Wireless Access

Reply
Occasional Contributor II

PLINK / SSH Scripting to Mobility Controller

Hi

I would like to script an SSH connection and various commands to an Aruba controller for two reasons:

 

1) Exporting local userdatabase on master and copying to TFTP, importing on local

2) Exporting a 'show ap database' for a morning report to check that the AP's are up.

 

When I run the following - plink -v -ssh USERNAME@IPADDRESS -pw PASSWORD -m commands.txt

 

where commands.txt has

en

PASSWORD

show ap database

 

I get the error - "Keyboard-interactive authentication refused"

 

Does anyone know why this might be, or could an alternative be suggested?

 

Cheers

Steve

 

Occasional Contributor I

Re: PLINK / SSH Scripting to Mobility Controller

Hi Steve,

 

you can test the following:

plink -v -ssh USERNAME@IPADDRESS -pw PASSWORD -batch < commands.txt > output.txt 2>&1

 

commands.txt:

en
PASSWORD
show ap database
exit
exit

Then check output.txt for the results. 

 

Did you think about a "enable bypass" on your controller already? This will skip the 'enable/PASSWORD' command and after login you are in enable mode already.

 

Frank

Occasional Contributor II

Re: PLINK / SSH Scripting to Mobility Controller

Thanks for the suggestion but no luck unfortunatly:

 

Looking up host "IPADDRESS"

Connecting to "IPADDRESS" port 22
Server version: SSH-2.0-OpenSSH_5.8
We claim version: SSH-2.0-PuTTY_Release_0.60
Using SSH protocol version 2
Doing Diffie-Hellman group exchange
Doing Diffie-Hellman key exchange with hash SHA-256
Host key fingerprint is:
ssh-rsa 2048 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Initialised AES-256 SDCTR client->server encryption
Initialised HMAC-SHA1 client->server MAC algorithm
Initialised AES-256 SDCTR server->client encryption
Initialised HMAC-SHA1 server->client MAC algorithm
Using username "admin".
Keyboard-interactive authentication refused
Sent password
Access denied
Access denied
Disconnected: Unable to authenticate

 

Do you think 'enable bypass' would avoid this?

Occasional Contributor I

Re: PLINK / SSH Scripting to Mobility Controller

I don't think so, for me it looks like a wrong username or password.


steveh_2001 wrote:Using username "admin".
--- <snip> ---
Keyboard-interactive authentication refused

Sent password
Access denied
Access denied
Disconnected: Unable to authenticate

 

--- <snip> ---


The 'Keyboard-interactive authentication refused' seems not to be an error but a information from putty.

 

A successful connect looks like:

Looking up host "IPADDRESS"
Connecting to IPADDRESS port 22
Server version: SSH-2.0-OpenSSH_5.8
We claim version: SSH-2.0-PuTTY_Release_0.60
Using SSH protocol version 2
Doing Diffie-Hellman group exchange
Doing Diffie-Hellman key exchange with hash SHA-256
Host key fingerprint is:
ssh-rsa 2048 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Initialised AES-256 SDCTR client->server encryption
Initialised HMAC-SHA1 client->server MAC algorithm
Initialised AES-256 SDCTR server->client encryption
Initialised HMAC-SHA1 server->client MAC algorithm
Using username "USERNAME".
Keyboard-interactive authentication refused
Sent password
Access granted
Opened channel for session
Allocated pty (ospeed 38400bps, ispeed 38400bps)
Started a shell/command
Last login: Thu Sep 19 09:42:06 2013 from MYIP

Sent EOF message


(MYCONTROLLER) >en
Password:
Password:********
(MYCONTROLLER) #
(MYCONTROLLER) #show ap database

AP Database
-----------
Name              Group                       AP Type  IP Address    Status             Flags  Switch IP  Standby IP
----              -----                       -------  ----------    ------             -----  ---------  ----------
--- <snip> ---

Flags: U = Unprovisioned; N = Duplicate name; G = No such group; L = Unlicensed
       I = Inactive; D = Dirty or no config; E = Regulatory Domain Mismatch
       X = Maintenance Mode; P = PPPoE AP; B = Built-in AP
       R = Remote AP; R- = Remote AP requires Auth; C = Cellular RAP;
       c = CERT-based RAP; 1 = 802.1x authenticated AP; 2 = Using IKE version 2
       u = Custom-Cert RAP; S = Standby-mode AP; J = USB cert at AP
       M = Mesh node; Y = Mesh Recovery

Total APs:2

(MYCONTROLLER) #
(MYCONTROLLER) #exit
(MYCONTROLLER) >
(MYCONTROLLER) >eServer sent command exit status 1
Disconnected: All channels closed
xitConnection closed by foreign host.

 

If I use a wrong password in the command line, it looks like your output:

Looking up host "IPADDRESS"
Connecting to IPADDRESS port 22
Server version: SSH-2.0-OpenSSH_5.8
We claim version: SSH-2.0-PuTTY_Release_0.60
Using SSH protocol version 2
Doing Diffie-Hellman group exchange
Doing Diffie-Hellman key exchange with hash SHA-256
Host key fingerprint is:
ssh-rsa 2048 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Initialised AES-256 SDCTR client->server encryption
Initialised HMAC-SHA1 client->server MAC algorithm
Initialised AES-256 SDCTR server->client encryption
Initialised HMAC-SHA1 server->client MAC algorithm
Using username "USERNAME".
Keyboard-interactive authentication refused
Sent password
Access denied
Access denied
Disconnected: Unable to authenticate

Can you try to login manually with your crendentials (plink -ssh USERNAME@IPADDRESS)? Are there any special characters in your password? For testing purposes try a simple password.

 

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: