Wired Intelligent Edge

last person joined: 2 days ago 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Back to discussions
Expand all | Collapse all

AOS-CX "start-shell" Where is there documentation for the aos-cx shell commands?

This thread has been viewed 38 times

  • 1.  AOS-CX "start-shell" Where is there documentation for the aos-cx shell commands?

    Posted Oct 18, 2019 12:18 PM

    AOS-CX "start-shell" Where is there documentation for the aos-cx shell commands?

     

    -N

     

    -----
    # Thanks # Gracias # Merci # ありがとう # Danke # Spasiba # 감사합니다 # Toda # Cheers # Dhanyawaad # Ahsante # Xièxiè # shukran #

     

     

     



  • 2.  RE: AOS-CX "start-shell" Where is there documentation for the aos-cx shell commands?
    Best Answer

    MVP GURU
    Posted Oct 18, 2019 08:50 PM

    Hi @i-r-AOSCX-noob,

     

    Access to (Linux) bash shell via start-shell from ArubaOS-CX (or from ServiceOS) is not publicly documented very well (except for very basic citations appeared "here and there")...this doesn't mean it isn't undocumented (which clearly it isn't...that is simply part of Aruba internal documentation normally not available externally to us)...just remember you are going to deal with a Linux OS bash shell so you should be very cautious in jumping in to playing with commands...especially for changing parameters instead of simply displaying logs (in other terms...damaging due to misconfiguration could force you to zeroize the switch, as example)...consider that after ArubaOS-CX 10.02.0020 IIRC Aruba implemented bash access tracking via a shell-enable(d) flag in ServiceOS called SE so Aruba support engineers are able to check (and understand) if a switch was accessed through start-shell [*] and they could - potentially - ask the customer to zeroize the switch to bring it back to a default known state before starting any further support action for a reported issue (that's to avoid diagnoising an altered system).

     

    [*] SE flag can be reset only via zeroization...so you can't easily hide the fact you accessed the Linux shell at least one time (even if you didn't perform anything special once accessed...just accessed to see what the shell has to offer).



  • 3.  RE: AOS-CX "start-shell" Where is there documentation for the aos-cx shell commands?
    Best Answer

    EMPLOYEE
    Posted Oct 24, 2019 04:07 AM

    As Davide said, start-shell gives you possibility of root access on the underlying linux Kernel. Some support commands might be provided from time to time in this blog to help deep troubleshooting that would be conducted by Aruba support. The CLI development aims to provide all the in-depth command as well (like diag command). Note that in ServiceOS there is the secure mode setting that prevents access to start-shell if desired. Changing this mode requires zeroization. The swtich by default is set with secure mode being standard (with start-shell access enabled). With enhanced setting, start-shell won't be allowed.

    SVOS> secure-mode enhanced
    ############################WARNING############################
    This will set the switch into enhanced secure mode. Before
    enhanced secure mode is enabled, the switch must securely erase
    all customer data and reset the switch to factory defaults.
    This will initiate a reboot and render the switch unavailable
    until the zeroization is complete.
    ############################WARNING############################

    Continue (y/n)?

     

    If you have very specific points where you think start-shell is required, do not hesitate to raise them.

    I hope this helps.