Running RunCommand in the SshClient class on an cisco asa results in hanging forever

[ravelund]

Running the bellow code on a Cisco ASA result in an forever hang.

using (var client = new SshClient(host, 22, username, password))
{
client.Connect();
var result = client.RunCommand(command);
returnString = result.Result;
client.Disconnect();
}

[drieseng]

On what line would it actually block?
Can you build SSH.NET from source and do some troubleshooting yourself, or can you provide me access to a Cisco ASA that is not in use?

[ravelund]

Hello. I have already downloaded the source and can do some simple troubleshooting tommorow. I will look into it i maybe have ASA we can test on.
Also thanks for the library it works very well on the Catalysts switches.

[ravelund]

Hello. Again after some stepping the command highlighted is where it hangs for eternity.

[ravelund]

Have fixed an asa you can test on. Should i send the login information to the email on your profile?

[drieseng]

Yes, that's ok. I'm not sure I'll have time today, but I'll look into it asap.
Please include the command that you were trying to execute as well.
Thanks!

[pincho3xxx]

I've exactly the same problem when I try acces to Mitrastar FTTH router.

[drieseng]

The problem with the ASA was that it does not properly support the "exec" channel request message.
Perhaps this is a scenario that the ASA - and similar devices - do not want to support.
Instead of executing the command you specify, it:

• creates a shell
• writes the command to the shell
• continues waiting for input

I've supplied @ravelund with a solution offline, which uses our ShellStream - with its Expect capabilities - instead.

[darinkes]

@drieseng seems to be correct.

Found this via google:
http://www.carbon60.com/it-advice/powershell-ssh-module-nonstandard-devices-like-cisco-asa

Sounds like you have to work with Shell + Expect.

[ravelund]

Also with @drieseng input i have created this function:

    /// <summary>
    /// Execute a command on a host using ssh
    /// </summary>
    /// <param name="host">Ip address or Hostname</param>
    /// <param name="port">Ssh port</param>
    /// <param name="username">Username</param>
    /// <param name="password">Password</param>
    /// <param name="commands">Commands to execute</param>
    /// <param name="sendUsernameAndPasswordAsCommand">If set to true the query will send the username and password before running main command. For cisco catalyst and Firewalls False.</param>
    /// <returns>String with line shifts</returns>
    public string ExecuteCommandSsh(string host,int port, string username, string password, string[] commands, bool sendUsernameAndPasswordAsCommand)
    {
        string returnString = "";
        try
        {
            using (var client = new SshClient(host, port, username, password))
            {
                //Create the command string
                string command = "";
                foreach (var com in commands)
                {
                    command += com + "\n";
                }
                client.Connect();
                SshCommand runcommand = client.CreateCommand(command);
                if (sendUsernameAndPasswordAsCommand)
                {
                    runcommand = client.CreateCommand($"{username}\n{password}\n{command}");


                }
                runcommand.CommandTimeout = CommandTimeOut;

                try
                {
                    runcommand.Execute();
                    returnString = runcommand.Result;
                }
                catch (SshOperationTimeoutException)
                {
                    ErrorMessage += "ExecuteCommandSsh: Command timeout.";
                    returnString = runcommand.Result;
                }


               client.Disconnect();
            }
        }
        catch (Exception e)
        {

            DidThrowError = true;
            ErrorMessage += $"ExecuteCommandSsh Exception: {e.ToString()}";

        }

        return returnString;
    } //ExecuteCommandSsh end

By suppling the commands string array with
enable
"enablepassword"
terminal pager 0
sh ver
sh run

The terminal pager 0 command on the asa skips the more question. And this works.

The only - here is that you have to wait for the command to timeout.
I have set the timeout to 30 seconds at this moment.

[drieseng]

I actually sent you a basic implemention that uses ShellStream and Except.
If you prefer the code above, then that's fine by me.

[NNskelly]

Would you mind posting the workaround solution, @drieseng ? I'm encountering what looks like the same issue, but working from a prebuilt dll that I don't have the luxury of picking apart in the debugger. I'm going to try @ravelund 's solution for now, but if there's a more correct/compact implementation, that would be useful.

