From 7c108b6b7a3277aac44455b93a587d1d01a58041 Mon Sep 17 00:00:00 2001 From: Neil Lathwood Date: Mon, 5 Feb 2018 21:55:31 +0000 Subject: Added support for setting ssh auth methods --- lib/oxidized/input/ssh.rb | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'lib/oxidized/input') diff --git a/lib/oxidized/input/ssh.rb b/lib/oxidized/input/ssh.rb index 27e81e0..8df18f5 100644 --- a/lib/oxidized/input/ssh.rb +++ b/lib/oxidized/input/ssh.rb @@ -29,10 +29,13 @@ module Oxidized :port => port.to_i, :password => @node.auth[:password], :timeout => Oxidized.config.timeout, :paranoid => secure, - :auth_methods => %w(none publickey password keyboard-interactive), :number_of_password_prompts => 0, } + auth_methods = vars(:auth_methods) || %w(none publickey password) + ssh_opts[:auth_methods] = auth_methods + Oxidized.logger.info "AUTH METHODS::#{auth_methods}" + if proxy_host = vars(:ssh_proxy) proxy_command = "ssh " proxy_command += "-o StrictHostKeyChecking=no " unless secure -- cgit v1.2.1 From 72a4fb26446f74903e69b75a69c45d58500d6d19 Mon Sep 17 00:00:00 2001 From: ja-frog <31773963+ja-frog@users.noreply.github.com> Date: Mon, 9 Apr 2018 15:40:16 -0500 Subject: Add handling for devices that only prompt for a password via SSH An approach to handling devices that do not prompt for a username, only a password when connecting via ssh. The Calix B6 inspired this. --- lib/oxidized/input/ssh.rb | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'lib/oxidized/input') diff --git a/lib/oxidized/input/ssh.rb b/lib/oxidized/input/ssh.rb index 27e81e0..d84b349 100644 --- a/lib/oxidized/input/ssh.rb +++ b/lib/oxidized/input/ssh.rb @@ -123,6 +123,11 @@ module Oxidized cmd @node.auth[:username], password cmd @node.auth[:password] end + elsif @password + match = expect password, @node.prompt + if match == password + cmd @node.auth[:password] + end else expect @node.prompt end -- cgit v1.2.1 From 21e3d6490496573f25ef77fe8172766ac7d1a736 Mon Sep 17 00:00:00 2001 From: Wild Kat Date: Sat, 21 Apr 2018 13:27:05 +0200 Subject: the great makeover - standardize layout, alignment, indentation --- lib/oxidized/input/cli.rb | 11 +++++----- lib/oxidized/input/ftp.rb | 13 ++++++------ lib/oxidized/input/ssh.rb | 25 +++++++++++------------ lib/oxidized/input/telnet.rb | 48 +++++++++++++++++++++----------------------- 4 files changed, 46 insertions(+), 51 deletions(-) (limited to 'lib/oxidized/input') diff --git a/lib/oxidized/input/cli.rb b/lib/oxidized/input/cli.rb index 660e173..d434e33 100644 --- a/lib/oxidized/input/cli.rb +++ b/lib/oxidized/input/cli.rb @@ -32,26 +32,25 @@ module Oxidized @pre_logout.each { |command, block| block ? block.call : (cmd command, nil) } end - def post_login _post_login=nil, &block + def post_login _post_login = nil, &block unless @exec @post_login << [_post_login, block] end end - def pre_logout _pre_logout=nil, &block + def pre_logout _pre_logout = nil, &block unless @exec - @pre_logout << [_pre_logout, block] + @pre_logout << [_pre_logout, block] end end - def username re=/^(Username|login)/ + def username re = /^(Username|login)/ @username or @username = re end - def password re=/^Password/ + def password re = /^Password/ @password or @password = re end - end end end diff --git a/lib/oxidized/input/ftp.rb b/lib/oxidized/input/ftp.rb index cdf3688..ebe50ef 100644 --- a/lib/oxidized/input/ftp.rb +++ b/lib/oxidized/input/ftp.rb @@ -6,22 +6,22 @@ module Oxidized class FTP < Input RescueFail = { :debug => [ - #Net::SSH::Disconnect, + # Net::SSH::Disconnect, ], :warn => [ - #RuntimeError, - #Net::SSH::AuthenticationFailed, + # RuntimeError, + # Net::SSH::AuthenticationFailed, ], } include