I am trying to read some data from a Cisco network switch (SG300-28SFP) over ssh.
Initially i couldn’t connect as the switch only support some pretty old ciphers e.t.c, but added those to the connection and i can connect. However i cannot read any replies from the device.
Initially i was trying sshex and sshkit, but am now using erlang :ssh directly to make sure it wasn’t a framework problem.
Here is my (pretty basic, and badly written), code.
def send_command(command) do
{:ok, ssh_pid} =
:ssh.connect('192.168.1.254', 22,
user: 'cisco',
save_accepted_host: false,
silently_accept_hosts: true,
password: 'cisco',
modify_algorithms: [
prepend: [kex: [:"diffie-hellman-group1-sha1", :"diffie-hellman-group-exchange-sha1"]],
prepend: [public_key: [:"ssh-rsa", :"ssh-dss"]]
]
# ssh_msg_debug_fun: fn _, _, msg, _ -> IO.inspect(msg) end
# user_dir: Path.expand("../../ssh", __DIR__)
)
IO.inspect(
:ssh.connection_info(ssh_pid, [
:client_version,
:server_version,
:user,
:peer,
:sockname,
:options,
:algorithums
])
)
{:ok, chn} = :ssh_connection.session_channel(ssh_pid, 5000)
_success = :ssh_connection.exec(ssh_pid, chn, command, 5000)
for _ <- 0..3 do
receive do
{:ssh_cm, ^ssh_pid, value} -> IO.inspect(value)
end
end
:ok = :ssh.close(ssh_pid)
end
end
If i run this, it hangs forever at the receive do loop, like this:
iex(1)> FibreTest.Cisco.send_command("up")
[
client_version: {{2, 0}, 'SSH-2.0-Erlang/4.12.5'},
server_version: {{2, 0}, 'SSH-2.0-OpenSSH_5.9p1.RL'},
user: 'cisco',
peer: {'192.168.1.254', {{192, 168, 1, 254}, 22}},
sockname: {{192, 168, 1, 100}, 60691},
options: [
modify_algorithms: [
prepend: [
kex: [:"diffie-hellman-group1-sha1",
:"diffie-hellman-group-exchange-sha1"],
public_key: [],
cipher: [client2server: [], server2client: []],
mac: [client2server: [], server2client: []],
compression: [client2server: [], server2client: []]
],
prepend: [
kex: [],
public_key: [:"ssh-rsa", :"ssh-dss"],
cipher: [client2server: [], server2client: []],
mac: [client2server: [], server2client: []],
compression: [client2server: [], server2client: []]
]
],
password: 'cisco',
pref_public_key_algs: [:"ssh-rsa", :"ssh-dss", :"ecdsa-sha2-nistp384",
:"ecdsa-sha2-nistp521", :"ecdsa-sha2-nistp256", :"ssh-ed25519",
:"ssh-ed448", :"rsa-sha2-256", :"rsa-sha2-512"],
preferred_algorithms: [
kex: [:"diffie-hellman-group1-sha1",
:"diffie-hellman-group-exchange-sha1", :"ecdh-sha2-nistp384",
:"ecdh-sha2-nistp521", :"ecdh-sha2-nistp256",
:"diffie-hellman-group-exchange-sha256",
:"diffie-hellman-group16-sha512", :"diffie-hellman-group18-sha512",
:"diffie-hellman-group14-sha256", :"curve25519-sha256",
:"curve25519-sha256@libssh.org", :"curve448-sha512"],
public_key: [:"ssh-rsa", :"ssh-dss", :"ecdsa-sha2-nistp384",
:"ecdsa-sha2-nistp521", :"ecdsa-sha2-nistp256", :"ssh-ed25519",
:"ssh-ed448", :"rsa-sha2-256", :"rsa-sha2-512"],
cipher: [
client2server: [:"chacha20-poly1305@openssh.com",
:"aes256-gcm@openssh.com", :"aes256-ctr", :"aes192-ctr",
:"aes128-gcm@openssh.com", :"aes128-ctr", :"aes256-cbc", :"aes192-cbc",
:"aes128-cbc", :"3des-cbc"],
server2client: [:"chacha20-poly1305@openssh.com",
:"aes256-gcm@openssh.com", :"aes256-ctr", :"aes192-ctr",
:"aes128-gcm@openssh.com", :"aes128-ctr", :"aes256-cbc", :"aes192-cbc",
:"aes128-cbc", :"3des-cbc"]
],
mac: [
client2server: [:"hmac-sha2-256-etm@openssh.com",
:"hmac-sha2-512-etm@openssh.com", :"hmac-sha2-256", :"hmac-sha2-512",
:"hmac-sha1-etm@openssh.com", :"hmac-sha1"],
server2client: [:"hmac-sha2-256-etm@openssh.com",
:"hmac-sha2-512-etm@openssh.com", :"hmac-sha2-256", :"hmac-sha2-512",
:"hmac-sha1-etm@openssh.com", :"hmac-sha1"]
],
compression: [
client2server: [:none, :"zlib@openssh.com", :zlib],
server2client: [:none, :"zlib@openssh.com", :zlib]
]
],
save_accepted_host: false,
silently_accept_hosts: true,
user: 'cisco'
]
]
If i ssh into the switch from the same machine manually, i get the expected login prompt.
Here’s my open_ssh config (which i also had to edit to enable me to connect)
# This is the ssh client system-wide configuration file. See
# ssh_config(5) for more information. This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.
# Configuration data is parsed as follows:
# 1. command line options
# 2. user-specific file
# 3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.
# This Include directive is not part of the default ssh_config shipped with
# OpenSSH. Options set in the included configuration files generally override
# those that follow. The defaults only apply to options that have not been
# explicitly set. Options that appear multiple times keep the first value set,
# unless they are a multivalue option such as IdentityFile.
Include /etc/ssh/ssh_config.d/*
# Site-wide defaults for some commonly used options. For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.
# Host *
# ForwardAgent no
# ForwardX11 no
# PasswordAuthentication yes
# HostbasedAuthentication no
# GSSAPIAuthentication no
# GSSAPIDelegateCredentials no
# BatchMode no
# CheckHostIP yes
# AddressFamily any
# ConnectTimeout 0
# StrictHostKeyChecking ask
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# IdentityFile ~/.ssh/id_ecdsa
# IdentityFile ~/.ssh/id_ed25519
# Port 22
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
MACs hmac-md5,hmac-sha1,hmac-sha2-256,umac-64@openssh.com
# EscapeChar ~
# Tunnel no
# TunnelDevice any:any
# PermitLocalCommand no
# VisualHostKey no
# ProxyCommand ssh -q -W %h:%p gateway.example.com
# RekeyLimit 1G 1h
# UserKnownHostsFile ~/.ssh/known_hosts.d/%k
Host *
SendEnv LANG LC_*
HostkeyAlgorithms ssh-dss,ssh-rsa
KexAlgorithms +diffie-hellman-group1-sha1,diffie-hellman-group14-sha1
I have various other linux/debian servers as well as some Pi’s that i can issue commands on from elixir/erlang fine.
So, a bit stumped here and wondering if anyone had any suggestions before i resort to the serial port
Thanks!