Wireless Access

last person joined: 20 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

PLINK / SSH Scripting to Mobility Controller

This thread has been viewed 5 times

  • 1.  PLINK / SSH Scripting to Mobility Controller

    Posted Sep 18, 2013 11:56 AM

    Hi

    I would like to script an SSH connection and various commands to an Aruba controller for two reasons:

     

    1) Exporting local userdatabase on master and copying to TFTP, importing on local

    2) Exporting a 'show ap database' for a morning report to check that the AP's are up.

     

    When I run the following - plink -v -ssh USERNAME@IPADDRESS -pw PASSWORD -m commands.txt

     

    where commands.txt has

    en

    PASSWORD

    show ap database

     

    I get the error - "Keyboard-interactive authentication refused"

     

    Does anyone know why this might be, or could an alternative be suggested?

     

    Cheers

    Steve

     



  • 2.  RE: PLINK / SSH Scripting to Mobility Controller

    Posted Sep 19, 2013 02:34 AM

    Hi Steve,

     

    you can test the following:

    plink -v -ssh USERNAME@IPADDRESS -pw PASSWORD -batch < commands.txt > output.txt 2>&1

     

    commands.txt:

    en
    PASSWORD
    show ap database
    exit
    exit

    Then check output.txt for the results. 

     

    Did you think about a "enable bypass" on your controller already? This will skip the 'enable/PASSWORD' command and after login you are in enable mode already.

     

    Frank



  • 3.  RE: PLINK / SSH Scripting to Mobility Controller

    Posted Sep 19, 2013 04:07 AM

    Thanks for the suggestion but no luck unfortunatly:

     

    Looking up host "IPADDRESS"

    Connecting to "IPADDRESS" port 22
    Server version: SSH-2.0-OpenSSH_5.8
    We claim version: SSH-2.0-PuTTY_Release_0.60
    Using SSH protocol version 2
    Doing Diffie-Hellman group exchange
    Doing Diffie-Hellman key exchange with hash SHA-256
    Host key fingerprint is:
    ssh-rsa 2048 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

    Initialised AES-256 SDCTR client->server encryption
    Initialised HMAC-SHA1 client->server MAC algorithm
    Initialised AES-256 SDCTR server->client encryption
    Initialised HMAC-SHA1 server->client MAC algorithm
    Using username "admin".
    Keyboard-interactive authentication refused
    Sent password
    Access denied
    Access denied
    Disconnected: Unable to authenticate

     

    Do you think 'enable bypass' would avoid this?



  • 4.  RE: PLINK / SSH Scripting to Mobility Controller

    Posted Sep 19, 2013 04:53 AM

    I don't think so, for me it looks like a wrong username or password.

    steveh_2001 wrote:Using username "admin".
    --- <snip> ---
    Keyboard-interactive authentication refused

    Sent password
    Access denied
    Access denied
    Disconnected: Unable to authenticate

     

    --- <snip> ---

    The 'Keyboard-interactive authentication refused' seems not to be an error but a information from putty.

     

    A successful connect looks like:

    Looking up host "IPADDRESS"
Connecting to IPADDRESS port 22
Server version: SSH-2.0-OpenSSH_5.8
We claim version: SSH-2.0-PuTTY_Release_0.60
Using SSH protocol version 2
Doing Diffie-Hellman group exchange
Doing Diffie-Hellman key exchange with hash SHA-256
Host key fingerprint is:
ssh-rsa 2048 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Initialised AES-256 SDCTR client->server encryption
Initialised HMAC-SHA1 client->server MAC algorithm
Initialised AES-256 SDCTR server->client encryption
Initialised HMAC-SHA1 server->client MAC algorithm
Using username "USERNAME".
Keyboard-interactive authentication refused
Sent password
Access granted
Opened channel for session
Allocated pty (ospeed 38400bps, ispeed 38400bps)
Started a shell/command
Last login: Thu Sep 19 09:42:06 2013 from MYIP

Sent EOF message


(MYCONTROLLER) >en
Password:
Password:********
(MYCONTROLLER) #
(MYCONTROLLER) #show ap database

AP Database
-----------
Name              Group                       AP Type  IP Address    Status             Flags  Switch IP  Standby IP
----              -----                       -------  ----------    ------             -----  ---------  ----------
--- <snip> ---

Flags: U = Unprovisioned; N = Duplicate name; G = No such group; L = Unlicensed
       I = Inactive; D = Dirty or no config; E = Regulatory Domain Mismatch
       X = Maintenance Mode; P = PPPoE AP; B = Built-in AP
       R = Remote AP; R- = Remote AP requires Auth; C = Cellular RAP;
       c = CERT-based RAP; 1 = 802.1x authenticated AP; 2 = Using IKE version 2
       u = Custom-Cert RAP; S = Standby-mode AP; J = USB cert at AP
       M = Mesh node; Y = Mesh Recovery

Total APs:2

(MYCONTROLLER) #
(MYCONTROLLER) #exit
(MYCONTROLLER) >
(MYCONTROLLER) >eServer sent command exit status 1
Disconnected: All channels closed
xitConnection closed by foreign host.

     

    If I use a wrong password in the command line, it looks like your output:

    Looking up host "IPADDRESS"
Connecting to IPADDRESS port 22
Server version: SSH-2.0-OpenSSH_5.8
We claim version: SSH-2.0-PuTTY_Release_0.60
Using SSH protocol version 2
Doing Diffie-Hellman group exchange
Doing Diffie-Hellman key exchange with hash SHA-256
Host key fingerprint is:
ssh-rsa 2048 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Initialised AES-256 SDCTR client->server encryption
Initialised HMAC-SHA1 client->server MAC algorithm
Initialised AES-256 SDCTR server->client encryption
Initialised HMAC-SHA1 server->client MAC algorithm
Using username "USERNAME".
Keyboard-interactive authentication refused
Sent password
Access denied
Access denied
Disconnected: Unable to authenticate

    Can you try to login manually with your crendentials (plink -ssh USERNAME@IPADDRESS)? Are there any special characters in your password? For testing purposes try a simple password.