Dear Community, turning to you again in face of an issue where I ran out of leads
My goal is to ssh-exec to a cisco switch a simple command, to output the switch status: “show system”
My use case/interest is to capture the output of that command into a variable to be processed into a script.
Unfortunately, I cannot make this work: the output isn’t returned.
Has anyone been successful at running such ssh-exec unattended command to a cisco device?
Also interested in hearing of there are possible workarounds.
Context:
I can ssh fine from my mikrotik to the cisco device using this command: /system ssh user=readUser address=172.16.4.240
Also worth noting that the ssh is done using the public/private keys I imported - so there is no password being asked and typed: the keys are used and I’m directly under the cisco prompt.
So the ssh works as intended using the keys - a mandatory requirement for ssh-exec
The cisco and the mikrotik are directly cable connected, under the same subnet
The command I run on the mikrotik console:
/system ssh-exec user=readUser address=172.16.4.240 command=“show system”
The ssh-exec command doesn’t output anything, nor does it returns to the mikrotik prompt: just seems to wait
Same when running /system ssh user=readUser address=172.16.4.240 command=“show system”
When enabling the logs to be more verbose on ssh (using /system logging add topics=ssh)
I see in the logs that the login is successful (confirmed on the cisco end) and later logs display “requesting exec: show system” but there is nothing being displayed back in the console.
At some point (after 30-60 seconds), I just interrupt pressing ctrl+C to get back the mikrotik prompt.
Observations and other tests
- ssh-exec command of mikrotik works fine when used on a linux or macOS host (ie: I can use ssh-exec to output the content of a directory)
- even from a bash in macOS, I cannot run an ssh command from from the ssh command line to the cisco (using: ssh readUser@172.16.4.240 “show system”)
- same result when trying to login to either a “standard” or “admin” account of the switch: still no output of the command
- To isolate whether the command was sent correctly (but the issue was only with the output), I tried sending write commands, for example creation of a directory (using: ssh readUser@172.16.4.240 “mkdir test”) - but the folder is not created - I changed the readUser access rights to be able to write folders and tested that the user could successfully create a folder using “mkdir test” in an interactive ssh session.
Conclusion
As the ssh-exec works as intended when trying to connect to linux machines but not cisco, this lead me to believe that the root cause is more on the cisco side.
Also when searching on google, I don’t see other users impacted by the issue: these users made “expect” scripts (using /usr/bin/expect) - I don’t see ssh one-liners with remote command passed as arguments.
I’m keen to know if anyone has managed to get such ssh-exec non-interactive one-liner to work with Cisco.
Also interested in hearing of there are possible workarounds.
Thanks