the username/password rather then letting the telnet session handle it. This allows the advantages of encrypted communications of SSH with the ease of configuration of telnet. | ||||
Steps To Reproduce | 1: install patch 2: setup a device to be queried with protocol 'sshpass'; also define username, password, prompt prompt_delay (in your secret.php file) 3: use the 'Live ports' or 'Live CDP' functionality (via ssh using password authentication) | ||||
Additional Information | - Only tested on CISCO devices. - May need additional configuration regarding HostKeys as does regular ssh | ||||
Tags | No tags attached. | ||||
racktables-sshpass.diff (4,703 bytes)
diff -uNr RackTables-0.20.3.old/gateways/sshpass RackTables-0.20.3/gateways/sshpass --- RackTables-0.20.3.old/gateways/sshpass 1970-01-01 01:00:00.000000000 +0100 +++ RackTables-0.20.3/gateways/sshpass 2013-03-14 13:22:51.247157562 +0100 @@ -0,0 +1,124 @@ +#!/usr/bin/perl + +# This file is a part of RackTables, a datacenter and server room management +# framework. See accompanying file "COPYING" for the full copyright and +# licensing information. + +use strict; +use Getopt::Long; +use Net::Telnet; +use Net::OpenSSH; + +# fetch command-line parameters +my $op_help; +my $op_port; +my $op_username; +my $op_password; +my $op_connect_timeout = 2; +my $op_timeout = 10; +my $op_prompt; +my $op_delay = 0; +GetOptions ( + 'h' => \$op_help, + 'port:i' => \$op_port, + 'connect-timeout:i' => \$op_connect_timeout, + 'timeout:i' => \$op_timeout, + 'prompt-delay:f' => \$op_delay, + 'prompt:s' => \$op_prompt, + 'username:s' => \$op_username, + 'password:s' => \$op_password +); +if ($op_help) { + &display_help; + exit; +} +my $op_host = $ARGV[0]; +defined $op_host or die "ERROR: please specify remote host (-h for help)"; +defined $op_prompt or die "ERROR: please specify prompt regexp (-h for help)"; +my $prompt_re = qr/$op_prompt/; + +sub display_help { + print <<END; +OpenSSH-Hardened telnet batch client for RackTables. +Takes commands list in standard input and gives the responses via standard output. +Login credentials are not specially handled and should be placed as first lines of input +Usage: +$0 {hostname} [--port={port}] [--connect-timeout={seconds}] --prompt={regexp} [--timeout={seconds}] --username={username} --password={password} --prompt-delay={prompt_delay} + +port: TCP port number to connect to +connect-timeout: timeout for giving up connecting process, seconds +prompt: command prompt regexp for interactive telnet (auth prompts too) +timeout: wait time for activity of remote telnet peer in seconds +NOTE: this help may be incorrect - functionality within RackTables was tested. + +END +} + +my $port = $op_port || 22; + +my $ssh = Net::OpenSSH->new( + $op_host, + 'port' => $op_port, + 'user' => $op_username, + 'password' => $op_password +); +$ssh->error and + die "Couldn't establish SSH connection: ". $ssh->error; + +my ($pty, $pid) = $ssh->open2pty({stderr_to_stdout => 1}) + or die "unable to start remote shell: " . $ssh->error; + +my $session = Net::Telnet->new ( + Fhopen => $pty, +# Host => $op_host, +# Port => $port, +# Timeout => $op_connect_timeout, + Prompt => "/$op_prompt/", + Telnetmode => 0, + Cmd_remove_mode => 1, + Output_record_separator => "\r" +); + + + + +use IO::Select; +my $sel = new IO::Select($session); + +my $buff = ''; +my $nohang_read; +until ($session->eof) { + # read output from the device + eval { + $buff .= $session->get (Timeout => $nohang_read ? 0 : $op_timeout, Errmode => $nohang_read ? 'return' : 'die'); + }; + if ($@) { + # check if there is something else in <STDIN> + if (defined <STDIN>) { + die $@; + } + else { + last; # no more input, seems like session was closed remotely by our last command + } + } + $nohang_read = 0; + print $1 if ($buff =~ s/(.*\n)//s); + + next unless ($buff =~ $prompt_re); + # send pending commands to the device + if ($op_delay and IO::Select->select ($sel, undef, undef, $op_delay)) { + # something is received, no prompt detection at this time + # set NOHANG options for next reading, cause it can be telnet control sequence + $nohang_read = 1; + } + elsif (defined ($_ = <STDIN>)) { + # replace all CR and LF symbols with single trailing LF + s/[\015\012]//g; + $session->put($_ . "\012"); + } + else { + # no more commands in input + last; + } +} +print $buff; diff -uNr RackTables-0.20.3.old/wwwroot/inc/remote.php RackTables-0.20.3/wwwroot/inc/remote.php --- RackTables-0.20.3.old/wwwroot/inc/remote.php 2013-03-14 13:22:20.314040093 +0100 +++ RackTables-0.20.3/wwwroot/inc/remote.php 2013-03-14 13:23:09.702617890 +0100 @@ -353,6 +353,13 @@ $params_from_settings['sudo-user'] = 'sudo_user'; $params_from_settings['connect-timeout'] = 'connect_timeout'; break; + case 'sshpass': + $params_from_settings['proto'] = 'proto'; + $params_from_settings['prompt'] = 'prompt'; + $params_from_settings['prompt-delay'] = 'prompt_delay'; + $params_from_settings['username'] = 'username'; + $params_from_settings['password'] = 'password'; + break; case 'ucssdk': # remote XML through a Python backend $params = array(); # reset # UCS in its current implementation besides the terminal_settings() provides |
|
Date Modified | Username | Field | Change |
---|---|---|---|
2013-03-14 13:48 | ivo@netco.nl | New Issue | |
2013-03-14 13:48 | ivo@netco.nl | File Added: racktables-sshpass.diff | |
2013-03-23 06:12 | infrastation | Assigned To | => infrastation |
2013-03-23 06:12 | infrastation | Status | new => closed |
2013-03-23 06:12 | infrastation | Resolution | open => fixed |
2013-03-23 06:12 | infrastation | Fixed in Version | => 0.20.4 |
2013-03-23 06:12 | infrastation | Target Version | => 0.20.4 |