Running RunCommand in the SshClient class on an cisco asa results in hanging forever

[ravelund]

Running the bellow code on a Cisco ASA result in an forever hang.

using (var client = new SshClient(host, 22, username, password))
{
client.Connect();
var result = client.RunCommand(command);
returnString = result.Result;
client.Disconnect();
}

[drieseng]

On what line would it actually block?
Can you build SSH.NET from source and do some troubleshooting yourself, or can you provide me access to a Cisco ASA that is not in use?

[ravelund]

Hello. I have already downloaded the source and can do some simple troubleshooting tommorow. I will look into it i maybe have ASA we can test on.
Also thanks for the library it works very well on the Catalysts switches.

[ravelund]

Hello. Again after some stepping the command highlighted is where it hangs for eternity.

[ravelund]

Have fixed an asa you can test on. Should i send the login information to the email on your profile?

[drieseng]

Yes, that's ok. I'm not sure I'll have time today, but I'll look into it asap.
Please include the command that you were trying to execute as well.
Thanks!

[pincho3xxx]

I've exactly the same problem when I try acces to Mitrastar FTTH router.

[drieseng]

The problem with the ASA was that it does not properly support the "exec" channel request message.
Perhaps this is a scenario that the ASA - and similar devices - do not want to support.
Instead of executing the command you specify, it:

• creates a shell
• writes the command to the shell
• continues waiting for input

I've supplied @ravelund with a solution offline, which uses our ShellStream - with its Expect capabilities - instead.

[darinkes]

@drieseng seems to be correct.

Found this via google:
http://www.carbon60.com/it-advice/powershell-ssh-module-nonstandard-devices-like-cisco-asa

Sounds like you have to work with Shell + Expect.

[ravelund]

Also with @drieseng input i have created this function:

    /// <summary>
    /// Execute a command on a host using ssh
    /// </summary>
    /// <param name="host">Ip address or Hostname</param>
    /// <param name="port">Ssh port</param>
    /// <param name="username">Username</param>
    /// <param name="password">Password</param>
    /// <param name="commands">Commands to execute</param>
    /// <param name="sendUsernameAndPasswordAsCommand">If set to true the query will send the username and password before running main command. For cisco catalyst and Firewalls False.</param>
    /// <returns>String with line shifts</returns>
    public string ExecuteCommandSsh(string host,int port, string username, string password, string[] commands, bool sendUsernameAndPasswordAsCommand)
    {
        string returnString = "";
        try
        {
            using (var client = new SshClient(host, port, username, password))
            {
                //Create the command string
                string command = "";
                foreach (var com in commands)
                {
                    command += com + "\n";
                }
                client.Connect();
                SshCommand runcommand = client.CreateCommand(command);
                if (sendUsernameAndPasswordAsCommand)
                {
                    runcommand = client.CreateCommand($"{username}\n{password}\n{command}");


                }
                runcommand.CommandTimeout = CommandTimeOut;

                try
                {
                    runcommand.Execute();
                    returnString = runcommand.Result;
                }
                catch (SshOperationTimeoutException)
                {
                    ErrorMessage += "ExecuteCommandSsh: Command timeout.";
                    returnString = runcommand.Result;
                }


               client.Disconnect();
            }
        }
        catch (Exception e)
        {

            DidThrowError = true;
            ErrorMessage += $"ExecuteCommandSsh Exception: {e.ToString()}";

        }

        return returnString;
    } //ExecuteCommandSsh end

By suppling the commands string array with
enable
"enablepassword"
terminal pager 0
sh ver
sh run

The terminal pager 0 command on the asa skips the more question. And this works.

The only - here is that you have to wait for the command to timeout.
I have set the timeout to 30 seconds at this moment.

[drieseng]

I actually sent you a basic implemention that uses ShellStream and Except.
If you prefer the code above, then that's fine by me.

[NNskelly]

Would you mind posting the workaround solution, @drieseng ? I'm encountering what looks like the same issue, but working from a prebuilt dll that I don't have the luxury of picking apart in the debugger. I'm going to try @ravelund 's solution for now, but if there's a more correct/compact implementation, that would be useful.

