From 7c108b6b7a3277aac44455b93a587d1d01a58041 Mon Sep 17 00:00:00 2001 From: Neil Lathwood Date: Mon, 5 Feb 2018 21:55:31 +0000 Subject: Added support for setting ssh auth methods --- lib/oxidized/input/ssh.rb | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'lib/oxidized/input/ssh.rb') diff --git a/lib/oxidized/input/ssh.rb b/lib/oxidized/input/ssh.rb index 27e81e0..8df18f5 100644 --- a/lib/oxidized/input/ssh.rb +++ b/lib/oxidized/input/ssh.rb @@ -29,10 +29,13 @@ module Oxidized :port => port.to_i, :password => @node.auth[:password], :timeout => Oxidized.config.timeout, :paranoid => secure, - :auth_methods => %w(none publickey password keyboard-interactive), :number_of_password_prompts => 0, } + auth_methods = vars(:auth_methods) || %w(none publickey password) + ssh_opts[:auth_methods] = auth_methods + Oxidized.logger.info "AUTH METHODS::#{auth_methods}" + if proxy_host = vars(:ssh_proxy) proxy_command = "ssh " proxy_command += "-o StrictHostKeyChecking=no " unless secure -- cgit v1.2.1 From 72a4fb26446f74903e69b75a69c45d58500d6d19 Mon Sep 17 00:00:00 2001 From: ja-frog <31773963+ja-frog@users.noreply.github.com> Date: Mon, 9 Apr 2018 15:40:16 -0500 Subject: Add handling for devices that only prompt for a password via SSH An approach to handling devices that do not prompt for a username, only a password when connecting via ssh. The Calix B6 inspired this. --- lib/oxidized/input/ssh.rb | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'lib/oxidized/input/ssh.rb') diff --git a/lib/oxidized/input/ssh.rb b/lib/oxidized/input/ssh.rb index 27e81e0..d84b349 100644 --- a/lib/oxidized/input/ssh.rb +++ b/lib/oxidized/input/ssh.rb @@ -123,6 +123,11 @@ module Oxidized cmd @node.auth[:username], password cmd @node.auth[:password] end + elsif @password + match = expect password, @node.prompt + if match == password + cmd @node.auth[:password] + end else expect @node.prompt end -- cgit v1.2.1 From 21e3d6490496573f25ef77fe8172766ac7d1a736 Mon Sep 17 00:00:00 2001 From: Wild Kat Date: Sat, 21 Apr 2018 13:27:05 +0200 Subject: the great makeover - standardize layout, alignment, indentation --- lib/oxidized/input/ssh.rb | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) (limited to 'lib/oxidized/input/ssh.rb') diff --git a/lib/oxidized/input/ssh.rb b/lib/oxidized/input/ssh.rb index 27e81e0..9cb6a4f 100644 --- a/lib/oxidized/input/ssh.rb +++ b/lib/oxidized/input/ssh.rb @@ -24,20 +24,20 @@ module Oxidized secure = Oxidized.config.input.ssh.secure @log = File.open(Oxidized::Config::Log + "/#{@node.ip}-ssh", 'w') if Oxidized.config.input.debug? port = vars(:ssh_port) || 22 - + ssh_opts = { - :port => port.to_i, - :password => @node.auth[:password], :timeout => Oxidized.config.timeout, - :paranoid => secure, - :auth_methods => %w(none publickey password keyboard-interactive), - :number_of_password_prompts => 0, - } + :port => port.to_i, + :password => @node.auth[:password], :timeout => Oxidized.config.timeout, + :paranoid => secure, + :auth_methods => %w(none publickey password keyboard-interactive), + :number_of_password_prompts => 0, + } if proxy_host = vars(:ssh_proxy) proxy_command = "ssh " proxy_command += "-o StrictHostKeyChecking=no " unless secure proxy_command += "#{proxy_host} -W %h:%p" - proxy = Net::SSH::Proxy::Command.new(proxy_command) + proxy = Net::SSH::Proxy::Command.new(proxy_command) ssh_opts[:proxy] = proxy end @@ -52,7 +52,7 @@ module Oxidized begin login rescue Timeout::Error - raise PromptUndetect, [ @output, 'not matching configured prompt', @node.prompt ].join(' ') + raise PromptUndetect, [@output, 'not matching configured prompt', @node.prompt].join(' ') end end connected? @@ -62,7 +62,7 @@ module Oxidized @ssh and not @ssh.closed? end - def cmd cmd, expect=node.prompt + def cmd cmd, expect = node.prompt Oxidized.logger.debug "lib/oxidized/input/ssh.rb #{cmd} @ #{node.name} with expect: #{expect.inspect}" if @exec @ssh.exec! cmd @@ -128,8 +128,8 @@ module Oxidized end end - def exec state=nil - state == nil ? @exec : (@exec=state) unless vars :ssh_no_exec + def exec state = nil + state == nil ? @exec : (@exec = state) unless vars :ssh_no_exec end def cmd_shell(cmd, expect_re) @@ -152,6 +152,5 @@ module Oxidized end end end - end end -- cgit v1.2.1 From e848b3caba1dadbb1b46ada06b074fbf796fca17 Mon Sep 17 00:00:00 2001 From: Jason Ackley Date: Sun, 22 Apr 2018 14:00:42 -0500 Subject: Change the debug log fsync to a flush fsync() can be expensive on OSes and induce timeout failures when running with input debugging of SSH sessions. --- lib/oxidized/input/ssh.