Welcome, Guest. Please login or register.

Author Topic: Backup configuration with SSH or Telnet  (Read 473 times)

Eddy

  • Newbie
  • *
  • Posts: 1
    • View Profile
Backup configuration with SSH or Telnet
« on: May 03, 2018, 11:01:50 AM »
I have a network with different Cisco routers. Some are SSH enabled another Telnet. I want to save the configuration. My configuration file "nedi.conf" can be seen below.
The problem is that the "nedi.conf" file is processed sequentially so that with more than 3 logins, it is no longer possible to log onto a device with SSH if the data in the conf is in fourth place, for example.
Question is it possible with "Nedi" such a constellation to drive or it works only with identical password?
With telnet it works, no matter how many entries in "nedi.conf" exist.



Nedi.conF

### Device mit Telnet CLI ####
maptp      10.103.33.253   23
maptp      10.100.33.253   23
maptp      10.38.33.253   23
maptp      10.40.33.253   23
maptp      10.99.33.253   23
.
.
.



# The users for telnet and ssh access:
# - Put most frequent ones first.
# - Leave enablepass empty, if the user is priviledged already.
# - Use a dummy pass (and proper enablepass) if no login is required to connect.
# - Use a dummy enablepass if no pw is required to enable, but you still need send enable
# - Append ;1 ;2 etc. to user, if different pw are used with same login.
# - Use public-key authentication with ssh, if you do not want to have pw here in cleartext.
# - Nortel CLI capable devices may require to configure cmd-interface cli to avoid menus!
# - To access the cli of a mikrotik, use +cte after user name (e.g. admin+cte)
# - usrsec expects secured password. You can generate them with nedi.pl -Z pw
# - Search for "change for more security" in inc/libmisc.pm and replace with own passphrase!
#
#    user   pass   enablepass
;usr   nedi   pa55   enpa55
;usrsec   nedi   41326464   363f41326464
;usr   admin   Enpa55
;usr   edmin   enterasys
;usr   xmin   extreme

### Zugang per Telnet ####
usr   admin;8   xxxxxx   xxxxxx
usr   admin;1   yyyyyy   yyyyyy
usr   admin;2   zzzzzz   zzzzzz
usr   admin;3   bbbbbb   bbbbbb
usr   admin;4   aaaaaa  aaaaaa

### Zugang per SSH ####
usr   admin;20   rrrrrr
usr   admin;21   tttttt
usr   admin;22   uuuuuu

### Switch ####
### Zugang per SSH ####
usr   admin;40   iiiiii


# Regexp to match username prompts (useful if you set something else on auth server)
# The cryptic stuff at the end are escape sequences for ProCurve
uselogin   (User|username|login|(User|Login)\sName)\s?:\s?(\x1b\[[;\?0-9A-Za-z]+)*$

# Regexp to match sensitive configuration lines, which should not be included in backup
;ignoreconf   password\s

# Set ssh policy for CLI access:
# always   = only explicitly mapped ports will be used with telnet
# never     = never try ssh
# known      = only connects when hostkey is known (add with nedi.pl -k, keyscan or manually with ssh)
# commented   = try whatever will work
usessh      always   
;usessh      never

With TELNET  --> 7 logins --> OK

Prepare (CLI)  ----------------------------------------------------------------
TEL :admin;8@10.34.33.253:23 Tout:10s OS:IOS-rtr EN:[\w+().-]+#\s?$
CLI2:Matched 'Password: ' sending password
CLI3:Password sent
CLI3:Matched 'Password: ' login failed
TEL :admin;1@10.34.33.253:23 Tout:10s OS:IOS-rtr EN:[\w+().-]+#\s?$
CLI2:Matched 'Password: ' sending password
CLI3:Password sent
CLI3:Matched 'Password: ' login failed
TEL :admin;2@10.34.33.253:23 Tout:10s OS:IOS-rtr EN:[\w+().-]+#\s?$
CLI2:Matched 'Password: ' sending password
CLI3:Password sent
CLI3:Matched 'Password: ' login failed
TEL :admin;3@10.34.33.253:23 Tout:10s OS:IOS-rtr EN:[\w+().-]+#\s?$
CLI2:Matched 'Password: ' sending password
CLI3:Password sent
CLI3:Matched 'Password: ' login failed
TEL :admin;4@10.34.33.253:23 Tout:10s OS:IOS-rtr EN:[\w+().-]+#\s?$
CLI2:Matched 'Password: ' sending password
CLI3:Password sent
CLI3:Matched 'Password: ' login failed
TEL :admin;5@10.34.33.253:23 Tout:10s OS:IOS-rtr EN:[\w+().-]+#\s?$
CLI2:Matched 'Username: ' sending username
CLI3:Username admin sent
CLI3:Matched 'Password: ' sending password
CLI3:Password sent
CLI3:Matched 'invalid' login failed
TEL :admin;6@10.34.33.253:23 Tout:10s OS:IOS-rtr EN:[\w+().-]+#\s?$
CLI2:Matched 'Password: ' sending password
CLI3:Password sent
CLI4:Matched homb> (or gen. prompt with enpass & enable cmd), enabling
CLI7:Matched 'Password: ' sending password
CLI8:Matched enable prompt, OK


with SSH ---> 4 Logins ---> Not OK


Prepare (CLI)  ----------------------------------------------------------------
SSH :admin;20@10.68.33.253:22 Tout:10s OS:IOS-rtr EN:[\w+().-]+#\s?$
PTY :Forking ssh  -l admin 10.68.33.253
CLI2:Matched 'Password: ' sending password
CLI3:Password sent
CLI3:Matched 'Password: ' login failed
SSH :admin;21@10.68.33.253:22 Tout:10s OS:IOS-rtr EN:[\w+().-]+#\s?$
PTY :Forking ssh  -l admin 10.68.33.253
CLI2:Matched 'Password: ' sending password
CLI3:Password sent
CLI3:Matched 'Password: ' login failed
SSH :admin;22@10.68.33.253:22 Tout:10s OS:IOS-rtr EN:[\w+().-]+#\s?$
PTY :Forking ssh  -l admin 10.68.33.253
CLI2:Matched 'Password: ' sending password
CLI3:Password sent
CLI3:Matched 'Password: ' login failed
SSH :admin;23@10.68.33.253:22 Tout:10s OS:IOS-rtr EN:[\w+().-]+#\s?$
PTY :Forking ssh  -l admin 10.68.33.253
CLI0:Connection refused
TEL :admin;23@10.68.33.253:23 Tout:10s OS:IOS-rtr EN:[\w+().-]+#\s?$
EVNT:MOD=B/1 L=150 CL=cfge TGT=voel MSG=Config backup error: connection error on port 23