a script to access a switch within LAN

shahz · 05-10-2008, 03:44 AM

HI,

I have a manageable switch allied teleysin and for some reasons I need to write a script to enable and disable settings.

I wrote a small one but din't work

#/bin/bash

telnet 192.168.0.1

username
password

but when I run these three commands I get the loging prompt I don't get loging through script any ideas will appretiated.

thanks

colucix · 05-10-2008, 04:58 AM

You cannot pass username and password like this in a script. You have to use some communication tool like expect which is able to dialogue with interactive programs like telnet.

shahz · 05-10-2008, 06:11 AM

I have expect already but don't know how to make a login script. thanks for answer.

colucix · 05-10-2008, 06:44 AM

I cannot be of much help, but you can try to look for "expect telnet" in the LQ search page. You will find a lot of hits.

frndrfoe · 05-10-2008, 11:38 AM

being a managed switch it certainly has snmp abilities.
setup a private read/write community string and write a script to do the snmpset calls

just make sure you restrict the private community access to a network or single ip or firewall the port

I would advise using a community string that follows good password creation rules. Also snmp v.3 uses name/password

frndrfoe · 05-10-2008, 11:42 AM

you can even setup a management webpage that does the get and draws pretty pictures to show the current status

shahz · 05-12-2008, 03:26 AM

after seeing all suggations. I come to know that why not to try ssh I configured ssh on my swithc which details are.

SSH Configuration
Version ................... 1.5
Server Enabled ............ TRUE
Port ...................... 22
Host Key ID ............... 0
Host Key Bits ............. 1024
Server Key ID ............. 1
Server Key Bits ........... 768
Server Key Expiry(hours).. 1
Login Timeout(secs) ....... 60
Authentication Available .. Password,RSA
Ciphers Available ......... DES
Services Available ........ Shell,Cmd

but when I ssh from my system I do get the following error.

Selected cipher type <unknown> not supported by server.

don't know what this is.

thanks

colucix · 05-12-2008, 04:35 AM

Quote:

Originally Posted by shahz

Selected cipher type <unknown> not supported by server.

This is related to the cryptography used by ssh. The chiper you've selected in the configuration is DES, which is obsolete and highly discouraged because of its weakness. You can try to specify another chiper like 3DES and try to connect using the -c option of ssh. For example:

Code:

ssh -c 3des user@host

shahz · 05-12-2008, 04:40 AM

okay after having this command I do get the following error.

ssh -c 3des server

selected cipher type 3des not supported by server.

thanks

colucix · 05-12-2008, 05:01 AM

What do you get using the following?

Code:

ssh -c des server

since the available chiper seems to be only DES.

shahz · 05-12-2008, 05:10 AM

and if I do the following it works but I do get the following message.

ssh -l user -c des IP

warning: use of DES is strongly discouraged due to cryptographic weaknesses.

it works is that a security hole or what???

colucix · 05-12-2008, 05:15 AM

Yes. It is a security hole in the sense that the cryptography used by ssh can be stronger than that. Anyway better than the telnet solution which sends traffic in clear text. And if your switch configuration supports only DES you have no other chance to access it.

shahz · 05-12-2008, 06:04 AM

thanks for your quick response

I want to be logged in through a script what key I need to copy to the switch and what will be the command for it. means I don't want to give passwords all the time for switch. then I think I am done.

thanks

colucix · 05-12-2008, 08:07 AM

You have to generate a private/public key pair using ssh-keygen, then you have to copy the public key (e.g. id_dsa.pub) to the file ~/.ssh/authorized_keys on the switch.

Code:

scp -c des  name_of_key.pub  user@IP:.ssh/authorized_keys

be sure that permissions of directory .ssh are set to 700 (that is drwx------) and permissions of the private key on the local machine are set to 600 (-rw-------) otherwise ssh will refuse to connect using public key authentication.
Maybe when connecting to the switch you have to specify the name of the key, if it is not the default name. In this case you have to use the -i option:

Code:

ssh -c des -i name_of_key user@IP

Let me know if it works. Bye.

shahz · 05-13-2008, 03:22 AM

No it din't work what I did is as follow

I made private and public keys I had them within /root/.ssh/id_rsa.pub and id_rsa

I named it publickey

I followed the above command to copy it over the swith with the command.

scp -c des publickey user@IP:.ssh/authorized_keys

i get the following error.
write failed flushing stdout buffer.
conncetion to 192.168.0.1 closed by remote host.

don't know what I am missing