[ravelund]

Hello i did it something like this. Not the most sexy code but it worked for my needs. /// <summary> /// Sets the command timeout for Ssh and (Default 40 seconds) /// </summary> public TimeSpan CommandTimeOut { get; set; } = new TimeSpan(0,0,0,40); using (var client = new SshClient(host, port, username, password)) { try { client.Connect(); string command = "sh run"; SshCommand runcommand = client.CreateCommand(command); runcommand.CommandTimeout = CommandTimeOut; runcommand.Execute(); string resultString = returnString = runcommand.Result; } catch (SshOperationTimeoutException) { Console.WriteLine($"ExecuteCommandSsh: Command timeout {CommandTimeOut} seconds"); } } Regards Ravleund

…

On 26 May 2017 at 17:34, NNskelly ***@***.***> wrote: Would you mind posting the workaround solution, @drieseng <https://github.com/drieseng> ? I'm encountering what looks like the same issue, but working from a prebuilt dll that I don't have the luxury of picking apart in the debugger. I'm going to try @ravelund <https://github.com/ravelund> 's solution for now, but if there's a more correct/compact implementation, that would be useful. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#52 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ATuXwVWONTgEKLDO9Ur5FsJzFHX3DiKLks5r9vEcgaJpZM4JWI9s> .

[ravelund]

This was another way of doing it: using System; using System.Text.RegularExpressions; using Renci.SshNet; class SshTest { public static void Main() { using (var client = new SshClient("myhost", 22, "admin", "adminpassword")) { client.Connect(); var shellStream = client.CreateShellStream("xterm", 80, 600, 0, 0, 32 * 1024); // wait for the shell prompt to appear, and when it does execute the 'sh version' command shellStream.Expect(CreateShellPromptExecuteCommandExpectAction(shellStream, "sh version")); while (client.IsConnected) { // while we're connected we either: // * expect a 'more' prompt, and send a single whitespace to have the next page appear // * expect a shell prompt, which signals that the command has finished and as such we disconnect the client shellStream.Expect(CreateMoreExpectAction(shellStream), CreateShellPromptDisconnectClientExpectAction(client)); } } } private static ExpectAction CreateMoreExpectAction(ShellStream shellStream) { return new ExpectAction(new Regex(@".*<---\sMore\s--->$"), (text) => { Console.WriteLine(text); shellStream.Write(" "); }); } private static ExpectAction CreateShellPromptDisconnectClientExpectAction(SshClient client) { return new ExpectAction(new Regex(".*sshdebugasa\\>\\s$"), (text) => { Console.WriteLine(text); client.Disconnect(); }); } private static ExpectAction CreateShellPromptExecuteCommandExpectAction(ShellStream shellStream, string command) { return new ExpectAction(new Regex(".*sshdebugasa\\>\\s$"), (text) => { Console.WriteLine(text); shellStream.WriteLine(command); }); } }

…

On 28 May 2017 at 14:03, Ole Morten Aaslund ***@***.***> wrote: Hello i did it something like this. Not the most sexy code but it worked for my needs. /// <summary> /// Sets the command timeout for Ssh and (Default 40 seconds) /// </summary> public TimeSpan CommandTimeOut { get; set; } = new TimeSpan(0,0,0,40); using (var client = new SshClient(host, port, username, password)) { try { client.Connect(); string command = "sh run"; SshCommand runcommand = client.CreateCommand(command); runcommand.CommandTimeout = CommandTimeOut; runcommand.Execute(); string resultString = returnString = runcommand.Result; } catch (SshOperationTimeoutException) { Console.WriteLine($"ExecuteCommandSsh: Command timeout {CommandTimeOut} seconds"); } } Regards Ravleund On 26 May 2017 at 17:34, NNskelly ***@***.***> wrote: > Would you mind posting the workaround solution, @drieseng > <https://github.com/drieseng> ? I'm encountering what looks like the > same issue, but working from a prebuilt dll that I don't have the luxury of > picking apart in the debugger. I'm going to try @ravelund > <https://github.com/ravelund> 's solution for now, but if there's a more > correct/compact implementation, that would be useful. > > — > You are receiving this because you were mentioned. > Reply to this email directly, view it on GitHub > <#52 (comment)>, or mute > the thread > <https://github.com/notifications/unsubscribe-auth/ATuXwVWONTgEKLDO9Ur5FsJzFHX3DiKLks5r9vEcgaJpZM4JWI9s> > . >

[NNskelly]

Thanks! Trying an explicitly constructed command with a timeout as per the first example still jammed up for me for the duration of the timeout, and returned without apparently having executed anything. It's nice to have the Expect solution on record as an alternative.
I ultimately sorted my use case out by realizing there was a dedicated SshNet.Sftp module already available and I didn't need to be doing commands manually to begin with. I would have gone so far as questioning my use of ftp syntax/protocol, except things as simple as a cd or a pwd were also jamming.

[li379395535]

@ravelund the second solution worked for me, Thank a lot!!