problem connecting ssh to juniper router

[HATmess]

Dear Team, Im using user/passwd to access juniper router but can't connect, below some logs and my config

$_CONFIG['routers'] = array
(
        'router-alg' => array
        (
                'url' => 'ssh://lg:xxx@172.17.x.x:22',
          ....
                'os' => 'junos',
        ),

        'router-anb' => array
        (
                'url' => 'ssh://lg:xxx@172.17.x.x:22',
       ...
                'os' => 'junos',
        ),
);

Oct 10 13:41:04 ALG-RD-MX2020-02-re0 sshd[14259]: (pam_sm_authenticate): DEBUG: PAM_USER: lg Oct 10 13:41:04 ALG-RD-MX2020-02-re0 sshd[14259]: (pam_sm_authenticate): DEBUG: Updating lock-attempts of user: lg attempts: 1 Oct 10 13:41:04 ALG-RD-MX2020-02-re0 sshd[14259]: (pam_sm_acct_mgmt): DEBUG: PAM_USER: lg

Please your advice

[justkeepquiet]

Hi, probably you used PAM-based authentication on the router instead of a password-based method. This is problem on the router side. But we do not have our own Juniper router to checking this error code.

[HATmess]

I've reviewed the configuration on the router, it's password based authentication. However I'm trying to SSH into the router from machine hosting the looking glass, it works fine.

[justkeepquiet]

You use plink command for this tests? LG script uses this command for SSH connections.

[justkeepquiet]

The LG script uses plink command in the following format:

plink -ssh -l <LOGIN> -pw <PASSWORD> 1.2.3.4 <COMMAND>

You can test this command directly on the server. More examples of usage: https://www.thegeekstuff.com/2017/05/putty-plink-examples/

[HATmess]

yes, from the lg machine using plink cmd it works perfectly, is there any parameter to change apart from $_CONFIG['plink'] = '/usr/bin/plink'; please ur advice

[justkeepquiet]

What parameters used for the plink command while testing? Also, maybe php do not have permission to correct execute the command.

[HATmess]

after parsing the variable url results are null from the line number 297 echo $url ; $url = @parse_url($url); var_dump(parse_url($url)); var_dump(parse_url($url, PHP_URL_SCHEME)); after execurting this outputs are shown below ssh://lg:xxxxxxx@172.17.x.245:22array(1) { ["path"]=> string(0) "" } NULL

[justkeepquiet]

Your code is wrong. This is correct code for test parse_url:

$url = 'ssh://lg:xxxxxxx@172.17.x.245:22';
echo $url;
var_dump(parse_url($url));
var_dump(parse_url($url, PHP_URL_SCHEME));

Works fine:

ssh://lg:xxxxxxx@172.17.x.245:22array(5) {
  ["scheme"]=>
  string(3) "ssh"
  ["host"]=>
  string(12) "172.17.x.245"
  ["port"]=>
  int(22)
  ["user"]=>
  string(2) "lg"
  ["pass"]=>
  string(7) "xxxxxxx"
}
string(3) "ssh"

[HATmess]

sorry, i have password with spacial chars that why im having the null issue. as you said i checked the error log

ERROR: Unable to write random seed: /usr/share/httpd/.config: mkdir: Permission denied Unable to open connection: Permission denied ERROR: Unable to write random seed: /usr/share/httpd/.config: mkdir: Permission denied Unable to open connection: Permission denied

[justkeepquiet]

You need use a password compatible with parse_url function and URI specifications (without reserved characters, see RFC 3986: https://tools.ietf.org/html/rfc3986#page-13).

[HATmess]

the password issue is resolved, thank you but i get Permission denied ERROR: Unable to write random seed: /usr/share/httpd/.config: mkdir: Permission denied Unable to open connection: Permission denied ERROR: Unable to write random seed: /usr/share/httpd/.config: mkdir: Permission denied Unable to open connection: Permission denied

[justkeepquiet]

Probably this is problem with server configuration. I do not known about this. Try this commands:

mkdir -p /usr/share/httpd/.config
chmod -R 777 /usr/share/httpd/.config

[HATmess]

same, I got Command failed error , with no attempts logged on the router

[justkeepquiet]

You can run this script for test command execution directly?

<?php

$plink = '/usr/bin/plink';
$exec  = 'show bgp summary';
$url   = 'ssh://lg:xxxxxxx@172.17.x.245:22';

$url = @parse_url($url);
$params = array
(
    '-ssh',
    '-l '.$url['user'],
    '-pw '.$url['pass'],
    '-P '.$url['port'],
    $url['host'],
);

$fp = popen('echo n | '.$plink.' '.implode(' ', $params).' '.escapeshellcmd($exec)."\n", 'r');

while (!feof($fp))
{
    echo fgets($fp, 1024);
}

pclose($fp);

?>

[davinunes]

Dear, I had the same problem. I solved by creating a new method to access with SSHPASS and it worked.

---

Atenciosamente, Davi Nunes Tecnologia da Informação

Em seg, 15 de out de 2018 às 05:17, HATmess notifications@github.com escreveu:

same, I got Command failed error , with no attempts logged on the router

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/hsdn/lg/issues/17#issuecomment-429750149, or mute the thread https://github.com/notifications/unsubscribe-auth/ANdtwzRt8LwFCpLUMFUSmL0DV9W8nJLsks5ulER_gaJpZM4XXdgo .

[HATmess]

could you help me how to use it

[HATmess]

@hsdn I got same error ERROR: Unable to write random seed: /usr/share/httpd/.config/putty: mkdir: Permission denied Unable to open connection: Permission denied

[justkeepquiet]

Hi, @davinunes. Yes, also you can use a php-module ssh2 (http://php.net/manual/ru/book.ssh2.php) for SSH connection using native php without external commands. But this feature is not integrated into the lg script.

