Welcome, Guest. Please login or register.

Author Topic: SSH login into Cisco deviced  (Read 4154 times)

piet

  • Newbie
  • *
  • Posts: 31
    • View Profile
SSH login into Cisco deviced
« on: August 31, 2011, 10:57:11 AM »
Hello Forum,

I run the latest nedi1.0.6 on NEDIO6 and I have problems with ssh login into cisco devices.

A
Code: [Select]
./nedi.pl -vdbt IPAddress gives
Code: [Select]
SSH :admin:22 Tout:2s OS:IOS EN:(.+?)#\s?$
PTY :Forking ssh -o 'StrictHostKeyChecking no' -l admin IPAddress
CLI2:Matched Password:, sending password
CLI3:Password sent
CLI3:Matched Password:, login failed

The password contains special characters like # and - and $ and I assume, that the password might not taken correctly from the nedi.conf.

How can I check, which password is transfered to the device?

If I run
Code: [Select]
ssh -o 'StrictHostKeyChecking no' -l admin IPAddress manually and enter the password, the login works.

Thank you very much for your support  :)

Piet

rickli

  • Administrator
  • Hero Member
  • *****
  • Posts: 2737
    • View Profile
    • NeDi
Re: SSH login into Cisco deviced
« Reply #1 on: August 31, 2011, 09:42:25 PM »
Please consider Other-Invoices on your NeDi installation for an annual contribution, tx!
-Remo

piet

  • Newbie
  • *
  • Posts: 31
    • View Profile
Re: SSH login into Cisco deviced
« Reply #2 on: September 02, 2011, 08:35:58 AM »
Hello Remo,

thank you very much for this broad hint  ;)

I just tested with the additional terminal sessions to see what's going on with input.log and output.log.

But now, it seems, that nedi does not try to login into the device at all  ???

I tested different command line options like
Code: [Select]
./nedi.pl -vdbt IPAddress and
Code: [Select]
./nedi.pl -vdba IPAddress or
Code: [Select]
./nedi.pl -vdbBa IPAddress
And I removed the different userids from the nedi.conf and keep just that one which is valid for the tested device - but the only CLI related output from nedi.pl is
Code: [Select]
Prepare (CLI)  ----------------------------------------------------------------
PREP:No working user

Nothing is looged in the input.log nor in the output.log

Do you have any idea what could cause this problem?

Thank you very much agagin for your support!


Piet


rickli

  • Administrator
  • Hero Member
  • *****
  • Posts: 2737
    • View Profile
    • NeDi
Re: SSH login into Cisco deviced
« Reply #3 on: September 02, 2011, 09:42:04 PM »
NeDi won't try again if it couldn't find a working login. Imagine doing this to 300 switches with every discovery...

You can have it retry by clicking on the CLI icon in Devices-Status.
Please consider Other-Invoices on your NeDi installation for an annual contribution, tx!
-Remo

joerg.roth

  • Guest
Re: SSH login into Cisco deviced
« Reply #4 on: September 06, 2011, 03:58:19 PM »
I can confirm, it's a tacacs related problem:

Version:
/usr/local/bin/tac_plus -v
tac_plus version F4.0.4.18

User: testuser
Password: testpass

tacacs-debug (i changed username, password and crypted-password):

Found entry for testuser in shadow file
verify testuser $2a$10$TAwt6ciFlPggA3HyJ8Idfe2po3masnEPhakTTe7CUX5f1TdoLLXMu
testuser encrypts to $2a$10$TAwt6ciFlPggA3HyJ8IdfeCqqQy8O.mRaj.R/auSXXHsmb7VBBwTy
Password is incorrect

tacacs gets the username instead of the password from nedi. A correct login:

Found entry for testuser in shadow file
verify testpass $2a$10$TAwt6ciFlPggA3HyJ8Idfe2po3masnEPhakTTe7CUX5f1TdoLLXMu
testpass encrypts to $2a$10$TAwt6ciFlPggA3HyJ8Idfe2po3masnEPhakTTe7CUX5f1TdoLLXMu
Password is correct

No problems with freeradius. We use both.


« Last Edit: September 06, 2011, 04:37:17 PM by joerg »