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/oxidized/input/ssh.rb') diff --git a/lib/oxidized/input/ssh.rb b/lib/oxidized/input/ssh.rb index 27e81e0..37d6e75 100644 --- a/lib/oxidized/input/ssh.rb +++ b/lib/oxidized/input/ssh.rb @@ -100,7 +100,7 @@ module Oxidized ch.on_data do |_ch, data| if Oxidized.config.input.debug? @log.print data - @log.fsync + @log.flush end @output << data @output = @node.model.expects @output -- cgit v1.2.1 From cf770c557fc5d55786b56a31e389ff6d629315b4 Mon Sep 17 00:00:00 2001 From: Saku Ytti Date: Fri, 27 Apr 2018 11:32:47 +0300 Subject: Add SSH keepalive Closes #1276 --- lib/oxidized/input/ssh.rb | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) (limited to 'lib/oxidized/input/ssh.rb') diff --git a/lib/oxidized/input/ssh.rb b/lib/oxidized/input/ssh.rb index 05c33c0..dc1eb27 100644 --- a/lib/oxidized/input/ssh.rb +++ b/lib/oxidized/input/ssh.rb @@ -26,11 +26,12 @@ module Oxidized port = vars(:ssh_port) || 22 ssh_opts = { - :port => port.to_i, - :password => @node.auth[:password], :timeout => Oxidized.config.timeout, - :paranoid => secure, - :auth_methods => %w(none publickey password keyboard-interactive), - :number_of_password_prompts => 0, + port: port.to_i, + paranoid: secure, + keepalive: true, + auth_methods: %w(none publickey password keyboard-interactive), + password: @node.auth[:password], :timeout => Oxidized.config.timeout, + number_of_password_prompts: 0, } if proxy_host = vars(:ssh_proxy) -- cgit v1.2.1 From 0fa29774f677fbfba532703d1947fcf018ef3705 Mon Sep 17 00:00:00 2001 From: Wild Kat Date: Fri, 27 Apr 2018 22:11:43 +0200 Subject: refactor login in ssh.rb --- lib/oxidized/input/ssh.rb | 20 +++++++------------- 1 file changed, 7 insertions(+), 13 deletions(-) (limited to 'lib/oxidized/input/ssh.rb') diff --git a/lib/oxidized/input/ssh.rb b/lib/oxidized/input/ssh.rb index d84b349..4b4d87c 100644 --- a/lib/oxidized/input/ssh.rb +++ b/lib/oxidized/input/ssh.rb @@ -117,19 +117,13 @@ module Oxidized # some models have SSH auth or terminal auth based on version of code # if SSH is configured for terminal auth, we'll still try to detect prompt def login - if @username - match = expect username, @node.prompt - if match == username - cmd @node.auth[:username], password - cmd @node.auth[:password] - end - elsif @password - match = expect password, @node.prompt - if match == password - cmd @node.auth[:password] - end - else - expect @node.prompt + match_re = [ @node.prompt ] + match_re << @username if @username + match_re << @password if @password + until (match=expect(match_re)) == @node.prompt + cmd(@node.auth[:username], nil) if match == @username + cmd(@node.auth[:password], nil) if match == @password + match_re.delete match end end -- cgit v1.2.1 From a56ae15a4c0adb0870a752c955d1319c82c627da Mon Sep 17 00:00:00 2001 From: ytti Date: Sun, 6 May 2018 11:08:20 +0100 Subject: rubocop fixes much value, wow, very readable --- lib/oxidized/input/ssh.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/oxidized/input/ssh.rb') diff --git a/lib/oxidized/input/ssh.rb b/lib/oxidized/input/ssh.rb index e58d089..3bac619 100644 --- a/lib/oxidized/input/ssh.rb +++ b/lib/oxidized/input/ssh.rb @@ -121,10 +121,10 @@ module Oxidized # some models have SSH auth or terminal auth based on version of code # if SSH is configured for terminal auth, we'll still try to detect prompt def login - match_re = [ @node.prompt ] + match_re = [@node.prompt] match_re << @username if @username match_re << @password if @password - until (match=expect(match_re)) == @node.prompt + until (match = expect(match_re)) == @node.prompt cmd(@node.auth[:username], nil) if match == @username cmd(@node.auth[:password], nil) if match == @password match_re.delete match -- cgit v1.2.1 From 8485fd30089168b4db085cc8e61ec177b4b3b03b Mon Sep 17 00:00:00 2001 From: Wild Kat Date: Wed, 9 May 2018 14:09:18 +0200 Subject: reduce logspam - auth methods are debug, not info --- lib/oxidized/input/ssh.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/oxidized/input/ssh.rb') diff --git a/lib/oxidized/input/ssh.rb b/lib/oxidized/input/ssh.rb index 3bac619..780bdf2 100644 --- a/lib/oxidized/input/ssh.rb +++ b/lib/oxidized/input/ssh.rb @@ -35,7 +35,7 @@ module Oxidized auth_methods = vars(:auth_methods) || %w(none publickey password) ssh_opts[:auth_methods] = auth_methods - Oxidized.logger.info "AUTH METHODS::#{auth_methods}" + Oxidized.logger.debug "AUTH METHODS::#{auth_methods}" if proxy_host = vars(:ssh_proxy) proxy_command = "ssh " -- cgit v1.2.1