[ravelund]

Hello i did it something like this. Not the most sexy code but it worked for my needs. /// <summary> /// Sets the command timeout for Ssh and (Default 40 seconds) /// </summary> public TimeSpan CommandTimeOut { get; set; } = new TimeSpan(0,0,0,40); using (var client = new SshClient(host, port, username, password)) { try { client.Connect(); string command = "sh run"; SshCommand runcommand = client.CreateCommand(command); runcommand.CommandTimeout = CommandTimeOut; runcommand.Execute(); string resultString = returnString = runcommand.Result; } catch (SshOperationTimeoutException) { Console.WriteLine($"ExecuteCommandSsh: Command timeout {CommandTimeOut} seconds"); } } Regards Ravleund

…

On 26 May 2017 at 17:34, NNskelly ***@***.***> wrote: Would you mind posting the workaround solution, @drieseng <https://github.com/drieseng> ? I'm encountering what looks like the same issue, but working from a prebuilt dll that I don't have the luxury of picking apart in the debugger. I'm going to try @ravelund <https://github.com/ravelund> 's solution for now, but if there's a more correct/compact implementation, that would be useful. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#52 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ATuXwVWONTgEKLDO9Ur5FsJzFHX3DiKLks5r9vEcgaJpZM4JWI9s> .

[ravelund]

This was another way of doing it: using System; using System.Text.RegularExpressions; using Renci.SshNet; class SshTest { public static void Main() { using (var client = new SshClient("myhost", 22, "admin", "adminpassword")) { client.Connect(); var shellStream = client.CreateShellStream("xterm", 80, 600, 0, 0, 32 * 1024); // wait for the shell prompt to appear, and when it does execute the 'sh version' command shellStream.Expect(CreateShellPromptExecuteCommandExpectAction(shellStream, "sh version")); while (client.IsConnected) { // while we're connected we either: // * expect a 'more' prompt, and send a single whitespace to have the next page appear // * expect a shell prompt, which signals that the command has finished and as such we disconnect the client shellStream.Expect(CreateMoreExpectAction(shellStream), CreateShellPromptDisconnectClientExpectAction(client)); } } } private static ExpectAction CreateMoreExpectAction(ShellStream shellStream) { return new ExpectAction(new Regex(@".*<---\sMore\s--->$"), (text) => { Console.WriteLine(text); shellStream.Write(" "); }); } private static ExpectAction CreateShellPromptDisconnectClientExpectAction(SshClient client) { return new ExpectAction(new Regex(".*sshdebugasa\\>\\s$"), (text) => { Console.WriteLine(text); client.Disconnect(); }); } private static ExpectAction CreateShellPromptExecuteCommandExpectAction(ShellStream shellStream, string command) { return new ExpectAction(new Regex(".*sshdebugasa\\>\\s$"), (text) => { Console.WriteLine(text); shellStream.WriteLine(command); }); } }

…

On 28 May 2017 at 14:03, Ole Morten Aaslund ***@***.***> wrote: Hello i did it something like this. Not the most sexy code but it worked for my needs. /// <summary> /// Sets the command timeout for Ssh and (Default 40 seconds) /// </summary> public TimeSpan CommandTimeOut { get; set; } = new TimeSpan(0,0,0,40); using (var client = new SshClient(host, port, username, password)) { try { client.Connect(); string command = "sh run"; SshCommand runcommand = client.CreateCommand(command); runcommand.CommandTimeout = CommandTimeOut; runcommand.Execute(); string resultString = returnString = runcommand.Result; } catch (SshOperationTimeoutException) { Console.WriteLine($"ExecuteCommandSsh: Command timeout {CommandTimeOut} seconds"); } } Regards Ravleund On 26 May 2017 at 17:34, NNskelly ***@***.***> wrote: > Would you mind posting the workaround solution, @drieseng > <https://github.com/drieseng> ? I'm encountering what looks like the > same issue, but working from a prebuilt dll that I don't have the luxury of > picking apart in the debugger. I'm going to try @ravelund > <https://github.com/ravelund> 's solution for now, but if there's a more > correct/compact implementation, that would be useful. > > — > You are receiving this because you were mentioned. > Reply to this email directly, view it on GitHub > <#52 (comment)>, or mute > the thread > <https://github.com/notifications/unsubscribe-auth/ATuXwVWONTgEKLDO9Ur5FsJzFHX3DiKLks5r9vEcgaJpZM4JWI9s> > . >