Input::CLI def connect node - @node = node + @node = node @node.model.cfg['ftp'].each { |cb| instance_exec(&cb) } @log = File.open(Oxidized::Config::Log + "/#{@node.ip}-ftp", 'w') if Oxidized.config.input.debug? @ftp = Net::FTP.new(@node.ip) @ftp.passive = Oxidized.config.input.ftp.passive - @ftp.login @node.auth[:username], @node.auth[:password] + @ftp.login @node.auth[:username], @node.auth[:password] connected? end @@ -47,10 +47,9 @@ module Oxidized def disconnect @ftp.close - #rescue Errno::ECONNRESET, IOError + # rescue Errno::ECONNRESET, IOError ensure @log.close if Oxidized.config.input.debug? end - end end diff --git a/lib/oxidized/input/ssh.rb b/lib/oxidized/input/ssh.rb index 27e81e0..9cb6a4f 100644 --- a/lib/oxidized/input/ssh.rb +++ b/lib/oxidized/input/ssh.rb @@ -24,20 +24,20 @@ module Oxidized secure = Oxidized.config.input.ssh.secure @log = File.open(Oxidized::Config::Log + "/#{@node.ip}-ssh", 'w') if Oxidized.config.input.debug? port = vars(:ssh_port) || 22 - + ssh_opts = { - :port => port.to_i, - :password => @node.auth[:password], :timeout => Oxidized.config.timeout, - :paranoid => secure, - :auth_methods => %w(none publickey password keyboard-interactive), - :number_of_password_prompts => 0, - } + :port => port.to_i, + :password => @node.auth[:password], :timeout => Oxidized.config.timeout, + :paranoid => secure, + :auth_methods => %w(none publickey password keyboard-interactive), + :number_of_password_prompts => 0, + } if proxy_host = vars(:ssh_proxy) proxy_command = "ssh " proxy_command += "-o StrictHostKeyChecking=no " unless secure proxy_command += "#{proxy_host} -W %h:%p" - proxy = Net::SSH::Proxy::Command.new(proxy_command) + proxy = Net::SSH::Proxy::Command.new(proxy_command) ssh_opts[:proxy] = proxy end @@ -52,7 +52,7 @@ module Oxidized begin login rescue Timeout::Error - raise PromptUndetect, [ @output, 'not matching configured prompt', @node.prompt ].join(' ') + raise PromptUndetect, [@output, 'not matching configured prompt', @node.prompt].join(' ') end end connected? @@ -62,7 +62,7 @@ module Oxidized @ssh and not @ssh.closed? end - def cmd cmd, expect=node.prompt + def cmd cmd, expect = node.prompt Oxidized.logger.debug "lib/oxidized/input/ssh.rb #{cmd} @ #{node.name} with expect: #{expect.inspect}" if @exec @ssh.exec! cmd @@ -128,8 +128,8 @@ module Oxidized end end - def exec state=nil - state == nil ? @exec : (@exec=state) unless vars :ssh_no_exec + def exec state = nil + state == nil ? @exec : (@exec = state) unless vars :ssh_no_exec end def cmd_shell(cmd, expect_re) @@ -152,6 +152,5 @@ module Oxidized end end end - end end diff --git a/lib/oxidized/input/telnet.rb b/lib/oxidized/input/telnet.rb index a5561b9..4371e26 100644 --- a/lib/oxidized/input/telnet.rb +++ b/lib/oxidized/input/telnet.rb @@ -18,7 +18,7 @@ module Oxidized 'Model' => @node.model } opt['Output_log'] = Oxidized::Config::Log + "/#{@node.ip}-telnet" if Oxidized.config.input.debug? - @telnet = Net::Telnet.new opt + @telnet = Net::Telnet.new opt if @node.auth[:username] and @node.auth[:username].length > 0 expect username @telnet.puts @node.auth[:username] @@ -28,7 +28,7 @@ module Oxidized begin expect @node.prompt rescue Timeout::Error - raise PromptUndetect, [ 'unable to detect prompt:', @node.prompt ].join(' ') + raise PromptUndetect, ['unable to detect prompt:', @node.prompt].join(' ') end end @@ -36,7 +36,7 @@ module Oxidized @telnet and not @telnet.sock.closed? end - def cmd cmd, expect=@node.prompt + def cmd cmd, expect = @node.prompt Oxidized.logger.debug "Telnet: #{cmd} @#{@node.name}" args = { 'String' => cmd } args.merge!