From owner-freebsd-isp@FreeBSD.ORG Sat Feb 7 11:19:04 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F1C6716A4CE for ; Sat, 7 Feb 2004 11:19:04 -0800 (PST) Received: from mail.lambertfam.org (www.lambertfam.org [216.223.208.55]) by mx1.FreeBSD.org (Postfix) with ESMTP id D70C843D1D for ; Sat, 7 Feb 2004 11:19:04 -0800 (PST) (envelope-from lambert@lambertfam.org) Received: from localhost (localhost [127.0.0.1]) by mail.lambertfam.org (Postfix) with ESMTP id CC85934D74 for ; Sat, 7 Feb 2004 14:19:01 -0500 (EST) Received: from mail.lambertfam.org ([127.0.0.1]) by localhost (www.lambertfam.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 47648-07 for ; Sat, 7 Feb 2004 14:19:00 -0500 (EST) Received: from laptop.lambertfam.org (ool-182db8f6.dyn.optonline.net [24.45.184.246]) by mail.lambertfam.org (Postfix) with ESMTP id BA3B234D7A for ; Sat, 7 Feb 2004 14:19:00 -0500 (EST) Received: by laptop.lambertfam.org (Postfix, from userid 1001) id 17A89C104; Sat, 7 Feb 2004 14:18:59 -0500 (EST) Date: Sat, 7 Feb 2004 14:18:59 -0500 From: Scott Lambert To: freebsd-isp@freebsd.org Message-ID: <20040207191859.GA79635@laptop.lambertfam.org> Mail-Followup-To: freebsd-isp@freebsd.org References: <20040207124507.GA20305@titan.klemm.apsfilter.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040207124507.GA20305@titan.klemm.apsfilter.org> User-Agent: Mutt/1.5.5.1i X-Virus-Scanned: by amavisd-new at lambertfam.org Subject: Re: fbsd mgmt server, telnet through ssh tunnel to Cisco possible ? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Feb 2004 19:19:05 -0000 On Sat, Feb 07, 2004 at 01:45:08PM +0100, Andreas Klemm wrote: > Hi, > > I have a FreeBSD 5.2.1 monitoring system up and running. > It uses shellscripts with netcat to login to the ciscos > get some data out of it, writes results to files etc ... > For these mechanism to work I need to be able to telnet to the > ciscos. > > Unluckily I have now a bunch of Ciscos, where only ssh login > is possible and where no rsh server functionality is allowed. > > Is it somehow possible to telnet to the ciscos via a ssh tunnel ? > And without the Cisco prompting for a password ? > > Is there something other available than netcat to make > batched data collection scripts to ciscos possible on a > ssh basis ??? > > Any recommendations that could work ? > > Currently I use something like this > > for cisco in $* > do > nc [options] $cisco > /some/path/sh-run/$cisco-confg < password > ena > password > sh runn > quit > !EOS > done > > How can I get this via ssh ??? Don't reinvent the wheel. /usr/ports/net/rancid clogin will connect, via ssh or telnet, to the cisco, or one of several other network gear manufaturer's devices, login and enable based on the .clogin settings. # cat /usr/ports/net/rancid/pkg-descr Rancid monitors a router's (or device's) configuration, including software and hardware (cards, serial numbers, etc), using CVS. Rancid currently supports Bay routers, Cisco routers, Juniper routers, Catalyst switches, Foundry switches, Redback NASs, ADC EZT3 muxes, MRTd (and thus likely IRRd), Alteon switches, HP procurve switches, Hitachi routers. Rancid logs into each of the devices in a router table file, runs various commands, chomps the output, and emails any differences ( sample) from the previous collection to a mail list. A looking glass is also included with rancid, based on Ed Kern's in use on http://nitrous.digex.net/. Rancid version has added functions, supports cisco, juniper, and foundry and uses the login scripts that come with rancid; so it can use rsh, telnet, or ssh to connect to your router(s). WWW: http://www.shrubbery.net/rancid/ Give it a whirl. It really works well. -- Scott Lambert KC5MLE Unix SysAdmin lambert@lambertfam.org