Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[MX] Seamless script execution in collecting data from peer router through SSH

0

0

Article ID: KB36984 KB Last Updated: 25 May 2021Version: 1.0
Summary:

When executing a script from a local DUT to collect an output from peer node, the script is halted while collecting command output from peer node asking for password.

This article provides the procedure where the script will be executed seamlessly without the need for password while connecting via SSH.

Symptoms:

For example, checking if the script on the peer node is running (If you want to stop that script from local node):

labroot@re0:/var/home/labroot # ssh -t labroot@R.R.R.R 'start shell command "ps -aux | grep sh"'
The authenticity of host 'R.R.R.R (R.R.R.R)' can't be established.
ECDSA key fingerprint is SHA256:/IaQEjqPkeT/xMtCps5vi2gkBk0XmuYyIB5w88YR1rQ.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'R.R.R.R' (ECDSA) to the list of known hosts.
Password:

Here, the command execution asks for the remote node "labroot" password. Including this command in the shell script, and attempting to run every 30 secs in a loop will not be productive as it will ask for the password.

labroot@re0:/var/home/labroot # vi test1.sh
#!/bin/sh
 
while [ : ]
do
a=`ssh -t labroot@R.R.R.R 'start shell command "ps -aux | grep sh"'`
echo $a
sleep 30
done
 
~

labroot@re0:/var/home/labroot # sh test1.sh
Password:
Password: -------- you have to key in password each iteration.
Password:
Cause:

This is normal operational behavior for remote connection where the SSH service is enabled with user profile having local password / Root authentication with plain text password.

Solution:

SSH makes use of public key authentication which is saved in the below path:

labroot@re0:/var/home/labroot/.ssh # cd /root/.ssh
labroot@re0:~/.ssh # ls
id_rsa          id_rsa.pub      known_hosts
labroot@re0:~/.ssh # 
  1. If the Public file is not available, try creating it using ssh-keygen -t rsa.

  2. With this public key, copy it to the remote node in /var/tmp/id_rsa.pub and make use of that file for login password.

    labroot@re0:~/.ssh # more id_rsa.pub 
    ssh-rsa <<<<< KEY FROM THE FILE OF THIS LOCAL NODE >>>> user@re0
    user@re0:~/.ssh # 

    Copy this entire content to the remote node

    labroot@re0:~/.ssh # scp id_rsa.pub R.R.R.R:/var/tmp
    Password:
    id_rsa.pub                           100%  407   811.1KB/s   00:00    
    user@re0:~/.ssh #
  3. Now on the peer node, we need to alter the login method credentials for labroot on the peer node:

    [edit]
    labroot@re0# delete groups default system login user labroot authentication 
    warning: [groups default] is protected, 'groups default system login user labroot authentication' cannot be deleted

    [edit]
    labroot@re0# unprotect groups default 

    [edit]
    labroot@re0# delete groups default system login user labroot authentication    

    [edit]
    labroot@re0# set groups default system login user labroot authentication load-key-file /var/tmp/id_rsa.pub <<<<< This being same as the local node, the SSH from local node will be bypassed authentication.

    [edit]
    labroot@re0# commit synchronize and-quit 
    warning: 'synchronize' ignored in single routing engine chassis
    re0: 
    commit complete
    Exiting configuration mode

    labroot@re0> 
  4. Execute the script on the local node, which will not ask for password.