({ 'Match' => expect, 'Timeout' => @timeout }) if expect @@ -64,11 +64,9 @@ module Oxidized rescue Errno::ECONNRESET end end - end end - class Net::Telnet ## FIXME: we just need 'line = model.expects line' to handle pager ## how to do this, without redefining the whole damn thing @@ -86,7 +84,7 @@ class Net::Telnet elsif options.has_key?("Prompt") options["Prompt"] elsif options.has_key?("String") - Regexp.new( Regexp.quote(options["String"]) ) + Regexp.new(Regexp.quote(options["String"])) end time_out = options["Timeout"] if options.has_key?("Timeout") waittime = options["Waittime"] if options.has_key?("Waittime") @@ -102,7 +100,7 @@ class Net::Telnet line = '' buf = '' rest = '' - until(prompt === line and not IO::select([@sock], nil, nil, waittime)) + until prompt === line and not IO::select([@sock], nil, nil, waittime) unless IO::select([@sock], nil, nil, time_out) raise TimeoutError, "timed out while waiting for more data" end @@ -114,30 +112,30 @@ class Net::Telnet c = rest + c if Integer(c.rindex(/#{IAC}#{SE}/no) || 0) < Integer(c.rindex(/#{IAC}#{SB}/no) || 0) - buf = preprocess(c[0 ... c.rindex(/#{IAC}#{SB}/no)]) - rest = c[c.rindex(/#{IAC}#{SB}/no) .. -1] + buf = preprocess(c[0...c.rindex(/#{IAC}#{SB}/no)]) + rest = c[c.rindex(/#{IAC}#{SB}/no)..-1] elsif pt = c.rindex(/#{IAC}[^#{IAC}#{AO}#{AYT}#{DM}#{IP}#{NOP}]?\z/no) || c.rindex(/\r\z/no) - buf = preprocess(c[0 ... pt]) - rest = c[pt .. -1] + buf = preprocess(c[0...pt]) + rest = c[pt..-1] else buf = preprocess(c) rest = '' end - else - # Not Telnetmode. - # - # We cannot use preprocess() on this data, because that - # method makes some Telnetmode-specific assumptions. - buf = rest + c - rest = '' - unless @options["Binmode"] - if pt = buf.rindex(/\r\z/no) - buf = buf[0 ... pt] - rest = buf[pt .. -1] - end - buf.gsub!(/#{EOL}/no, "\n") - end + else + # Not Telnetmode. + # + # We cannot use preprocess() on this data, because that + # method makes some Telnetmode-specific assumptions. + buf = rest + c + rest = '' + unless @options["Binmode"] + if pt = buf.rindex(/\r\z/no) + buf = buf[0...pt] + rest = buf[pt..-1] + end + buf.gsub!(/#{EOL}/no, "\n") + end end @log.print(buf) if @options.has_key?("Output_log") line += buf -- cgit v1.2.1 From e848b3caba1dadbb1b46ada06b074fbf796fca17 Mon Sep 17 00:00:00 2001 From: Jason Ackley Date: Sun, 22 Apr 2018 14:00:42 -0500 Subject: Change the debug log fsync to a flush fsync() can be expensive on OSes and induce timeout failures when running with input debugging of SSH sessions. --- lib/oxidized/input/ssh.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/oxidized/input') diff --git a/lib/oxidized/input/ssh.rb b/lib/oxidized/input/ssh.rb index 27e81e0..37d6e75 100644 --- a/lib/oxidized/input/ssh.rb +++ b/lib/oxidized/input/ssh.rb @@ -100,7 +100,7 @@ module Oxidized ch.on_data do |_ch, data| if Oxidized.config.input.debug? @log.print data - @log.fsync + @log.flush end @output << data @output = @node.model.expects @output -- cgit v1.2.1 From cf770c557fc5d55786b56a31e389ff6d629315b4 Mon Sep 17 00:00:00 2001 From: Saku Ytti Date: Fri, 27 Apr 2018 11:32:47 +0300 Subject: Add SSH keepalive Closes #1276 --- lib/oxidized/input/ssh.rb | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) (limited to 'lib/oxidized/input') diff --git a/lib/oxidized/input/ssh.rb b/lib/oxidized/input/ssh.rb index 05c33c0..dc1eb27 100644 --- a/lib/oxidized/input/ssh.rb +++ b/lib/oxidized/input/ssh.rb @@ -26,11 +26,12 @@ module Oxidized port = vars(:ssh_port) || 22 ssh_opts = { - :port => port.to_i, - :password => @node.auth[:password], :timeout => Oxidized.config.timeout, - :paranoid => secure, - :auth_methods => %w(none publickey password keyboard-interactive), - :number_of_password_prompts => 0, + port: port.to_i, + paranoid: secure, + keepalive: true, + auth_methods: %w(none publickey password keyboard-interactive), + password: @node.auth[:password], :timeout => Oxidized.config.timeout, + number_of_password_prompts: 0, } if proxy_host = vars(:ssh_proxy) -- cgit v1.2.1 From ae9c7c2a65d65bea136669bc9cbc2d645841a017 Mon Sep 17 00:00:00 2001 From: Wild Kat Date: Fri, 27 Apr 2018 17:11:42 +0200 Subject: transition from TimeoutError to Timeout::Error --- lib/oxidized/input/telnet.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/oxidized/input') diff --git a/lib/oxidized/input/telnet.rb b/lib/oxidized/input/telnet.rb index 4371e26..b1b3222 100644 --- a/lib/oxidized/input/telnet.rb +++ b/lib/oxidized/input/telnet.rb @@ -102,7 +102,7 @@ class Net::Telnet rest = '' until prompt === line and not IO::select([@sock], nil, nil, waittime) unless IO::select([@sock], nil, nil, time_out) - raise TimeoutError, "timed out while waiting for more data" + raise Timeout::Error, "timed out while waiting for more data" end begin c = @sock.readpartial(1024 * 1024) -- cgit v1.2.1 From 0fa29774f677fbfba532703d1947fcf018ef3705 Mon Sep 17 00:00:00 2001 From: Wild Kat Date: Fri, 27 Apr 2018 22:11:43 +0200 Subject: refactor login in ssh.rb --- lib/oxidized/input/ssh.rb | 20 +++++++------------- 1 file changed, 7 insertions(+), 13 deletions(-) (limited to 'lib/oxidized/input') diff --git a/lib/oxidized/input/ssh.rb b/lib/oxidized/input/ssh.rb index d84b349..4b4d87c 100644 --- a/lib/oxidized/input/ssh.rb +++ b/lib/oxidized/input/ssh.rb @@ -117,19 +117,13 @@ module Oxidized # some models have SSH auth or terminal auth based on version of code # if SSH is configured for terminal auth, we'll still try to detect prompt def login - if @username - match = expect username, @node.prompt - if match == username - cmd @node.auth[:username], password - cmd @node.auth[:password] - end - elsif @password - match = expect password, @node.prompt - if match == password - cmd @node.auth[:password] - end - else - expect @node.prompt + match_re = [ @node.prompt ] + match_re << @username if @username + match_re << @password if @password + until (match=expect(match_re)) == @node.prompt + cmd(@node.auth[:username], nil) if match == @username + cmd(@node.auth[:password], nil) if match == @password + match_re.delete match end end -- cgit v1.2.1 From 90aa9e68ed16c96f54ecd3e3e197d85850531f6e Mon Sep 17 00:00:00 2001 From: Wild Kat Date: Sun, 29 Apr 2018 19:55:35 +0200 Subject: refactor telnet input logging for consistently with ssh --- lib/oxidized/input/telnet.rb | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) (limited to 'lib/oxidized/input') diff --git a/lib/oxidized/input/telnet.rb b/lib/oxidized/input/telnet.rb index b1b3222..e7c2ee3 100644 --- a/lib/oxidized/input/telnet.rb +++ b/lib/oxidized/input/telnet.rb @@ -10,15 +10,15 @@ module Oxidized @node = node @timeout = Oxidized.config.timeout @node.model.cfg['telnet'].each { |cb| instance_exec(&cb) } + @log = File.open(Oxidized::Config::Log + "/#{@node.ip}-telnet", 'w') if Oxidized.config.input.debug? port = vars(:telnet_port) || 23 - opt = { 'Host' => @node.ip, - 'Port' => port.to_i, - 'Timeout' => @timeout, - 'Model' => @node.model } - opt['Output_log'] = Oxidized::Config::Log + "/#{@node.ip}-telnet" if Oxidized.config.input.debug? + telnet_opts = { 'Host' => @node.ip, + 'Port' => port.to_i, + 'Timeout' => @timeout, + 'Model' => @node.model } - @telnet = Net::Telnet.new opt + @telnet = Net::Telnet.new telnet_opts if @node.auth[:username] and @node.auth[:username].length > 0 expect username @telnet.puts @node.auth[:username] @@ -62,6 +62,9 @@ module Oxidized disconnect_cli @telnet.close rescue Errno::ECONNRESET + ensure + @log.close if Oxidized.config.input.debug? + (@telnet.close rescue true) unless @telnet.closed? end end end @@ -137,7 +140,10 @@ class Net::Telnet buf.gsub!(/#{EOL}/no, "\n") end end - @log.print(buf) if @options.has_key?("Output_log") + if Oxidized.config.input.debug? + @log.print buf + @log.flush + end line += buf line = model.expects line line = yield line if block_given? -- cgit v1.2.1 From a56ae15a4c0adb0870a752c955d1319c82c627da Mon Sep 17 00:00:00 2001 From: ytti Date: Sun, 6 May 2018 11:08:20 +0100 Subject: rubocop fixes much value, wow, very readable --- lib/oxidized/input/ssh.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/oxidized/input') diff --git a/lib/oxidized/input/ssh.rb b/lib/oxidized/input/ssh.rb index e58d089..3bac619 100644 --- a/lib/oxidized/input/ssh.rb +++ b/lib/oxidized/input/ssh.rb @@ -121,10 +121,10 @@ module Oxidized # some models have SSH auth or terminal auth based on version of code # if SSH is configured for terminal auth, we'll still try to detect prompt def login - match_re = [ @node.prompt ] + match_re = [@node.prompt] match_re << @username if @username match_re << @password if @password - until (match=expect(match_re)) == @node.prompt + until (match = expect(match_re)) == @node.prompt cmd(@node.auth[:username], nil) if match == @username cmd(@node.auth[:password], nil) if match == @password match_re.delete match -- cgit v1.2.1 From 8485fd30089168b4db085cc8e61ec177b4b3b03b Mon Sep 17 00:00:00 2001 From: Wild Kat Date: Wed, 9 May 2018 14:09:18 +0200 Subject: reduce logspam - auth methods are debug, not info --- lib/oxidized/input/ssh.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/oxidized/input') diff --git a/lib/oxidized/input/ssh.rb b/lib/oxidized/input/ssh.rb index 3bac619..780bdf2 100644 --- a/lib/oxidized/input/ssh.rb +++ b/lib/oxidized/input/ssh.rb @@ -35,7 +35,7 @@ module Oxidized auth_methods = vars(:auth_methods) || %w(none publickey password) ssh_opts[:auth_methods] = auth_methods - Oxidized.logger.info "AUTH METHODS::#{auth_methods}" + Oxidized.logger.debug "AUTH METHODS::#{auth_methods}" if proxy_host = vars(:ssh_proxy) proxy_command = "ssh " -- cgit v1.2.1 From 33c12a7615110b44cdfe0617b3cdc586df764193 Mon Sep 17 00:00:00 2001 From: Bas van Elburg Date: Thu, 17 May 2018 20:24:00 +0200 Subject: Fix telnet (#1343) * Fixed: fix debug logging (passed @log to telnet) * Fixed: call closed on sock of telnet instead of telnet --- lib/oxidized/input/telnet.rb | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'lib/oxidized/input') diff --git a/lib/oxidized/input/telnet.rb b/lib/oxidized/input/telnet.rb index e7c2ee3..4b9a656 100644 --- a/lib/oxidized/input/telnet.rb +++ b/lib/oxidized/input/telnet.rb @@ -16,7 +16,8 @@ module Oxidized telnet_opts = { 'Host' => @node.ip, 'Port' => port.to_i, 'Timeout' => @timeout, - 'Model' => @node.model } + 'Model' => @node.model, + 'Log' => @log } @telnet = Net::Telnet.new telnet_opts if @node.auth[:username] and @node.auth[:username].length > 0 @@ -64,7 +65,7 @@ module Oxidized rescue Errno::ECONNRESET ensure @log.close if Oxidized.config.input.debug? - (@telnet.close rescue true) unless @telnet.closed? + (@telnet.close rescue true) unless @telnet.sock.closed? end end end @@ -80,6 +81,7 @@ class Net::Telnet waittime = @options["Waittime"] fail_eof = @options["FailEOF"] model = @options["Model"] + @log = @options["Log"] if options.kind_of?(Hash) prompt = if options.has_key?("Match") -- cgit v1.2.1