And a plink command is not problem for most users, it works fine.

[justkeepquiet]

@HATmess, this is a global problem on your server. Sorry, I not have solution. Try commands again:

mkdir -p /usr/share/httpd/.config/putty
chmod -R 777 /usr/share/httpd/.config/putty

[HATmess]

I've tried this, same results with given script ok thank you @hsdn I'm using PHP 7.2 SSHPASS may help

[davinunes]

Sorry for my English. I've edited the index.php file and it replaces the command that calls plink for an equivalent sshpass:

[image: image.png]

// echo 'echo n | '.$_CONFIG['plink'].' '.implode(' ', $params).' '.$exec, 'r';

Adicionado variavel para trocar o comando entre sshpass e plink

// print_r($params); // plink $comando = 'echo n | '.$_CONFIG['plink'].' '.implode(' ', $params).' '.$exec; // sshpass $comando = 'echo n | '.$_CONFIG['sshpass'].' -p '.$url['pass'].' ssh -l '.$url['user'].' '.$url['host'].' -p '.$url['port'].' -o StrictHostKeyChecking=no '.$exec; // echo $comando; if ($fp = @popen($comando, 'r')) {

---

Atenciosamente, Davi Nunes Tecnologia da Informação

Em seg, 15 de out de 2018 às 12:29, Dmitry Shin notifications@github.com escreveu:

Hi, davinunes. Yes, also you can use a php-module ssh2 ( http://php.net/manual/ru/book.ssh2.php) for SSH connection using native php without external commands. But this feature is not integrated into the lg script.

And a plink command is not problem for most users, it works fine.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/hsdn/lg/issues/17#issuecomment-429900774, or mute the thread https://github.com/notifications/unsubscribe-auth/ANdtw3xlrc_HRbktm1L96-E9nJlm-nngks5ulKm9gaJpZM4XXdgo .

[HATmess]

thank you so mach @davinunes
please could you share with us index file (.tar) (without sensible data ) kind regards,

[justkeepquiet]

@davinunes, your code has been deleted because it is not complete. Please send the file as attachment (drag & drop to message box) or diff (create your fork, modify and commit).

[davinunes]

@hsdn, @HATmess I was responding by e-mail. so the attachment did not come and now that I read through github I realized it is difficult to understand.

Note that I'm trying to fix the graph class to work when the query is done in JUNOS, and I ended up spoiling it. I ask that @hsdn see the modifications regarding using SSHPASS and add as a configurable option to be used. I still have not learned how to pull request here kkk

[justkeepquiet]

@davinunes, we don't tested sshpass with Mikrotik, there may be problems with console control characters (which the plink deletes automatically). Mikrotik uses colored console outout, this is main problem. For this reason, we do not use ssh command directly, because color and control characters will have to be deleted manually by the script methods (it is not simple).

[justkeepquiet]

Only after testing the Mikrotik can we decide to add ssshpass or php-module ssh2 as an alternative to the plink. It takes time.

[davinunes]

@hsdn My LG has a mikrotik and a JUNOS. So far only the graphical map stopped working, but due to I have changed the code:

http://lg.acessodf.net

[justkeepquiet]

@davinunes, I now see lg.acessodf.net, bgp graph woking fine on both routers. Where is problem?

[justkeepquiet]

I added the sshpass feature by https://github.com/hsdn/lg/commit/e4a32094ccc110ee19086f013b07b5ed9708677b. Please update script and test it. New configuration options for use the feature:

/*
 * Type of command to make a SSH connection (`plink' or `sshpass')
 */
$_CONFIG['sshcommand'] = 'sshpass';

/*
 * sshpass command path (for SSH connections)
 */
$_CONFIG['sshpass'] = '/usr/bin/sshpass';

[justkeepquiet]

@davinunes, thanks for the sshpass idea, please test latest changes and let me know about results.

[davinunes]

@hsdn when I test for JUNOS, for example, prefix 45.237.56.0/22 ​​the graph appears with mikrotik but it does not appear with JUNOS, although JUNOS responds in command in text mode.

[davinunes]

I now see lg.acessodf.net, bgp graph woking fine on both routers.

When in JUNOS:

When in Mikrotik:

[justkeepquiet]

This problem with parsing AS path from this http://lg.acessodf.net/?command=bgp&protocol=ipv4&query=45.237.56.0/22&router=BGP-OPTICA-TELECOM

[justkeepquiet]

I will look in the near future, how to fix it.

[justkeepquiet]

Normal parsing: http://lg.acessodf.net/?command=bgp&protocol=ipv4&query=8.8.8.0&router=BGP-OPTICA-TELECOM

Problem parsing: http://lg.acessodf.net/?command=bgp&protocol=ipv4&query=8.8.8.0/24&router=BGP-OPTICA-TELECOM

[davinunes]

@hsdn Thanks for the review, I'll try to figure it out, too.

[justkeepquiet]

@davinunes we fixed this problem in https://github.com/hsdn/lg/commit/873eecb101d83f672c4b1ffc189ca15147ddd7c0. Please update and test.

[davinunes]

now the graphics are working well in JUNOS ^^

[HATmess]

It works for me better with sshpass thank you for the hint @davinunes thank you so much for your cooperation and help @hsdn it's great work, please where can I start to resolve Class Image_GraphViz not found!

[davinunes]

@HATmess Try it:

wget http://download.pear.php.net/package/Image_GraphViz-1.3.0.tgz wget http://pear.php.net/go-pear.phar php go-pear.phar pear install Image_GraphViz-1.3.0

[justkeepquiet]

Also, the class Image_GraphViz requires GraphViz software, you need download and install it.

[HATmess]

thank you so much for your help great work :+1: