Advertisement

03.26.2008 at 11:13AM PDT, ID: 23271497
[x]
Attachment Details
[x]
The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

  • The Grade of the Solution
  • The Zone Rank of the Expert Providing the Solution
  • The Number of Author and Expert Comments
  • The Number of Experts Contributing
  • The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!
7.6

How to configure non-interactive (batch) access to Cisco router via SSH

Zones: SSH / Telnet Software, Network Routers
Tags: Cisco, IOS, Cisco, Router, 2800 series, IOS advanced-encryption image
Hi all.
For my management stuff I'm used to write scripts which execute remote command on a Cisco router by mean of the good-old "rsh" utility. The Cisco configuration is straightforward and well documnted (ip rcmd-enable / ip rcmd remote-host ... etc.), I have NO problems in running this way.
For security reasons I want to switch from "rsh" to "ssh" in order to execute commands ove a "secure" connection.
I already have SSH properly configured on my Cisco device and CAN login into the router via my ssh client (OpenSSH / Linux) in INTERACTIVE mode.
What I would like to do, now, is the ability to execute commands on the router in NON-INTERACTIVE (batch) mode, that is, with automatic (possibly rsa-based) authentication. I already use this mode to run commands on remote Linux servers: it simply requires to add the public key of the "client user" on the "server" (that is: the "accepting" machine) and to properly configure the related stuff, in order to have an automatically-autenticated ssh session with the ability to send arbitrary commands to the remote system.
After carefully reading all the docs/manuals available I was not able to correctly setup such scenario on my cisco device: when trying to connect to the router, it always asks for a password to be typed at the client console and this prohibits a non-interactive command execution.
Can you give me some hints?
Hope the question is clear.
-- rock
Start your free trial to view this solution
Question Stats
Zone: Software
Question Asked By: rock
Solution Provided By: rock
Participating Experts: 3
Solution Grade: A
Views: 83
Translate:
Loading Advertisement...
03.26.2008 at 11:40AM PDT, ID: 21214841
arnold:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
03.26.2008 at 12:36PM PDT, ID: 21215326
cflong:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
03.26.2008 at 11:54PM PDT, ID: 21219083
simply_dhaval:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
03.26.2008 at 11:57PM PDT, ID: 21219092
simply_dhaval:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
03.27.2008 at 07:08AM PDT, ID: 21221458
rock:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
 
Loading Advertisement...
Microsoft
  • Internet Protocols
  • Applications
  • Development
  • OS
  • Hardware
  • Windows Security
Apple
  • Operating Systems
  • Hardware
  • Programming
  • Networking
  • Software
Internet
  • Search Engines
  • File Sharing
  • WebTrends / Stats
  • Spy / Ad Blockers
  • Web Browsers
  • New Net Users
  • Web Development
  • Chat / IM
  • Anti Spam
  • Web Servers
  • Anti-Virus
  • Email Clients
Gamers
  • Tips
  • Online / MMORPG
  • Puzzle
  • Emulators
  • Action / Adventure
  • Role Playing
  • Consoles
  • Game Programming
  • Strategy
  • Sports
  • Misc
  • Computer Games
Digital Living
  • Hardware
  • Automotive
  • New Net Users
  • New Users
  • Software
  • Digital Music
  • Gaming World
  • Home Security
  • Apple
  • Networking Hardware
Virus & Spyware
  • Vulnerabilities
  • IDS
  • Encryption
  • Anti-Virus
  • Operating Systems Security
  • Software Firewalls
  • WebApplications
  • Cell Phones
  • Operating Systems
  • Internet
  • Hardware Firewalls
Hardware
  • Displays / Monitors
  • Handhelds / PDAs
  • Components
  • Peripherals
  • Laptops/Notebooks
  • Servers
  • Misc
  • Apple
  • Embedded Hardware
  • Networking Hardware
  • Storage
  • Desktops
  • New Users
Software
  • System Utilities
  • Industry Specific
  • Network Management
  • Photos / Graphics
  • Page Layout
  • VMware
  • Misc
  • Web Development
  • OS
  • CYGWIN
  • Voice Recognition
  • Virtualization
  • Message Queue
  • Quality Assurance
  • Security
  • Firewalls
  • MultiMedia Applications
  • Development
  • Database
  • Office / Productivity
  • Business Management
  • OS/2 Apps
  • Server Software
  • Internet / Email
ITPro
  • OS
  • Storage
  • Encryption
  • Operating Systems Security
  • Apple Hardware
  • Laptops & Notebooks
  • Servers
  • Networking Hardware
  • Peripherals
  • Devices
  • Displays / Monitors
  • WebTrends / Stats
  • Search Engines
  • Firewalls
  • Web Computing
  • WebApplications
  • IDS
  • Vulnerabilities
  • Email Clients
  • File Sharing
  • Spy / Ad Blockers
  • Web Browsers
  • Web Servers
  • Networking
  • Anti-Virus
  • Consulting
  • Chat / IM
  • Anti Spam
Developer
  • Web Servers
  • Web Browsers
  • Game Programming
  • Dev Tools
  • Industry Specific
  • Office / Productivity
  • Database
  • CYGWIN
  • Web Development
  • Search Engines
  • File Sharing
  • WebTrends / Stats
  • Programming
  • Content Management
  • Application Servers
  • Protocols
Storage
  • Removable Backup Media
  • Storage Technology
  • Servers
  • Grid
  • Remote Access
  • Backup / Restore
  • Misc
  • Hard Drives
OS
  • Miscellaneous
  • Security
  • Development
  • Linux
  • VMware
  • MainFrame OS
  • Unix
  • Apple
  • OS / 2
  • AS / 400
  • BeOS
  • Microsoft
  • VMS / OpenVMS
Database
  • Oracle
  • Miscellaneous
  • MySQL
  • Software
  • Sybase
  • Contact Management
  • PostgreSQL
  • Data Manipulation
  • Clarion
  • InterSystems Cache
  • Siebel
  • MUMPS
  • OLAP
  • SQLBase
  • SAS
  • GIS & GPS
  • 4GL
  • Berkeley DB
  • DB2
  • Informix
  • Interbase / Firebird
  • FoxPro
  • Reporting
  • LDAP
  • Filemaker Pro
  • MS SQL Server
  • dBase
  • MS Access
Security
  • Misc
  • Web Browsers
  • Software Firewalls
  • Operating Systems Security
  • File Sharing
  • Spy / Ad Blockers
  • Vulnerabilities
  • WebApplications
  • IDS
  • Anti-Virus
  • Encryption
  • Anti Spam
  • Email Clients
  • VPN
  • Chat / IM
Programming
  • Editors IDEs
  • Installation
  • Handhelds / PDAs
  • Multimedia Programming
  • System / Kernel
  • Automation
  • Algorithms
  • Game
  • Signal Processing
  • Project Management
  • Open Source
  • Database
  • Misc
  • Languages
  • Processor Platforms
  • Theory
Web Development
  • Scripting
  • Blogs
  • Web Servers
  • Software
  • Search Engines
  • Web Graphics
  • Web Services
  • Images
  • Internet Marketing
  • Images and Photos
  • Components
  • Document Imaging
  • Web Languages/Standards
  • Illustration
  • WebApplications
  • Fonts
  • WebTrends / Stats
  • Authoring
  • Digital Camera Software
  • Miscellaneous
Networking
  • Protocols
  • Apple Networking
  • Network Management
  • Message Queue
  • Application Servers
  • Content Management
  • File Servers
  • Email Servers
  • Misc
  • Java Editors & IDEs
  • Wireless
  • Networking Hardware
  • Backup / Restore
  • System Utilities
  • ISPs & Hosting
  • Web Servers
  • Storage Technology
  • Removable Backup Media
  • Servers
  • Web Computing
  • Broadband
  • Grid
  • OS / 2
  • Novell Netware
  • Unix Networking
  • Windows Networking
  • Security
  • Telecommunications
  • Operating Systems
  • Linux Networking
Other
  • Lounge
  • Business Travel
  • Community Support
  • New Net Users
  • Philosophy / Religion
  • Math / Science
  • Miscellaneous
  • URLs
  • Expert Lounge
  • Politics
  • Puzzles / Riddles
  • Automotive
Community Support
  • Suggestions
  • New to EE
  • New Topics
  • CleanUp
  • Announcements
  • General
  • Feedback
  • Input
  • EE Bugs
 
03.26.2008 at 11:40AM PDT, ID: 21214841
arnold:
You might be able to use expect scripts to do the interactive login and then the execution of your command.
http://bash.cyberciti.biz/security/sshlogin.exp.php
http://www.cpqlinux.com/expect.html
http://search.cpan.org/perldoc?Net%3A%3ASSH%3A%3AExpect
may prove useful.
Assisted Solution
 
03.26.2008 at 12:36PM PDT, ID: 21215326
cflong:
If you do any perl code, this guy's perl module is designed around automated cisco configuration over ssh (or telnet).

Net::Appliance::Session
http://search.cpan.org/~oliver/Net-Appliance-Session-0.21/lib/Net/Appliance/Session/Cookbook/Intro.pod
Assisted Solution
 
03.26.2008 at 11:54PM PDT, ID: 21219083
simply_dhaval:
i don't know how cisco router works but it this is how it can be done in linux, called  passwordless ssh login which uses the rsh key to authenticate. how to do it in linux is described here

http://dhavalv.wordpress.com/2008/01/31/passwordless-ssh-login/

hope it helps :)
 
03.26.2008 at 11:57PM PDT, ID: 21219092
simply_dhaval:
i mean rsa key not rsh ...sorry for typo
 
03.27.2008 at 07:08AM PDT, ID: 21221458
rock:
Thank you all.
Actually I already implemented a TCL/expect-based script dialogue, that is, a solution similar to what was suggested by arnold & cflong. I was just wondering if it would be possible to completely automatize the SSH authentication without "simulated interactive" session as, apart of cultural curiosity, it would prove useful to issue a single IOS command to the router. As already said in my original question, I know how to do it between Linux/unix boxes (thank you anyway, simply_dhval).
I will leave the question open but I'm starting to believe that it is, simply, not supported by IOS.
Accepted Solution
 
 
20080236-EE-VQP-29 / EE_QW_2_20070628