NeDi Community

Networking => General Topics => Topic started by: maltyx on December 28, 2020, 03:19:07 pm

Title: Backup Aruba/HP-Procurve Switches Configs
Post by: maltyx on December 28, 2020, 03:19:07 pm

I have a strange problem, one day backup configuration of Aruba/HP Procurve switches stop to work. It fails on login to a switch (SSH)
on Nedi side it looks like follow:

--------
Prepare (CLI)  ----------------------------------------------------------------  Mon Dec 28 15:22:17 2020
SSH :username@10.16.16.x:22 Tout:2s OS:ProCurve EN:(\x1b\[[;\?0-9A-Za-z]+)+[\w\s()'+.-]+#\s?(\x1b\[[;\?0-9A-Za-z]+)+$
PTY :Forking ssh -o 'StrictHostKeyChecking no' -l username 10.16.16.x
CLI2:Matched 'password: ' sending password
CLI3:Password sent
CLI3:Matched 'password: ' login failed
SSH :username2@10.16.16.x:22 Tout:2s OS:ProCurve EN:(\x1b\[[;\?0-9A-Za-z]+)+[\w\s()'+.-]+#\s?(\x1b\[[;\?0-9A-Za-z]+)+$
PTY :Forking ssh -o 'StrictHostKeyChecking no' -l username2 10.16.16.x
CLI2:Matched 'password: ' sending password
CLI3:Password sent
CLI3:Matched 'password: ' login failed
SSH :username3@10.16.16.x:22 Tout:2s OS:ProCurve EN:(\x1b\[[;\?0-9A-Za-z]+)+[\w\s()'+.-]+#\s?(\x1b\[[;\?0-9A-Za-z]+)+$
PTY :Forking ssh -o 'StrictHostKeyChecking no' -l username3 10.16.16.x
CLI2:Matched 'password: ' sending password
CLI3:Password sent
CLI3:Matched 'password: ' login failed
SSH :username4@10.16.16.x:22 Tout:2s OS:ProCurve EN:(\x1b\[[;\?0-9A-Za-z]+)+[\w\s()'+.-]+#\s?(\x1b\[[;\?0-9A-Za-z]+)+$
PTY :Forking ssh -o 'StrictHostKeyChecking no' -l username4 10.16.16.x
CLI2:Matched 'password: ' sending password
CLI3:Password sent
CLI3:Matched 'password: ' login failed
EVNT:MOD=B/1 L=150 CL=cfge TGT=HP-5406Rzl2-IT MSG=Config backup error: invalid credentials

------
when I try to connect from Nedi server console with: ssh -o 'StrictHostKeyChecking no' -l username4 10.16.16.x
and entering the password, it logins as expected...
What I may to check out to fix the problem? Any help appreciated

Title: Re: Backup Aruba/HP-Procurve Switches Configs
Post by: rickli on January 05, 2021, 01:50:18 pm

Does it work, if you run nedi.pl from SSH? If so, you can update the SSH key in Devices-Status (for the webserver user).

If not, add -dc to debug the CLI and look at the logfiles in /tmp

Title: Re: Backup Aruba/HP-Procurve Switches Configs
Post by: maltyx on January 05, 2021, 07:14:32 pm

Rickli, thank you for your help.
Probably, the problem was caused by the fact, that I use two CLI Accounts with the same username in nedi.conf file (but with different passwords).  It looks like nedi.pl was trying to use the LAST listed pair of Username and password in the config file. After I have deleted the first listed pair of USRN&PSW and created a new pair, NEDI.PL started to use the NEW one PAIR (the last in the list)..and the one pair above stopped to be used by script.
Is that so as it should be?
Thank you, again!

Title: Re: Backup Aruba/HP-Procurve Switches Configs
Post by: rickli on January 07, 2021, 11:48:38 am

If you need to user with different passwords you can put something like admin;1 and admin;b. Only the part before the ; will be sent to the devices.

Title: Re: Backup Aruba/HP-Procurve Switches Configs
Post by: maltyx on January 12, 2021, 08:38:41 am

Thank You very much again!

Title: Re: Backup Aruba/HP-Procurve Switches Configs
Post by: padawan on January 25, 2023, 02:59:20 pm

In my config I added a ";" to the second password. Unfortunately, the login seems to work only on the devices where the username is used without the ";".

Is there a trick that I have overlooked?

Thanks in advance for your help.

-- CLI --
sudo -u www-data /var/nedi/nedi.pl -vvvvvv -kK -B5 -P1 -L"admin" -SAFGgadobewitjumpsvx -a"172.16.1.1"
-- CLI --



-- Log start --
...
Prepare (CLI)  ----------------------------------------------------------------  Wed Jan 25 13:50:52 2023
SSH :Connect admin@172.16.1.1:22 Tout:2s OS:ProCurve EN:(\x1b\[[;\?0-9A-Za-z]+)+[\w\s()'+.-]+#\s?(\x1b\[[;\?0-9A-Za-z]+)+$
PTY :Forking ssh -o 'StrictHostKeyChecking no' -l admin 172.16.1.1
CLI2:Matched 'password: ' sending password
CLI3:Password sent
CLI3:Matched 'password: ' login failed
EVNT:MOD=B/1 L=150 CL=cfge TGT=CoreSwitch MSG=Config backup error: invalid credentials
...
-- Log end --

-- Conf start --
...
usr     admin   Password1
usr     admin;b Password2
usr     operator        Password3
...
-- Conf end --

Title: Re: Backup Aruba/HP-Procurve Switches Configs
Post by: rickli on February 02, 2023, 11:40:43 am

If you append ;id you'll have to reset the CLI access. Click on the red button in Device-Status and NeDi will retry the logins. In System-NeDi (using a 2nd tab) you can select the correct user in order to avoid trying all others. It's important to know that, if the login fails, NeDi will not retry to avoid spewing out credentials and slowing down the discovery...

Title: Re: Backup Aruba/HP-Procurve Switches Configs
Post by: padawan on February 15, 2023, 02:24:50 pm

Thank you.

I just looked in "Devices" -> "Config" in "Backup Errors" and did a manual backup config in the CLI:

Code: [Select]

sudo -u www-data /var/nedi/nedi.pl -vvvvvv -kK -B0 -P1 -L"admin;1" -SAFGgadobewitjumpsvx -a"W.X.Y.Z"This way I didn't had to reset the CLI access.

Title: Re: Backup Aruba/HP-Procurve Switches Configs
Post by: rickli on February 16, 2023, 05:37:34 pm

Cool, thanks for the feedback!