    user@re0:~/.ssh # ssh -t labroot@10.219.38.136 "show chassis hardware"
    Hardware inventory:
    Item             Version  Part number  Serial number     Description
    Chassis                                JN125BE62AFB      MX480
    Midplane         REV 09   750-047862   ACRF1802          Enhanced MX480 Midplane
    FPM Board        REV 02   710-017254   ABDE5285          Front Panel Display
    PEM 0            Rev 10   740-029970   QCS1522U044       PS 1.4-2.52kW; 90-264V AC in
    PEM 1            Rev 10   740-029970   QCS1522U046       PS 1.4-2.52kW; 90-264V AC in
    PEM 2            Rev 10   740-029970   QCS1522U02M       PS 1.4-2.52kW; 90-264V AC in
    PEM 3            Rev 10   740-029970   QCS1522U04F       PS 1.4-2.52kW; 90-264V AC in
    Routing Engine 0 REV 17   740-031116   9016309194        RE-S-1800x4
    CB 0             REV 08   750-055976   CAFN2361          Enhanced MX SCB 2
    FPC 1            REV 18   750-062865   CAPW5522          MPC4E 3D 32XGE
      CPU            REV 03   711-062860   CAPV9681          HMPC PMB 2G 
      PIC 0                   BUILTIN      BUILTIN           8X10GE SFPP
        Xcvr 0       REV 01   740-021308   CJ20YP1Q9         SFP+-10G-SR
        Xcvr 1       REV 01   740-031980   MTN1BZ0           SFP+-10G-SR
        Xcvr 2       REV 01   740-031980   CH09KN0KL         SFP+-10G-SR
        Xcvr 3       REV 01   740-031980   A4HADWE           SFP+-10G-SR
        Xcvr 4       REV 01   740-031980   AMC0KQR           SFP+-10G-SR
      PIC 1                   BUILTIN      BUILTIN           8X10GE SFPP
        Xcvr 0       REV 01   740-021308   AD1501306DJ       SFP+-10G-SR
        Xcvr 1       REV 01   740-031980   CJ05YJ044         SFP+-10G-SR
        Xcvr 2       REV 01   740-031980   A4GAW1Y           SFP+-10G-SR
        Xcvr 3       REV 01   740-031980   A4GASZK           SFP+-10G-SR
      PIC 2                   BUILTIN      BUILTIN           8X10GE SFPP
        Xcvr 0       REV 01   740-031980   AA170330AMY       SFP+-10G-SR
        Xcvr 1       REV 01   740-031980   MTP05MK           SFP+-10G-SR
        Xcvr 2       REV 01   740-031980   AA1744306ZK       SFP+-10G-SR
        Xcvr 3       REV 01   740-031980   A4HAG79           SFP+-10G-SR
        Xcvr 4       REV 01   740-031980   AA1743302ZL       SFP+-10G-SR
        Xcvr 6       REV 01   740-031980   A4HADWW           SFP+-10G-SR
        Xcvr 7       REV 01   740-031980   AA173730EBY       SFP+-10G-SR
      PIC 3                   BUILTIN      BUILTIN           8X10GE SFPP
        Xcvr 0       REV 01   740-031980   AMC0ZWG           SFP+-10G-SR
        Xcvr 1       REV 01   740-031980   AA190130EDB       SFP+-10G-SR
        Xcvr 2       REV 01   740-031980   AA174330H7T       SFP+-10G-SR
    Fan Tray                                                 Enhanced Left Fan Tray
  5. For shell command execution, use the below Unix command:

    user@re0:~/.ssh # ssh -t labroot@10.219.38.136 'start shell command "ps -aux | grep sh"'
    root     5476   0.0  0.0  737208   6676  -  S    Sat13       2:37.05 /usr/sbin/shm-rtsdbd -N
    root     5496   0.0  0.0   14892   1672  -  S    Sat13       0:00.68 /bin/sh /usr/sbin/rmpsd -N
    root     5497   0.0  0.0   14892   1672  -  S    Sat13       0:00.71 /bin/sh /usr/sbin/charged -N
    root    76851   0.0  0.1  862512  11608  -  Ss   15:18       0:00.03 sshd: labroot@2 (sshd)
    root    19472   0.0  0.0   40964   6800 u0  I    Mon13       0:00.01 -csh (csh)
    root    36543   0.0  0.0   14892   2472  0- I    17:32       0:00.16 sh BounceAE.sh
    labroot 76853   0.0  0.2  785556  33164  2  Ss+  15:18       0:00.19 cli -c start shell command "ps -aux | grep sh"
    labroot 76855   0.0  0.0   40964   6460  2  S+   15:18       0:00.01 /bin/csh -c ps -aux | grep sh
    labroot 76858   0.0  0.0   16620   2272  2  S+   15:18       0:00.00 grep sh
    Connection to 10.219.38.136 closed.
    user@re0:~/.ssh # 
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search